Se connecter / S'enregistrer
Votre question

tojan qui rennet tt le temps + qq > connection > ordi AIDE SVP

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Juin 2008 12:14:21

Bonjour

je suis nouveau sur ce forum et j'ai un gros problème avec mon ordi :

0)les caractéristiques : windows xp familial, internet exploreur,service pack 3,1024 mo ram ...

logiciel : avast,spyboot,windows défander,zone alarm.

1)J'ai Avast qui me met avast ! message scan a l'accès
Bouclier réseau : "DCOM EXPLOIT" bloqué - attaque de 88.174.14/78:135/tcp

2)J'ai des torjan win32:vundo@.dll qui non pas tos le meme nom qui reviennent a chaque fois que je les suprime avec avast.

J'ai réussi a trouver avec quelle processus il était en contacte (grace a spyboot qui me demander d'autoriser l'ajout de la valeur ... a partir de winlogon ):

winlogon.exe,eploreur.exe,iexploreur.exe,winlogon.exe

si vous avez besoin de Rapport de logiciels demander moi ya pas de problème.

thomas

merci pour votre aide

Autres pages sur : tojan rennet temps connection ordi aide svp

8 Juin 2008 12:18:20

réponse hiper rapide c super
je fait sa tout de suite
8 Juin 2008 12:19:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:07, on 08/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\V54SGQYB\FixVundo[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F9B4E9A-2117-4954-BB33-A09A3185D67C} - C:\WINDOWS\system32\qomKcyyA.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - http://shared.live.com/0AWo70tq93pEHO1WfbbTIA/etc/Micro...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/install...
O17 - HKLM\System\CCS\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: qomKcyyA - C:\WINDOWS\SYSTEM32\qomKcyyA.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11120 bytes
8 Juin 2008 12:27:55

ALORS ?(je sais bien que cela ne fait que 2 min mais sa m'énerve je peut rien faire toutes les 5 min il y a a un virus.)
a b 8 Sécurité
8 Juin 2008 12:40:23

Euh tu patientes ? :) 

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    8 Juin 2008 12:46:27

    désactiver les protections ? peut ètre internet par la même occation se serait plus prudent.
    non ?
    a b 8 Sécurité
    8 Juin 2008 12:49:16

    Pas besoin.
    8 Juin 2008 12:52:43

    DSL j'y conait rien mais les virus il vont pas me détruire mon ordi comme les protections ne seron plus là ?
    a b 8 Sécurité
    8 Juin 2008 13:49:35

    Non.
    8 Juin 2008 16:18:32

    ComboFix 08-06-07.3 - Compaq_Propriétaire 2008-06-08 15:44:01.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.517 [GMT 2:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system\smvss.exe
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\drivers\downld\106796.exe
    C:\WINDOWS\system32\drivers\downld\205078.exe
    C:\WINDOWS\system32\drivers\downld\218109.exe
    C:\WINDOWS\system32\qomKcyyA.dll
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-07 19:39 . 2008-06-07 19:39 <REP> d-------- C:\VundoFix Backups
    2008-06-07 19:19 . 2008-06-07 23:05 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-06-07 19:01 . 2008-06-07 20:01 <REP> d-------- C:\Program Files\a-squared Free
    2008-06-07 18:51 . 2008-06-07 23:32 <REP> d-------- C:\Program Files\Unlocker
    2008-06-07 17:41 . 2008-06-07 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-07 12:11 . 2008-06-07 12:11 <REP> d-------- C:\Program Files\QuickTime Alternative
    2008-06-07 12:07 . 2008-06-07 12:08 <REP> d-------- C:\Program Files\QuickTime
    2008-06-07 11:27 . 2008-06-07 11:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-03 19:55 . 2008-04-13 20:40 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
    2008-06-03 19:55 . 2008-04-13 20:40 43,904 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
    2008-05-28 19:04 . 2008-05-28 19:07 <REP> d-------- C:\Program Files\Eurobarre
    2008-05-28 19:04 . 2008-05-28 19:04 15,872 --------- C:\WINDOWS\system32\winskfr.dll
    2008-05-28 15:32 . 2008-05-29 20:22 <REP> d-------- C:\Program Files\Hack - Prizee
    2008-05-25 10:45 . 2008-05-25 10:45 <REP> d-------- C:\Program Files\Anuman Interactive
    2008-05-24 22:43 . 2007-05-16 13:02 9,602,944 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys
    2008-05-24 22:43 . 2007-05-16 15:33 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll
    2008-05-24 22:43 . 2007-05-25 18:37 167,936 --a------ C:\WINDOWS\system32\rsnp2uvc.dll
    2008-05-24 22:43 . 2007-05-29 12:23 94,208 --a------ C:\WINDOWS\system32\drivers\camfilt2.sys
    2008-05-24 22:43 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll
    2008-05-24 22:43 . 2007-05-09 15:16 28,160 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys
    2008-05-24 22:43 . 2006-05-19 11:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini
    2008-05-24 22:43 . 2006-05-19 11:53 13,022 --a------ C:\WINDOWS\snp2uvc.src
    2008-05-24 22:42 . 2008-05-24 22:44 <REP> d-------- C:\WINDOWS\system32\HWC HD
    2008-05-24 22:42 . 2008-05-24 22:42 <REP> d-------- C:\Program Files\Hercules
    2008-05-24 22:42 . 2006-08-01 12:31 3,600,384 --a------ C:\WINDOWS\ffmpeg.exe
    2008-05-24 22:38 . 2008-04-14 04:34 92,160 --a------ C:\WINDOWS\system32\kswdmcap.ax
    2008-05-21 18:35 . 2008-05-21 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-05-19 20:15 . 2008-05-19 20:15 <REP> d-------- C:\Program Files\DivX
    2008-05-14 23:51 . 2008-05-15 14:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xfire
    2008-05-14 23:51 . 2008-05-14 23:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-14 23:51 . 2008-05-14 23:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-14 23:45 . 2008-05-14 23:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-05-14 23:34 . 2005-12-10 19:07 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-05-14 23:34 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-05-14 23:34 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-05-14 23:34 . 2007-10-01 00:55 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
    2008-05-14 23:34 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-05-14 23:34 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-05-14 23:34 . 2007-09-30 17:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-05-14 23:34 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-05-14 23:34 . 2005-12-10 19:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-05-14 23:34 . 2008-05-14 23:34 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-05-14 13:18 . 2008-05-14 13:18 <REP> d-------- C:\WINDOWS\system32\fr
    2008-05-14 13:18 . 2008-05-14 13:18 <REP> d-------- C:\WINDOWS\system32\bits
    2008-05-14 13:18 . 2008-05-14 13:18 <REP> d-------- C:\WINDOWS\l2schemas
    2008-05-14 13:15 . 2008-05-14 13:19 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-05-14 13:06 . 2008-05-14 13:06 <REP> d-------- C:\WINDOWS\EHome
    2008-05-14 12:47 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-05-14 12:47 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-05-14 12:47 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-05-14 12:47 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
    2008-05-14 12:47 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
    2008-05-14 11:47 . 2008-05-14 11:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
    2008-05-14 11:46 . 2008-05-14 11:46 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
    2008-05-14 11:46 . 2008-05-14 11:46 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
    2008-05-14 11:45 . 2008-05-14 11:46 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
    2008-05-14 09:30 . 2008-05-14 09:30 572 --a------ C:\mes documents.hit
    2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-12 13:47 . 2008-05-25 00:15 <REP> d-------- C:\Program Files\Okoker CD&DVD Burner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-08 13:55 11,737,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-08 13:50 140,636 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-07 15:44 --------- d-----w C:\Program Files\Lavasoft
    2008-06-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-07 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-07 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-06 20:01 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-05-22 17:08 --------- d-----w C:\Program Files\eMule
    2008-05-21 17:48 --------- d-----w C:\Program Files\Vstep
    2008-05-21 14:49 --------- d-----w C:\Program Files\CamStudio
    2008-05-17 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-17 16:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-06 15:08 --------- d-----w C:\Program Files\Process Master
    2008-05-05 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-05-05 19:24 --------- d-----w C:\Program Files\Zone Labs
    2008-05-01 08:08 --------- d-----w C:\Program Files\Windows Live
    2008-05-01 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-30 17:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-29 15:33 --------- d-----w C:\Program Files\DebugMode
    2008-04-17 17:36 --------- d-----w C:\Program Files\sixteen tons entertainment
    2008-04-17 15:55 --------- d-----w C:\Program Files\Empire Interactive
    2008-04-16 09:14 --------- d-----w C:\Program Files\iTunes
    2008-04-16 09:14 --------- d-----w C:\Program Files\iPod
    2008-04-16 09:08 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-15 12:53 --------- d-----w C:\Program Files\Mio Technology
    2008-04-14 10:12 --------- d-----w C:\Program Files\CodeBlocks
    2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll
    2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 02:03 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
    2008-04-14 02:03 40,576 ------w C:\WINDOWS\system32\drivers\intelppm.sys
    2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
    2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
    2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
    2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
    2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
    2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
    2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
    2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
    2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
    2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
    2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
    2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
    2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
    2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
    2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
    2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
    2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
    2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
    2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
    2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
    2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
    2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
    2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
    2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
    2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
    2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
    2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
    2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
    2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
    2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
    2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
    2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
    2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
    2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
    2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
    2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
    2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
    2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
    2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
    2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
    2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
    2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
    2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
    2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
    2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
    2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
    2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
    2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
    2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
    2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
    2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
    2007-11-12 16:19 23 --sha-w C:\WINDOWS\system32\bfcddab7_r.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F9B4E9A-2117-4954-BB33-A09A3185D67C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "PCDrProfiler"="" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-10 19:02 180269]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
    "PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-09-08 09:23 299008]
    "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 17:24 716800]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
    "CamserviceDP"="C:\Program Files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 14:23 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 1 (0x1)
    "SynchronousUserGroupPolicy"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoAutoTrayNotify"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoWelcomeScreen"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomKcyyA]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
    backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-09-18 16:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2004-07-08 03:51 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime Alternative\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\Cossacks\\dmcr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\eMuleplus\\eMule.exe"=
    "C:\\temp\\logiciel\\emule0.48a-Xtreme6.1\\emule.exe"=
    "C:\\Program Files\\sixteen tons entertainment\\Emergency 4\\Em4.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
    "C:\\Program Files\\Spamihilator\\dccproc.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
    "C:\\Program Files\\Xfire\\Xfire.exe"=
    "C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
    "C:\\Program Files\\Railroad Tycoon 3\\RT3.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\temp\\logiciel\\prizee\\Cap_Sur_Le_Tresor_-_Bubbly_s_Bubbles\\HandyCache\\HandyCache.exe"=
    "C:\\temp\\logiciel\\prizee\\Jardin_Secret_-_Secret_Garden\\HandyCache\\HandyCache.exe"=
    "C:\\Program Files\\Monte Cristo\\Fire Department 2\\FIRE.EXE"=
    "C:\\temp\\logiciel\\prizee\\Faranbulle_-_Fishtrain\\HandyCache\\HandyCache.exe"=
    "C:\\temp\\logiciel\\prizee\\Arche_De_Koulapic_-_Sinkyfrog_s_Ark\\HandyCache\\HandyCache.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\temp\\logiciel\\prizee\\packmod07\\pkbarctrl.scr"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22316:TCP"= 22316:TCP:BitComet 22316 TCP
    "22316:UDP"= 22316:UDP:BitComet 22316 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 camfilt2;camfilt2;C:\WINDOWS\system32\Drivers\camfilt2.sys [2007-05-29 12:23]
    R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2005-09-08 09:23]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
    S3 cusbohcn;cusbohcn;C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cusbohcn.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-07 12:53:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-06 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-06-08 13:55:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-06-06 17:00:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-06-07 10:19:25 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    "2008-06-04 10:33:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2007-07-10 10:33:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-08 15:53:22
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
    "ImagePath"="\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-08 16:13:42 - machine was rebooted [Compaq_Propri‚taire]
    ComboFix-quarantined-files.txt 2008-06-08 14:13:33

    Pre-Run: 94,067,912,704 octets libres
    Post-Run: 94,329,401,344 octets libres

    338 --- E O F --- 2008-06-06 13:38:09
    a b 8 Sécurité
    8 Juin 2008 16:54:36

    Reposte un rapport Hijackthis.
    8 Juin 2008 19:14:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:12:49, on 08/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - http://shared.live.com/0AWo70tq93pEHO1WfbbTIA/etc/Micro...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/install...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS3\Services\Tcpip\..\{173370BD-D98E-4A4A-8E41-43854619E103}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10518 bytes


    je pensse que le problème de virus est régler là mais le problème de tantative de connection je fait comment ?
    11 Juin 2008 17:43:31

    re
    j'ai instaler anti vir et je suis en train de faire un scan complet je posterait le rapport dés que se sera finit.
    mais il y a quelque chose qui me tracasse il y a un répèrtoire QooBox/quanrantaine dans C:/ avec tout les virus faut t'il le suprimer ?
    merci
    a b 8 Sécurité
    11 Juin 2008 17:54:41

    Nan, c'est la quarantaine de Combofix.
    11 Juin 2008 17:58:21

    et maintenant a chaque fois que je vais sur internet (internet exploreur) il y a un message d'erreur de scripte et c'est jamais le même.
    merci
    a b 8 Sécurité
    11 Juin 2008 18:45:06

    Tu peux faire un script ?
    11 Juin 2008 20:35:04

    Non, il m'affiche :

    Erreur de scripte
    n°:*** (*=chiffre)

    souhaitez vous éfectuer un débeugage ?

    oui / non
    a b 8 Sécurité
    11 Juin 2008 21:27:23

    Tu as fait oui ?
    12 Juin 2008 19:49:32

    ba une fois oui une fois non mais sa revient quand même et après y a des partit de la page web conserner qui marche pas.
    a b 8 Sécurité
    13 Juin 2008 11:43:54

    Supprime ta version de Combofix puis recommence.
    26 Août 2008 17:46:07

    sa ne change rien
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS