Votre question

Empoisonné par le virus "W32.Myzor.FK@yf"

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
21 Août 2008 03:52:42

Salut à tous,

Depuis quelques jours mon ordinateur est infecté par le virus "W32.Myzor.FK@yf" et apparemment la seule solution pour l'éliminer est de s'en remettre à des professionnels dans le domaine, de plus il semblerait que la résolution de ce problème varie selon les cas donc j'ai créé un nouveau topic. J'ai fait le scan avec HiJackThis pour gagner du temps.

¤¤¤

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:06, on 21/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
C:\Program Files\Second Display Control\WisAvCtrl.exe
C:\Program Files\Second Display Control\WisOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Second Display Control\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Applications\iebtmm.exe
C:\Users\Toto Cutugno\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {27F67F44-7A71-4272-917D-0EEE1DA55397} - C:\Windows\system32\wpxdlirm.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {74328FFD-76EE-4C78-BDE0-B1CA24744370} - C:\Users\Toto Cutugno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD2GN3WE\3077htsbdjyf[1].dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE462D75-6E73-4EEE-823B-476839C9A17D} - C:\Windows\system32\efcATKET.dll
O2 - BHO: {e0aefff5-4233-21fb-4194-097d63fcc9fc} - {cf9ccf36-d790-4914-bf12-33245fffea0e} - C:\Windows\system32\tekdhm.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Applications\iebt.dll
O2 - BHO: (no name) - {FFFB03AD-A461-4B99-9A23-D3B127D7C995} - C:\Windows\system32\fccawUKE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [HaloLighting] C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
O4 - HKLM\..\Run: [WisAvCtrl] "C:\Program Files\Second Display Control\WisAvCtrl.exe"
O4 - HKLM\..\Run: [WisOSD] "C:\Program Files\Second Display Control\WisOSD.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [3cf4239d] rundll32.exe "C:\Windows\system32\fwomatuv.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccawUKE.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAB32B1-9521-4D9C-AD8A-4643F017907A}: NameServer = 80.10.246.1 81.253.149.2
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Second Display Control\WisLMSvc.exe

--
End of file - 12628 bytes

¤¤¤

Merci de votre aide.

Autres pages sur : empoisonne virus w32 myzor

21 Août 2008 12:09:08

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

**Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    Anonyme
    21 Août 2008 23:56:03

    Bonsoir,

    Merci de m'apporter de l'aide, ça fait plaisir.



    Voici le rapport ComboFix :



    ComboFix 08-08-21.01 - Toto Cutugno 2008-08-21 23:36:14.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2119 [GMT 2:00]
    Endroit: C:\Users\Toto Cutugno\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Toto Cutugno\AppData\Local\yocogcgem.dat
    C:\Users\Toto Cutugno\AppData\Local\yocogcgem.exe
    C:\Users\Toto Cutugno\AppData\Local\yocogcgem_nav.dat
    C:\Users\Toto Cutugno\AppData\Local\yocogcgem_navps.dat
    C:\Users\Toto Cutugno\AppData\Roaming\inst.exe
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XFP2MBFR\interclick.com
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XFP2MBFR\interclick.com\ud.sol
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Windows\system32\bctjcbjt.ini
    C:\Windows\system32\bkgqmoaq.dll
    C:\Windows\system32\byocqhdi.exe
    C:\Windows\system32\ddcAqOfF.dll
    C:\Windows\system32\ddcBSMee.dll
    C:\Windows\system32\efcATKET.dll
    C:\Windows\System32\feklayst.ini
    C:\Windows\system32\fvcnldds.dll
    C:\Windows\system32\geBtQkJy.dll
    C:\Windows\System32\hjijQpVw.ini
    C:\Windows\System32\hjijQpVw.ini2
    C:\Windows\System32\hytyenkg.ini
    C:\Windows\system32\idvecpjh.ini
    C:\Windows\system32\iiffCSiI.dll
    C:\Windows\system32\iqnhbtui.dll
    C:\Windows\system32\kblyjlfy.exe
    C:\Windows\system32\kqjyavpg.dll
    C:\Windows\system32\kvtlerxy.dll
    C:\Windows\system32\lmwpcmsw.dll
    C:\Windows\system32\mnxntg.dll
    C:\Windows\system32\nmqfvakh.dll
    C:\Windows\system32\pmgffwbe.dll
    C:\Windows\system32\puzgfa.dll
    C:\Windows\System32\sddlncvf.ini
    C:\Windows\system32\sguqkrnk.dll
    C:\Windows\system32\sshytnao.dll
    C:\Windows\system32\tekdhm.dll
    C:\Windows\System32\TEKTAcfe.ini
    C:\Windows\System32\TEKTAcfe.ini2
    C:\Windows\system32\tsyalkef.dll
    C:\Windows\system32\twsroolv.dll
    C:\Windows\system32\uhxtnifd.exe
    C:\Windows\system32\uqqxlx.dll
    C:\Windows\system32\vutamowf.ini
    C:\Windows\system32\wfdlnhkh.dll
    C:\Windows\system32\wpxdlirm.dll
    C:\Windows\system32\wVpQjijh.dll
    C:\Windows\system32\xxyaxVlK.dll
    C:\Windows\system32\xxyxWQIC.dll
    C:\Windows\system32\ybdnmbpy.exe
    C:\Windows\system32\ymxnmtro.exe
    C:\Windows\system32\zbmxut.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\Grisoft
    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\Users\All Users\Grisoft
    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\ProgramData\Grisoft
    2008-08-21 03:32 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-08-21 03:14 . 2008-08-21 12:02 <REP> d-------- C:\Program Files\Registry Easy
    2008-08-21 03:12 . 2008-08-21 03:12 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\PC Tools
    2008-08-21 03:12 . 2008-08-21 03:14 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-08-21 03:12 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-08-21 03:12 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-08-21 03:12 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-08-21 03:12 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-08-19 05:52 . 2008-08-19 05:53 367,692,388 --a------ C:\Windows\MEMORY.DMP
    2008-08-18 23:27 . 2008-08-18 23:27 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\Music Recognition
    2008-08-18 23:26 . 2008-08-18 23:27 <REP> d-------- C:\Program Files\WIDI 3.3 Pro
    2008-08-15 23:46 . 1993-10-21 00:00 156,544 --------- C:\Windows\system\BWCC.DLL
    2008-08-15 23:45 . 2008-08-15 23:45 <REP> d-------- C:\WINSYSEX
    2008-08-15 05:51 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-15 05:51 . 2008-08-15 05:51 127 --a------ C:\Windows\System32\MRT.INI
    2008-08-15 05:05 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-15 05:05 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-15 05:05 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-15 05:05 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-15 05:05 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-13 20:43 . 2008-08-13 20:43 <REP> d-------- C:\Program Files\Audacity
    2008-08-12 21:08 . 2008-08-12 21:08 50 --a------ C:\Windows\cdplayer.ini
    2008-08-10 23:01 . 2008-08-15 06:06 <REP> d-------- C:\Program Files\Applications
    2008-08-01 01:43 . 2008-08-01 03:38 <REP> d-------- C:\Windows\System32\Adobe
    2008-07-24 22:23 . 2008-07-24 22:23 <REP> d-------- C:\Windows\Downloaded Installations
    2008-07-24 22:23 . 2008-07-24 22:23 <REP> d-------- C:\Program Files\AIPL
    2008-07-24 22:23 . 2008-07-24 22:23 10 --a------ C:\Windows\aisin.rg
    2008-07-24 22:21 . 2008-07-24 22:21 126 --a------ C:\Windows\nidojzq.ini
    2008-07-24 22:21 . 2008-07-24 22:21 18 --a------ C:\Windows\lydnofz.ini
    2008-07-24 22:20 . 2002-11-22 21:46 430,080 --a------ C:\Windows\System32\lame_enc.dll
    2008-07-22 14:13 . 2008-07-23 01:01 <REP> d-------- C:\Program Files\Soulseek
    2008-07-21 13:26 . 2008-07-21 18:11 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\Eltima Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-21 09:57 --------- d-----w C:\Program Files\InstantAudio
    2008-08-21 02:57 --------- d-----w C:\Program Files\InstantMusic
    2008-08-21 01:21 --------- d---a-w C:\ProgramData\TEMP
    2008-08-19 03:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\CyberLink
    2008-08-18 22:22 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\uTorrent
    2008-08-18 20:57 --------- d-----w C:\Program Files\Pvm
    2008-08-15 03:59 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 18:38 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Audacity
    2008-08-05 23:25 --------- d-----w C:\ProgramData\Symantec
    2008-07-31 18:44 --------- d-----w C:\ProgramData\VeriFace
    2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-30 00:16 --------- d-----w C:\ProgramData\CyberLink
    2008-07-29 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\GetRightToGo
    2008-07-26 11:05 --------- d-----w C:\Program Files\Yahoo!
    2008-07-26 11:05 --------- d-----w C:\Program Files\Google
    2008-07-21 16:09 --------- d-----w C:\Program Files\SourceTec
    2008-07-21 16:07 --------- d-----w C:\ProgramData\Apple Computer
    2008-07-17 21:05 --------- d-----w C:\Program Files\MIDITracker
    2008-07-17 19:30 --------- d-----w C:\Program Files\eMule
    2008-07-14 14:49 --------- d-----w C:\Program Files\Viena
    2008-07-14 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\SynthFont
    2008-07-14 14:29 --------- d-----w C:\Program Files\QuickTime
    2008-07-14 14:11 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Apple Computer
    2008-07-11 15:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Yahoo!
    2008-07-04 15:27 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-07-04 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-07-03 21:46 --------- d-----w C:\Program Files\Icone
    2008-07-03 15:33 --------- d-----w C:\Program Files\Zuma Deluxe
    2008-07-03 15:29 --------- d-----w C:\Program Files\CrackBuster
    2008-06-30 21:29 --------- d-----w C:\Program Files\GoldWave
    2008-06-23 16:39 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-22 14:36 --------- d-----w C:\Program Files\Audio Editor Gold
    2008-06-22 14:35 --------- d-----w C:\ProgramData\BOONTY
    2008-06-22 14:35 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-06-16 22:03 174 --sha-w C:\Program Files\desktop.ini
    2008-06-14 12:20 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-06-14 12:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-14 12:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-06-14 12:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-14 11:51 3,301,376 ----a-w C:\Windows\VdoEct.dll
    2008-06-14 11:51 24,576 ----a-w C:\Windows\ScrSav.dll
    2008-06-14 11:50 89,088 ----a-w C:\Windows\Atl71.dll
    2008-06-14 11:50 626,688 ----a-w C:\Windows\msvcr80.dll
    2008-06-14 11:50 57,344 ----a-w C:\Windows\AsfHelper.dll
    2008-06-14 11:50 2,222,800 ----a-w C:\Windows\d3dx9_24.dll
    2008-06-14 11:50 1,060,864 ----a-w C:\Windows\MFC71.dll
    2008-06-14 11:32 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-14 11:32 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-11 11:27 47,360 ----a-w C:\Users\Toto Cutugno\AppData\Roaming\pcouffin.sys
    2008-04-26 18:43 94,208 ----a-w C:\Users\Toto Cutugno\AppData\Roaming\ezplay.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2008-06-14 13:57 241752 --a------ C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 15:50 857648]
    "EnergyCut_Utility"="C:\Program Files\Lenovo\EnergyCut\utilty.exe" [2005-12-11 15:42 2506752]
    "EnergyCut"="C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe" [2007-11-15 10:24 1232896]
    "HaloLighting"="C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe" [2007-12-10 12:35 1421312]
    "WisAvCtrl"="C:\Program Files\Second Display Control\WisAvCtrl.exe" [2007-12-03 19:14 389120]
    "WisOSD"="C:\Program Files\Second Display Control\WisOSD.exe" [2007-11-05 09:26 77824]
    "PCMService"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe" [2007-11-13 11:52 417792]
    "VeriFacePassManager"="C:\Program Files\Lenovo\VeriFace\PManage.exe" [2008-06-14 13:57 262245]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 05:31 4710400 C:\Windows\RtHDVCpl.exe]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2007-09-05 13:09:54 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\Lenovo\Power2Go\CLMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{02B11A2D-57AC-4749-A5ED-98F8F63F29F0}"= C:\Program Files\Lenovo\ShuttleCenter\PowerCinema.exe:CyberLink PowerCinema
    "{6C7E1600-45E3-434E-8D56-6A75993279B2}"= C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:CyberLink PowerCinema Resident Program
    "{2194B6AF-4FB2-4EDF-B278-3250289759BA}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{D0D602F3-7A44-4112-8971-909E5EA6C8C2}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{C0175CF2-698D-4DEF-A01C-A0FAD9F3D917}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{106EE2D4-71FA-47E1-BA6B-AF0821E3FDE1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{F3C77327-2F9C-485E-92AA-EEE4667E29C4}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{42BB3FF1-46C5-4B30-BA55-D5FFF4CD50FA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{F6D64A56-3EDC-44F8-92E0-C09ACC8BA5BC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{678D4234-FB8C-4E51-B568-DDD16D532A2E}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{7D721868-4A21-41E5-BDB7-7112B02487D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F450D963-4ECC-48B2-8532-10E013A539D9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{8B680E0D-A637-4B16-87FE-E92C6B043BA1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{4737A9CD-7CE5-42E5-A9B0-70834DFC1CB0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{01112336-B59B-4C4F-878C-53D3CC260BBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B94C4E51-E100-41BE-9EDD-009A4D238946}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9F9AE617-F6C4-40CE-BDA9-ECA87BBADC8C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1DD13296-97C1-40BB-9A2B-231FA9321D7C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{23C9EE0C-BD81-4814-B051-93FDD74FB774}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{28B15463-7B5F-4494-B29D-206548C02A67}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{02FC944A-6F39-4146-80D9-94C76909AD23}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{8688A419-A2B0-4630-8B8C-CA7DFCD206C8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080813.001\IDSvix86.sys [2008-06-03 17:25]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 17:13]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 16:03]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-05 05:54]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 02:20]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 02:20]
    R3 CapFilt;CapFilt;C:\Windows\system32\drivers\CapFilt.sys [2008-06-14 13:50]
    R3 ICOLOR;Lenovo icolor Controller Driver;C:\Windows\system32\DRIVERS\setool.sys [2007-10-31 00:08]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 16:32]
    R3 WisLMSvc;WisLMSvc;C:\Program Files\Second Display Control\WisLMSvc.exe [2007-09-11 15:37]
    S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-06-22 16:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-21 C:\Windows\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-07-17 15:49]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{74328FFD-76EE-4C78-BDE0-B1CA24744370} - C:\Users\Toto Cutugno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD2GN3WE\3077htsbdjyf[1].dll
    HKCU-Run-Power2GoExpress - (no file)
    HKLM-Run-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    HKLM-Run-MSServer - C:\Windows\system32\ddcBSMee.dll
    HKLM-Run-3cf4239d - C:\Windows\system32\tsyalkef.dll
    HKLM-Run-BM3fc71001 - C:\Windows\system32\nmqfvakh.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\Toto Cutugno\AppData\Roaming\Mozilla\Firefox\Profiles\2l4w1j4b.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .
    .
    ------- File Associations (Beta) -------
    .
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 23:43:13
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\VSSVC.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-21 23:50:28 - machine was rebooted [Toto Cutugno]
    ComboFix-quarantined-files.txt 2008-08-21 21:50:05

    Pre-Run: 3,290,689,536 octets libres
    Post-Run: 3,097,423,872 octets libres

    307 --- E O F --- 2008-08-15 03:52:41



    ¤¤¤



    Et le nouveau rapport HiJackThis :



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:53:35, on 21/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\EnergyCut\utilty.exe
    C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    C:\Program Files\Second Display Control\WisAvCtrl.exe
    C:\Program Files\Second Display Control\WisOSD.exe
    C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Toto Cutugno\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
    O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    O4 - HKLM\..\Run: [HaloLighting] C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
    O4 - HKLM\..\Run: [WisAvCtrl] "C:\Program Files\Second Display Control\WisAvCtrl.exe"
    O4 - HKLM\..\Run: [WisOSD] "C:\Program Files\Second Display Control\WisOSD.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
    O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAB32B1-9521-4D9C-AD8A-4643F017907A}: NameServer = 81.253.149.1 80.10.246.3
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Second Display Control\WisLMSvc.exe

    --
    End of file - 8640 bytes



    ¤¤¤



    Encore merci.
    Contenus similaires
    22 Août 2008 12:21:50

    Re,

    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
    Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

    ***

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    DirLook::
    C:\WINSYSEX
    C:\Program Files\AIPL
    C:\Program Files\CrackBuster

    FileLook::
    C:\Windows\aisin.rg
    C:\Windows\nidojzq.ini
    C:\Windows\lydnofz.ini
    C:\Windows\System32\lame_enc.dll


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    Anonyme
    22 Août 2008 23:54:43

    Salut,

    Les scans sont faits et un imprévu est subvenu : Après avoir faire glisser le fichier "CFScript" sur "ComboFix.exe" il m'a inscrit la phrase suivante : "Le texte du message associé au numéro 0x8 est introuvable dans le fichier de messages pour System.". Ensuite le programme s'est comporté exactement de la même manière que la première fois et j'ai pas eu affaire au "Type 1 to continue, or 2 to abort" comme prévu. J'ai également eu des notifications au redémarrage de Windows spécifiant que quelques fichiers d'extension ".dll" étaient devenus introuvables dans le dossier "System32" de Windows. Une bonne nouvelle toutefois, le message à l'ouverture d'Internet Explorer annoncant que j'avais ce virus s'affiche plus, il se comporte de nouveau normalement et les bugs apparemment causés par le virus semblent s'être dissous. Je tenais à t'en informer pour éviter toute entrave à l'opération.



    Rapport ComboFix :

    ComboFix 08-08-21.01 - Toto Cutugno 2008-08-22 13:06:35.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1699 [GMT 2:00]
    Endroit: C:\Users\Toto Cutugno\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Toto Cutugno\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-22 11:06 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\uTorrent
    2008-08-21 22:40 --------- d-----w C:\Program Files\InstantAudio
    2008-08-21 22:25 --------- d-----w C:\Program Files\InstantMusic
    2008-08-21 10:02 --------- d-----w C:\Program Files\Registry Easy
    2008-08-21 01:32 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Grisoft
    2008-08-21 01:32 --------- d-----w C:\ProgramData\Grisoft
    2008-08-21 01:21 --------- d---a-w C:\ProgramData\TEMP
    2008-08-21 01:14 --------- d-----w C:\Program Files\Spyware Doctor
    2008-08-21 01:12 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\PC Tools
    2008-08-19 03:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\CyberLink
    2008-08-18 21:27 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Music Recognition
    2008-08-18 21:27 --------- d-----w C:\Program Files\WIDI 3.3 Pro
    2008-08-18 20:57 --------- d-----w C:\Program Files\Pvm
    2008-08-15 04:06 --------- d-----w C:\Program Files\Applications
    2008-08-15 03:59 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 18:43 --------- d-----w C:\Program Files\Audacity
    2008-08-13 18:38 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Audacity
    2008-08-05 23:25 --------- d-----w C:\ProgramData\Symantec
    2008-07-31 18:44 --------- d-----w C:\ProgramData\VeriFace
    2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-30 00:16 --------- d-----w C:\ProgramData\CyberLink
    2008-07-29 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\GetRightToGo
    2008-07-26 11:05 --------- d-----w C:\Program Files\Yahoo!
    2008-07-26 11:05 --------- d-----w C:\Program Files\Google
    2008-07-24 20:23 --------- d-----w C:\Program Files\AIPL
    2008-07-22 23:01 --------- d-----w C:\Program Files\Soulseek
    2008-07-21 16:11 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Eltima Software
    2008-07-21 16:09 --------- d-----w C:\Program Files\SourceTec
    2008-07-21 16:07 --------- d-----w C:\ProgramData\Apple Computer
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-17 21:05 --------- d-----w C:\Program Files\MIDITracker
    2008-07-17 19:30 --------- d-----w C:\Program Files\eMule
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-14 14:49 --------- d-----w C:\Program Files\Viena
    2008-07-14 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\SynthFont
    2008-07-14 14:29 --------- d-----w C:\Program Files\QuickTime
    2008-07-14 14:11 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Apple Computer
    2008-07-11 15:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Yahoo!
    2008-07-04 15:27 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-07-04 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-07-03 21:46 --------- d-----w C:\Program Files\Icone
    2008-07-03 15:33 --------- d-----w C:\Program Files\Zuma Deluxe
    2008-07-03 15:29 --------- d-----w C:\Program Files\CrackBuster
    2008-06-30 21:29 --------- d-----w C:\Program Files\GoldWave
    2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-23 16:39 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-22 14:36 --------- d-----w C:\Program Files\Audio Editor Gold
    2008-06-22 14:35 --------- d-----w C:\ProgramData\BOONTY
    2008-06-22 14:35 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
    2008-06-16 22:03 174 --sha-w C:\Program Files\desktop.ini
    2008-06-16 20:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-16 20:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-15 00:43 181,760 ----a-w C:\Windows\System32\fsquirt.exe
    2008-06-15 00:42 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-06-15 00:42 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-06-15 00:42 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-06-15 00:42 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-06-15 00:42 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-06-15 00:42 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-06-15 00:42 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-06-15 00:42 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-06-15 00:42 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-06-15 00:42 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-06-14 12:27 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-06-14 12:25 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-06-14 12:21 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-06-14 12:20 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-06-14 12:20 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-14 12:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-14 12:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-06-14 12:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-14 12:20 1,695,744 ----a-w C:\Windows\System32\gameux.dll
    2008-06-14 12:18 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-06-14 12:17 428,544 ----a-w C:\Windows\System32\EncDec.dll
    2008-06-14 12:17 293,376 ----a-w C:\Windows\System32\psisdecd.dll
    2008-06-14 11:57 94,208 ----a-w C:\Windows\System32\Momo.dll
    2008-06-14 11:57 94,208 ----a-w C:\Windows\System32\ApBlend.dll
    2008-06-14 11:57 626,688 ----a-w C:\Windows\System32\msvcr80.dll
    2008-06-14 11:57 622,592 ----a-w C:\Windows\System32\PicNotify.dll
    2008-06-14 11:57 548,864 ----a-w C:\Windows\System32\msvcp80.dll
    2008-06-14 11:57 5,632 ----a-w C:\Windows\System32\biologon.dll
    2008-06-14 11:57 491,520 ----a-w C:\Windows\System32\picn.dll
    2008-06-14 11:57 49,152 ----a-w C:\Windows\System32\DevFilt.dll
    2008-06-14 11:57 208,896 ----a-w C:\Windows\System32\Image.dll
    2008-06-14 11:57 126,976 ----a-w C:\Windows\System32\VideoOp.dll
    2008-06-14 11:57 1,560,576 ----a-w C:\Windows\System32\MainOp.dll
    2008-06-14 11:57 1,327,104 ----a-w C:\Windows\System32\ImageReog.dll
    2008-06-14 11:51 3,301,376 ----a-w C:\Windows\VdoEct.dll
    2008-06-14 11:51 24,576 ----a-w C:\Windows\ScrSav.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\aisin.rg -- Not a PE file.
    MD5: fedff060d00435098a7873904932cd88

    C:\Windows\lydnofz.ini -- Not a PE file.
    MD5: 3646a5e13a611949a283dbdeb2406cbc

    C:\Windows\nidojzq.ini -- Not a PE file.
    MD5: 8643400fe0b46faa19ef6eed3ef7c13f

    C:\Windows\System32\lame_enc.dll -- Unable to find Resource table header.
    MD5: 86927a8b62ed507a3d5c8f3b3a880d45

    ---- Directory of C:\Program Files\AIPL ----

    2008-08-22 13:03 922 --a------ C:\Program Files\AIPL\Singulator v1.5\Single1.pre
    2006-04-28 15:25 188416 --a------ C:\Program Files\AIPL\Singulator v1.5\Singulator.exe
    2006-04-28 13:02 173766 --a------ C:\Program Files\AIPL\Singulator v1.5\Singulator.chm
    2005-12-09 13:12 2606 --a------ C:\Program Files\AIPL\Singulator v1.5\FindPreset.vbs
    2005-10-17 12:24 49276 --a------ C:\Program Files\AIPL\Singulator v1.5\DemoAIPLDotCom.wav
    2003-03-18 21:20 1060864 --a------ C:\Program Files\AIPL\Singulator v1.5\mfc71.dll
    2003-03-18 21:12 1047552 --a------ C:\Program Files\AIPL\Singulator v1.5\mfc71u.dll
    2003-02-21 04:42 348160 --a------ C:\Program Files\AIPL\Singulator v1.5\msvcr71.dll

    ---- Directory of C:\Program Files\CrackBuster ----

    2008-05-07 01:57 2861 --a------ C:\Program Files\CrackBuster\unins000.dat
    2005-01-31 22:06 150 --a------ C:\Program Files\CrackBuster\config.ini
    2005-01-31 22:02 356352 --a------ C:\Program Files\CrackBuster\CrackBuster.exe
    2005-01-31 21:54 7396 --a------ C:\Program Files\CrackBuster\Deutsch.lan
    2005-01-31 21:53 6757 --a------ C:\Program Files\CrackBuster\English.lan
    2004-06-27 03:00 77257 --a------ C:\Program Files\CrackBuster\unins000.exe

    ---- Directory of C:\WINSYSEX ----

    1994-01-16 16:38 805 --a------ C:\WINSYSEX\setup.inf
    1994-01-16 00:00 920 --a------ C:\WINSYSEX\order.doc
    1994-01-16 00:00 80099 --a------ C:\WINSYSEX\winsysex.hlp
    1994-01-16 00:00 6554 --a------ C:\WINSYSEX\genmid.ini
    1994-01-16 00:00 6285 --a------ C:\WINSYSEX\dx100.wsd
    1994-01-16 00:00 5575 --a------ C:\WINSYSEX\dx100.wsx
    1994-01-16 00:00 5522 --a------ C:\WINSYSEX\vendor.doc
    1994-01-16 00:00 45566 --a------ C:\WINSYSEX\proteus.wsd
    1994-01-16 00:00 3974 --a------ C:\WINSYSEX\dw8000.wsd
    1994-01-16 00:00 396 --a------ C:\WINSYSEX\file_id.diz
    1994-01-16 00:00 36852 --a------ C:\WINSYSEX\jv-80.wsd
    1994-01-16 00:00 3414 --a------ C:\WINSYSEX\sample.wsx
    1994-01-16 00:00 28912 --a------ C:\WINSYSEX\sccdrums.wsd
    1994-01-16 00:00 2422 --a------ C:\WINSYSEX\readme.txt
    1994-01-16 00:00 164352 --a------ C:\WINSYSEX\winsysex.exe
    1994-01-16 00:00 15867 --a------ C:\WINSYSEX\tx81z.wsd
    1994-01-16 00:00 1150 --a------ C:\WINSYSEX\dx100.ini
    1994-01-16 00:00 100463 --a------ C:\WINSYSEX\scc1.wsd


    ((((((((((((((((((((((((((((( snapshot@2008-08-21_23.48.08.97 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-22 11:06:15 6,258,688 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
    + 2008-08-21 21:42:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-08-21 21:42:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2007-07-30 17:19:54 71,352 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2008-07-18 20:08:20 72,256 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    - 2008-08-21 21:33:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-08-22 09:59:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-08-21 21:33:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-22 09:59:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-08-21 21:33:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-08-22 09:59:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-08-21 21:39:57 101,250 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-08-21 21:49:39 101,250 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-08-21 21:39:57 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-08-21 21:49:39 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-08-21 21:39:57 587,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-08-21 21:49:39 587,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-08-21 21:39:57 669,566 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-08-21 21:49:39 669,566 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-08-17 23:05:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-08-21 21:50:03 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2008-08-21 12:33:42 4,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346649333-2520651484-2951552198-1000_UserData.bin
    + 2008-08-21 21:44:37 4,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346649333-2520651484-2951552198-1000_UserData.bin
    - 2008-08-21 21:35:22 65,424 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-08-21 21:44:36 65,480 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-21 11:30:28 278,256 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-08-22 09:54:01 280,034 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2008-08-15 03:52:22 113,029,121 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-08-21 21:49:20 113,332,122 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-07-19 05:09:42 563,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wuapi.dll
    + 2008-07-19 03:44:12 83,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wudriver.dll
    + 2008-07-19 05:10:18 36,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wups.dll
    + 2008-07-18 18:44:32 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuapp.exe
    + 2008-07-18 20:08:18 163,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuwebv.dll
    + 2008-07-19 05:10:40 53,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuauclt.exe
    + 2008-07-19 05:09:40 1,811,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuaueng.dll
    + 2008-07-19 05:10:39 45,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wups2.dll
    + 2008-07-19 03:44:52 1,524,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.784_none_a81255bc06873289\wucltux.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2008-06-14 13:57 241752 --a------ C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 15:50 857648]
    "EnergyCut_Utility"="C:\Program Files\Lenovo\EnergyCut\utilty.exe" [2005-12-11 15:42 2506752]
    "EnergyCut"="C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe" [2007-11-15 10:24 1232896]
    "HaloLighting"="C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe" [2007-12-10 12:35 1421312]
    "WisAvCtrl"="C:\Program Files\Second Display Control\WisAvCtrl.exe" [2007-12-03 19:14 389120]
    "WisOSD"="C:\Program Files\Second Display Control\WisOSD.exe" [2007-11-05 09:26 77824]
    "PCMService"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe" [2007-11-13 11:52 417792]
    "VeriFacePassManager"="C:\Program Files\Lenovo\VeriFace\PManage.exe" [2008-06-14 13:57 262245]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 05:31 4710400 C:\Windows\RtHDVCpl.exe]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2007-09-05 13:09:54 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\Lenovo\Power2Go\CLMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{02B11A2D-57AC-4749-A5ED-98F8F63F29F0}"= C:\Program Files\Lenovo\ShuttleCenter\PowerCinema.exe:CyberLink PowerCinema
    "{6C7E1600-45E3-434E-8D56-6A75993279B2}"= C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:CyberLink PowerCinema Resident Program
    "{2194B6AF-4FB2-4EDF-B278-3250289759BA}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{D0D602F3-7A44-4112-8971-909E5EA6C8C2}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{C0175CF2-698D-4DEF-A01C-A0FAD9F3D917}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{106EE2D4-71FA-47E1-BA6B-AF0821E3FDE1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{F3C77327-2F9C-485E-92AA-EEE4667E29C4}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{42BB3FF1-46C5-4B30-BA55-D5FFF4CD50FA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{F6D64A56-3EDC-44F8-92E0-C09ACC8BA5BC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{678D4234-FB8C-4E51-B568-DDD16D532A2E}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{7D721868-4A21-41E5-BDB7-7112B02487D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F450D963-4ECC-48B2-8532-10E013A539D9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{8B680E0D-A637-4B16-87FE-E92C6B043BA1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{4737A9CD-7CE5-42E5-A9B0-70834DFC1CB0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{01112336-B59B-4C4F-878C-53D3CC260BBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B94C4E51-E100-41BE-9EDD-009A4D238946}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9F9AE617-F6C4-40CE-BDA9-ECA87BBADC8C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1DD13296-97C1-40BB-9A2B-231FA9321D7C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{23C9EE0C-BD81-4814-B051-93FDD74FB774}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{28B15463-7B5F-4494-B29D-206548C02A67}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{02FC944A-6F39-4146-80D9-94C76909AD23}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{8688A419-A2B0-4630-8B8C-CA7DFCD206C8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080813.001\IDSvix86.sys [2008-06-03 17:25]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 17:13]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 16:03]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-05 05:54]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 02:20]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 02:20]
    R3 CapFilt;CapFilt;C:\Windows\system32\drivers\CapFilt.sys [2008-06-14 13:50]
    R3 ICOLOR;Lenovo icolor Controller Driver;C:\Windows\system32\DRIVERS\setool.sys [2007-10-31 00:08]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 16:32]
    R3 WisLMSvc;WisLMSvc;C:\Program Files\Second Display Control\WisLMSvc.exe [2007-09-11 15:37]
    S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-06-22 16:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-18 C:\Windows\Tasks\Norton AntiVirus - Analyse système complète - Toto Cutugno.job
    - C:\Program Files\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]

    2008-08-21 C:\Windows\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-07-17 15:49]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-22 13:09:54
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    C:\Users\TOTOCU~1\AppData\Local\Temp\~DF3569.tmp 98304 bytes
    C:\Users\TOTOCU~1\AppData\Local\Temp\~DF507A.tmp 512 bytes
    C:\Users\Toto Cutugno\AppData\Local\Temp\~DF3569.tmp
    C:\Users\Toto Cutugno\AppData\Local\Temp\~DF507A.tmp

    Scan terminé avec succès
    Les fichiers cachés: 4

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll
    .
    Temps d'accomplissement: 2008-08-22 13:11:40
    ComboFix-quarantined-files.txt 2008-08-22 11:11:28
    ComboFix2.txt 2008-08-21 21:50:33

    Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 3,929,706,496 octets libres

    322 --- E O F --- 2008-08-21 21:52:41



    Rapport HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:18:16, on 22/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\EnergyCut\utilty.exe
    C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    C:\Program Files\Second Display Control\WisAvCtrl.exe
    C:\Program Files\Second Display Control\WisOSD.exe
    C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\CF24460.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\Explorer.exe
    C:\Users\Toto Cutugno\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
    O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    O4 - HKLM\..\Run: [HaloLighting] C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
    O4 - HKLM\..\Run: [WisAvCtrl] "C:\Program Files\Second Display Control\WisAvCtrl.exe"
    O4 - HKLM\..\Run: [WisOSD] "C:\Program Files\Second Display Control\WisOSD.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
    O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAB32B1-9521-4D9C-AD8A-4643F017907A}: NameServer = 80.10.246.130 81.253.149.10
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Second Display Control\WisLMSvc.exe

    --
    End of file - 8794 bytes



    Je te remercie encore de ton aide.
    25 Août 2008 20:05:43

    Re,

    Je suis celui qui a lancé ce topic. Par je ne sais quelle raison mon compte a été désactivé à mon insu et mes anciens messages ont pour pseudonyme "Anonyme", je comprends pas. Bref pour prévenir que j'ai pas annulé mon inscription. Cimer les frères.

    P€@C€
    25 Août 2008 22:28:11

    :hello:  Bonjour,

    Et moi j'ai changé de pseudo :p 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    Driver::
    Boonty Games

    Rootkit::
    C:\Users\TOTOCU~1\AppData\Local\Temp\~DF3569.tmp
    C:\Users\TOTOCU~1\AppData\Local\Temp\~DF507A.tmp
    C:\Users\Toto Cutugno\AppData\Local\Temp\~DF3569.tmp
    C:\Users\Toto Cutugno\AppData\Local\Temp\~DF507A.tmp

    File::
    C:\Windows\aisin.rg
    C:\Windows\nidojzq.ini
    C:\Windows\lydnofz.ini

    Folder::
    C:\Program Files\Common Files\BOONTY Shared

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000000
    "InternetSettingsDisableNotify"=dword:00000000
    "AutoUpdateDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    26 Août 2008 16:39:03

    Salut,

    Scans exécutés mais toujours une absence du message de dialogue "Type 1 to continue, or 2 to abort", en espérant que ça porte pas atteinte à la procédure.



    ¤¤¤



    RAPPORT COMBOFIX :

    ComboFix 08-08-25.01 - Toto Cutugno 2008-08-26 15:54:54.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1917 [GMT 2:00]
    Endroit: C:\Users\Toto Cutugno\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Toto Cutugno\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\aisin.rg
    C:\Windows\lydnofz.ini
    C:\Windows\nidojzq.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Common Files\BOONTY Shared
    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XFP2MBFR\bin.clearspring.com
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XFP2MBFR\bin.clearspring.com\clearspring.sol
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Users\Toto Cutugno\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Windows\aisin.rg
    C:\Windows\lydnofz.ini
    C:\Windows\nidojzq.ini
    C:\Windows\system32\wxmmin.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-25 01:21 . 2008-08-25 01:21 <REP> d-------- C:\Program Files\AudioEdit Deluxe
    2008-08-25 01:20 . 2008-08-25 01:22 <REP> d--h----- C:\Users\All Users\{F481FC18-57D5-4479-B2FB-083BFF223F8F}
    2008-08-25 01:20 . 2008-08-25 01:22 <REP> d--h----- C:\ProgramData\{F481FC18-57D5-4479-B2FB-083BFF223F8F}
    2008-08-25 01:16 . 2008-08-25 01:19 <REP> d-------- C:\Program Files\Music Mixer 4
    2008-08-25 01:12 . 2008-08-25 01:13 <REP> d-------- C:\Program Files\Leapic Audio Editor
    2008-08-25 01:12 . 2007-09-14 11:53 1,746,864 --a------ C:\Windows\System32\Codejock.CommandBars.Unicode.v11.2.0.ocx
    2008-08-25 01:12 . 2007-09-14 11:53 518,064 --a------ C:\Windows\System32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
    2008-08-24 19:07 . 2008-08-24 19:07 <REP> d-------- C:\Program Files\Mightsoft
    2008-08-24 12:21 . 2008-08-24 12:21 67 --a------ C:\Windows\SpotAuditor.INI
    2008-08-24 12:20 . 2008-08-24 12:20 <REP> d-------- C:\Program Files\Nsasoft
    2008-08-21 23:49 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-21 23:49 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-21 23:49 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-21 23:49 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-21 23:48 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-21 23:48 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\Grisoft
    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\Users\All Users\Grisoft
    2008-08-21 03:32 . 2008-08-21 03:32 <REP> d-------- C:\ProgramData\Grisoft
    2008-08-21 03:32 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-08-21 03:14 . 2008-08-21 12:02 <REP> d-------- C:\Program Files\Registry Easy
    2008-08-21 03:12 . 2008-08-21 03:12 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\PC Tools
    2008-08-21 03:12 . 2008-08-21 03:14 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-08-21 03:12 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
    2008-08-21 03:12 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
    2008-08-21 03:12 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
    2008-08-21 03:12 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
    2008-08-19 05:52 . 2008-08-19 05:53 367,692,388 --a------ C:\Windows\MEMORY.DMP
    2008-08-18 23:27 . 2008-08-18 23:27 <REP> d-------- C:\Users\Toto Cutugno\AppData\Roaming\Music Recognition
    2008-08-18 23:26 . 2008-08-18 23:27 <REP> d-------- C:\Program Files\WIDI 3.3 Pro
    2008-08-15 23:46 . 1993-10-21 00:00 156,544 --------- C:\Windows\system\BWCC.DLL
    2008-08-15 23:45 . 2008-08-15 23:45 <REP> d-------- C:\WINSYSEX
    2008-08-15 05:51 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-15 05:51 . 2008-08-15 05:51 127 --a------ C:\Windows\System32\MRT.INI
    2008-08-15 05:05 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-15 05:05 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-15 05:05 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-15 05:05 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-15 05:05 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-13 20:43 . 2008-08-13 20:43 <REP> d-------- C:\Program Files\Audacity
    2008-08-12 21:08 . 2008-08-22 09:28 1,243 --a------ C:\Windows\cdplayer.ini
    2008-08-10 23:01 . 2008-08-15 06:06 <REP> d-------- C:\Program Files\Applications
    2008-08-01 01:43 . 2008-08-01 03:38 <REP> d-------- C:\Windows\System32\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-26 12:07 --------- d-----w C:\Program Files\InstantMusic
    2008-08-26 12:07 --------- d-----w C:\Program Files\InstantAudio
    2008-08-26 06:46 --------- d-----w C:\Program Files\Pvm
    2008-08-26 06:34 --------- d---a-w C:\ProgramData\TEMP
    2008-08-25 18:18 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\uTorrent
    2008-08-24 23:15 --------- d-----w C:\Program Files\Audio Editor Gold
    2008-08-19 03:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\CyberLink
    2008-08-15 03:59 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 18:38 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Audacity
    2008-08-05 23:25 --------- d-----w C:\ProgramData\Symantec
    2008-07-31 18:44 --------- d-----w C:\ProgramData\VeriFace
    2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-30 00:16 --------- d-----w C:\ProgramData\CyberLink
    2008-07-29 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\GetRightToGo
    2008-07-26 11:05 --------- d-----w C:\Program Files\Yahoo!
    2008-07-26 11:05 --------- d-----w C:\Program Files\Google
    2008-07-24 20:23 --------- d-----w C:\Program Files\AIPL
    2008-07-22 23:01 --------- d-----w C:\Program Files\Soulseek
    2008-07-21 16:11 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Eltima Software
    2008-07-21 16:09 --------- d-----w C:\Program Files\SourceTec
    2008-07-21 16:07 --------- d-----w C:\ProgramData\Apple Computer
    2008-07-17 21:05 --------- d-----w C:\Program Files\MIDITracker
    2008-07-17 19:30 --------- d-----w C:\Program Files\eMule
    2008-07-14 14:49 --------- d-----w C:\Program Files\Viena
    2008-07-14 14:45 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\SynthFont
    2008-07-14 14:29 --------- d-----w C:\Program Files\QuickTime
    2008-07-14 14:11 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Apple Computer
    2008-07-11 15:05 --------- d-----w C:\Users\Toto Cutugno\AppData\Roaming\Yahoo!
    2008-07-04 15:27 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-07-04 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-07-03 21:46 --------- d-----w C:\Program Files\Icone
    2008-07-03 15:33 --------- d-----w C:\Program Files\Zuma Deluxe
    2008-07-03 15:29 --------- d-----w C:\Program Files\CrackBuster
    2008-06-30 21:29 --------- d-----w C:\Program Files\GoldWave
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-18 04:40 1,342,464 ----a-w C:\Windows\System32\AdjMmsEng.dll
    2008-06-16 22:03 174 --sha-w C:\Program Files\desktop.ini
    2008-06-16 20:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-16 20:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-15 00:43 181,760 ----a-w C:\Windows\System32\fsquirt.exe
    2008-06-15 00:42 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-06-15 00:42 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-06-15 00:42 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-06-15 00:42 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-06-15 00:42 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-06-15 00:42 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-06-15 00:42 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-06-15 00:42 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-06-15 00:42 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-06-15 00:42 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-06-14 12:27 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-06-14 12:25 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-06-14 12:21 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-06-14 12:20 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-06-14 12:20 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-14 12:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-14 12:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-06-14 12:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-14 12:20 1,695,744 ----a-w C:\Windows\System32\gameux.dll
    2008-06-14 12:18 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-06-14 12:17 428,544 ----a-w C:\Windows\System32\EncDec.dll
    2008-06-14 12:17 293,376 ----a-w C:\Windows\System32\psisdecd.dll
    2008-06-14 11:57 94,208 ----a-w C:\Windows\System32\Momo.dll
    2008-06-14 11:57 94,208 ----a-w C:\Windows\System32\ApBlend.dll
    2008-06-14 11:57 626,688 ----a-w C:\Windows\System32\msvcr80.dll
    2008-06-14 11:57 622,592 ----a-w C:\Windows\System32\PicNotify.dll
    2008-06-14 11:57 548,864 ----a-w C:\Windows\System32\msvcp80.dll
    2008-06-14 11:57 5,632 ----a-w C:\Windows\System32\biologon.dll
    2008-06-14 11:57 491,520 ----a-w C:\Windows\System32\picn.dll
    2008-06-14 11:57 49,152 ----a-w C:\Windows\System32\DevFilt.dll
    2008-06-14 11:57 208,896 ----a-w C:\Windows\System32\Image.dll
    2008-06-14 11:57 126,976 ----a-w C:\Windows\System32\VideoOp.dll
    2008-06-14 11:57 1,560,576 ----a-w C:\Windows\System32\MainOp.dll
    2008-06-14 11:57 1,327,104 ----a-w C:\Windows\System32\ImageReog.dll
    2008-06-14 11:51 3,301,376 ----a-w C:\Windows\VdoEct.dll
    2008-06-14 11:51 24,576 ----a-w C:\Windows\ScrSav.dll
    2008-06-14 11:50 89,088 ----a-w C:\Windows\Atl71.dll
    2008-06-14 11:50 626,688 ----a-w C:\Windows\msvcr80.dll
    2008-06-14 11:50 57,344 ----a-w C:\Windows\AsfHelper.dll
    2008-06-14 11:50 2,222,800 ----a-w C:\Windows\d3dx9_24.dll
    2008-06-14 11:50 1,060,864 ----a-w C:\Windows\MFC71.dll
    2008-06-14 11:32 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-14 11:32 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-27 23:16 61,440 ----a-w C:\Windows\System32\NormalizeDSP.dll
    2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
    2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
    2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
    2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
    2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
    2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
    2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
    2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
    2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
    2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-08-22_13.10.37.04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-21 21:42:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-08-26 14:01:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-08-26 14:01:20 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-08-21 21:42:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-08-26 14:01:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-08-26 14:01:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    + 2004-11-04 10:31:22 835,584 ----a-w C:\Windows\System32\arAudioCDGrabber2.dll
    + 2004-05-20 11:57:42 1,794,048 ----a-w C:\Windows\System32\ARAudioDesign2.dll
    + 2005-02-25 09:21:56 876,544 ----a-w C:\Windows\System32\ARAudioEditor2.dll
    + 2005-03-11 15:37:10 1,986,560 ----a-w C:\Windows\System32\ARAudioFile2.dll
    + 2003-12-08 10:16:22 327,680 ----a-w C:\Windows\System32\ARAudioGrabber2.dll
    + 2005-02-24 10:11:06 1,212,416 ----a-w C:\Windows\System32\ARAudioInformation2.dll
    + 2005-02-24 13:21:12 458,752 ----a-w C:\Windows\System32\ARAudioPlayer2.dll
    + 2005-03-10 14:00:30 454,656 ----a-w C:\Windows\System32\ARAudioRecord2.dll
    + 2005-02-24 10:11:46 602,112 ----a-w C:\Windows\System32\ARAudioTransform2.dll
    + 2005-02-24 10:11:56 479,232 ----a-w C:\Windows\System32\ARAudioVisualization2.dll
    + 2004-10-18 12:26:30 118,784 ----a-w C:\Windows\System32\ARFolder.dll
    + 2004-10-18 13:14:20 172,032 ----a-w C:\Windows\System32\ARoptions.dll
    + 2004-10-18 12:26:56 180,224 ----a-w C:\Windows\System32\ARServiceBar.dll
    + 2005-02-24 09:51:38 348,160 ----a-w C:\Windows\System32\ARWMAFile2.dll
    + 2008-05-23 13:12:58 323,584 ----a-w C:\Windows\System32\AudioGenie2.dll
    - 2008-08-22 09:59:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-08-26 13:49:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-08-22 09:59:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-26 13:49:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-08-22 09:59:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-08-26 13:49:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-08-21 21:30:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-08-26 13:54:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2004-01-06 01:57:40 36,864 ----a-w C:\Windows\System32\edtExt.dll
    + 2005-02-10 04:26:19 86,016 ----a-w C:\Windows\System32\ExControl.dll
    + 2005-05-17 20:37:10 76,800 ----a-w C:\Windows\System32\Faac.exe
    + 2005-02-05 22:18:08 32,768 ----a-w C:\Windows\System32\IsDRM.dll
    + 2005-11-05 23:34:50 145,408 ----a-w C:\Windows\System32\Lame.exe
    - 2002-11-22 19:46:32 430,080 ----a-w C:\Windows\System32\lame_enc.dll
    + 2003-08-07 12:01:50 237,568 ----a-w C:\Windows\System32\lame_enc.dll
    + 2007-10-12 13:34:50 71,096 ----a-w C:\Windows\System32\NMSAccess.exe
    + 2008-01-28 21:08:40 1,140,152 ----a-w C:\Windows\System32\NMSDVDX.dll
    + 2002-07-19 16:48:22 157,696 ----a-w C:\Windows\System32\OggEnc.exe
    - 2008-08-21 21:49:39 101,250 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-08-25 07:18:17 101,250 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-08-21 21:49:39 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-08-25 07:18:17 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-08-21 21:49:39 587,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-08-25 07:18:17 587,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-08-21 21:49:39 669,566 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-08-25 07:18:17 669,566 ----a-w C:\Windows\System32\perfh00C.dat
    + 2004-06-24 23:48:08 139,264 ----a-w C:\Windows\System32\voltoCDX.dll
    - 2008-08-21 21:44:37 4,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346649333-2520651484-2951552198-1000_UserData.bin
    + 2008-08-25 07:15:27 5,114 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346649333-2520651484-2951552198-1000_UserData.bin
    - 2008-08-21 21:44:36 65,480 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-08-25 07:15:25 65,720 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2008-06-14 13:57 241752 --a------ C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 15:50 857648]
    "EnergyCut_Utility"="C:\Program Files\Lenovo\EnergyCut\utilty.exe" [2005-12-11 15:42 2506752]
    "EnergyCut"="C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe" [2007-11-15 10:24 1232896]
    "HaloLighting"="C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe" [2007-12-10 12:35 1421312]
    "WisAvCtrl"="C:\Program Files\Second Display Control\WisAvCtrl.exe" [2007-12-03 19:14 389120]
    "WisOSD"="C:\Program Files\Second Display Control\WisOSD.exe" [2007-11-05 09:26 77824]
    "PCMService"="C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe" [2007-11-13 11:52 417792]
    "VeriFacePassManager"="C:\Program Files\Lenovo\VeriFace\PManage.exe" [2008-06-14 13:57 262245]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 05:31 4710400 C:\Windows\RtHDVCpl.exe]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2007-09-05 13:09:54 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\Lenovo\Power2Go\CLMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{02B11A2D-57AC-4749-A5ED-98F8F63F29F0}"= C:\Program Files\Lenovo\ShuttleCenter\PowerCinema.exe:CyberLink PowerCinema
    "{6C7E1600-45E3-434E-8D56-6A75993279B2}"= C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe:CyberLink PowerCinema Resident Program
    "{2194B6AF-4FB2-4EDF-B278-3250289759BA}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{D0D602F3-7A44-4112-8971-909E5EA6C8C2}"= C:\Program Files\Lenovo\ShuttleCenter\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{C0175CF2-698D-4DEF-A01C-A0FAD9F3D917}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{106EE2D4-71FA-47E1-BA6B-AF0821E3FDE1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{F3C77327-2F9C-485E-92AA-EEE4667E29C4}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{42BB3FF1-46C5-4B30-BA55-D5FFF4CD50FA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{F6D64A56-3EDC-44F8-92E0-C09ACC8BA5BC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{678D4234-FB8C-4E51-B568-DDD16D532A2E}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{7D721868-4A21-41E5-BDB7-7112B02487D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F450D963-4ECC-48B2-8532-10E013A539D9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{8B680E0D-A637-4B16-87FE-E92C6B043BA1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{4737A9CD-7CE5-42E5-A9B0-70834DFC1CB0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{01112336-B59B-4C4F-878C-53D3CC260BBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B94C4E51-E100-41BE-9EDD-009A4D238946}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9F9AE617-F6C4-40CE-BDA9-ECA87BBADC8C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1DD13296-97C1-40BB-9A2B-231FA9321D7C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{23C9EE0C-BD81-4814-B051-93FDD74FB774}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{28B15463-7B5F-4494-B29D-206548C02A67}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{02FC944A-6F39-4146-80D9-94C76909AD23}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{8688A419-A2B0-4630-8B8C-CA7DFCD206C8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080813.001\IDSvix86.sys [2008-06-03 17:25]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 17:13]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 16:03]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-05 05:54]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 02:20]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 02:20]
    R3 CapFilt;CapFilt;C:\Windows\system32\drivers\CapFilt.sys [2008-06-14 13:50]
    R3 ICOLOR;Lenovo icolor Controller Driver;C:\Windows\system32\DRIVERS\setool.sys [2007-10-31 00:08]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 16:32]
    R3 WisLMSvc;WisLMSvc;C:\Program Files\Second Display Control\WisLMSvc.exe [2007-09-11 15:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-21 C:\Windows\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-07-17 15:49]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-26 16:02:04
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\Lenovo\VeriFace\IGetSkin.dll
    -> C:\Program Files\Lenovo\VeriFace\FaceVerify.dll
    -> C:\Program Files\Lenovo\VeriFace\MainOp.dll
    -> C:\Program Files\Lenovo\VeriFace\VideoOp.dll
    -> C:\Program Files\Lenovo\VeriFace\Image.dll
    -> C:\Program Files\Lenovo\VeriFace\Momo.dll
    -> C:\Program Files\Lenovo\VeriFace\facev.dll
    -> C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-26 16:09:35 - machine was rebooted [Toto Cutugno]
    ComboFix-quarantined-files.txt 2008-08-26 14:08:25
    ComboFix2.txt 2008-08-22 11:11:41
    ComboFix3.txt 2008-08-21 21:50:33

    Pre-Run: 5,370,462,208 octets libres
    Post-Run: 5,268,430,848 octets libres

    371 --- E O F --- 2008-08-24 16:14:57



    ¤¤¤



    RAPPORT HIJACKTHIS :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:36:50, on 26/08/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\EnergyCut\utilty.exe
    C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    C:\Program Files\Second Display Control\WisAvCtrl.exe
    C:\Program Files\Second Display Control\WisOSD.exe
    C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
    C:\Program Files\Lenovo\VeriFace\PManage.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Toto Cutugno\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
    O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    O4 - HKLM\..\Run: [HaloLighting] C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
    O4 - HKLM\..\Run: [WisAvCtrl] "C:\Program Files\Second Display Control\WisAvCtrl.exe"
    O4 - HKLM\..\Run: [WisOSD] "C:\Program Files\Second Display Control\WisOSD.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
    O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAB32B1-9521-4D9C-AD8A-4643F017907A}: NameServer = 80.10.246.130 81.253.149.10
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Second Display Control\WisLMSvc.exe

    --
    End of file - 8820 bytes



    ¤¤¤



    Merci. :) 
    27 Août 2008 12:21:47

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    28 Août 2008 16:01:48

    Salut,

    J'ai fait le scan avec Malwarebytes' Anti-Malware et apparemment il a viré le restant des fichiers récalcitrant, mais ce qui m'inquiète c'est que ces fichiers étaient majoritairement des fichiers du dossier de Windows "System32", ce sont pas des données nécessaires au bon fonctionnement de l'ordinateur ?

    Voici le rapport, je te laisse me guider :

    ¤¤¤

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 6.0.6001 Service Pack 1

    21:37:42 27/08/2008
    mbam-log-08-27-2008 (21-37-42).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 165181
    Temps écoulé: 43 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 30

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\bkgqmoaq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\byocqhdi.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ddcAqOfF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ddcBSMee.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\efcATKET.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\fvcnldds.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\geBtQkJy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\iiffCSiI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\iqnhbtui.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\kblyjlfy.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\kqjyavpg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\kvtlerxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\mnxntg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\puzgfa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\sguqkrnk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\sshytnao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\tekdhm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\twsroolv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\uhxtnifd.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\uqqxlx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\wfdlnhkh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\wpxdlirm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\wVpQjijh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\xxyaxVlK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\xxyxWQIC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ybdnmbpy.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ymxnmtro.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

    ¤¤¤

    Merci beaucoup.
    30 Août 2008 11:25:14

    :hello:  Bonjour,

    Ce sont tous des malwares :) 

    Poste un nouveau rapport HijackThis et dis-moi comment va le PC.

    Toujours des problèmes ?

    ;) 
    1 Septembre 2008 21:38:22

    Salut,

    L'ordinateur semble se porter plutôt bien, depuis quelques jours j'ai constaté aucun problème évident.

    Voici un rapport HiJackThis tout frais :

    ¤¤¤

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:35:59, on 01/09/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Lenovo\EnergyCut\utilty.exe
    C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
    C:\Program Files\Second Display Control\WisAvCtrl.exe
    C:\Program Files\Second Display Control\WisOSD.exe
    C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
    C:\Program Files\Lenovo\VeriFace\PManage.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Dev-Cpp\devcpp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Toto Cutugno\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
    O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
    O4 - HKLM\..\Run: [HaloLighting] C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
    O4 - HKLM\..\Run: [WisAvCtrl] "C:\Program Files\Second Display Control\WisAvCtrl.exe"
    O4 - HKLM\..\Run: [WisOSD] "C:\Program Files\Second Display Control\WisOSD.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
    O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAB32B1-9521-4D9C-AD8A-4643F017907A}: NameServer = 81.253.149.1 80.10.246.3
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Second Display Control\WisLMSvc.exe

    --
    End of file - 8617 bytes

    ¤¤¤

    Merci infiniment de m'avoir débarassé de ce detritus, c'est très sympa de ta part.

    ¤ Peac€ ¤
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS