Votre question

Infection recalcitrante :/

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Mai 2008 18:55:56

Bonjour et Merci beaucoup d'avance aux helpers et à tous ceux qui s'arrêteront sur ce topic !

J'ai quelques virus récalcitrants, c'est assez relou.
BitDefender en SpyBot n'en viennent pas à bout visiblement (je ne parle même pas d'Antivir qui les a laissé s'executer), c'est pourquoi je viens chouinner ici ! :cry: 

voici le log HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:24, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\SYSTEM32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
F:\Program Files\uTorrent\uTorrent.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\DAEMON Tools Pro\DTProAgent.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070913-1045\soffice.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Program Files\Winamp\winamp.exe
F:\WINDOWS\system32\CTPdeSrv.exe
F:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00A755BA-D6F8-4412-90BF-6E7B402CD8F0} - F:\WINDOWS\system32\qoMeFyww.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {08e19b80-1e51-b718-2db4-da84b6e423c0} - {0c324e6b-48ad-4bd2-817b-15e108b91e80} - F:\WINDOWS\system32\heonlmyj.dll (file missing)
O2 - BHO: (no name) - {0E06B0BC-47B3-4E8D-9CF8-56F02B2C26DD} - F:\WINDOWS\system32\dmsynthd.dll
O2 - BHO: (no name) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - F:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - F:\WINDOWS\system32\iifdcBSm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {EDF99DD6-98B8-4778-A417-B8A11DA878BE} - F:\WINDOWS\system32\byXQIYSk.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - F:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [amd_dc_opt] "F:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "F:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ClockGen] D:\Mes documents\Mes téléchargements\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [94d196e5] rundll32.exe "F:\WINDOWS\system32\xomquddb.dll",b
O4 - HKLM\..\Run: [BM3f2f1e46] Rundll32.exe "F:\WINDOWS\system32\ergtfgdw.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5944] command /c del "F:\WINDOWS\system32\byXQIYSk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3060] cmd /c del "F:\WINDOWS\system32\byXQIYSk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6150] command /c del "F:\WINDOWS\system32\qoMeFyww.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5312] cmd /c del "F:\WINDOWS\system32\qoMeFyww.dll_old"
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SODCPreLoad] F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070913-1045\preload.exe F:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All by Gigaget - F:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - F:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: Recherche sur eBay - res://F:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A458010F-685C-4B2D-ADCC-8832E21C5064}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: iifdcBSm - F:\WINDOWS\SYSTEM32\iifdcBSm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - F:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - F:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - F:\Program Files\WinPcap\rpcapd.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - F:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - F:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11628 bytes

Autres pages sur : infection recalcitrante

1 Mai 2008 19:03:32

Salut,

Télécharge ComboFix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
1 Mai 2008 19:51:45

Merci pour l'aide.
Voici le log :


ComboFix 08-04-29.5 - e 2008-05-01 19:21:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1369 [GMT 2:00]
Endroit: D:\Mes documents\Mes images\Downloaded Albums\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - WINDOWS: deleted 49257 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\cookies.ini
F:\WINDOWS\pskt.ini
F:\WINDOWS\system32\bdduqmox.ini
F:\WINDOWS\system32\drivers\npf.sys
F:\WINDOWS\system32\iifdcBSm.dll
F:\WINDOWS\system32\kSYIQXyb.ini
F:\WINDOWS\system32\kSYIQXyb.ini2
F:\WINDOWS\system32\packet.dll
F:\WINDOWS\system32\pthreadVC.dll
F:\WINDOWS\system32\wanpacket.dll
F:\WINDOWS\system32\wpcap.dll
F:\WINDOWS\system32\wwyFeMoq.ini
F:\WINDOWS\system32\wwyFeMoq.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 19:19 . 2008-05-01 19:20 <REP> d-------- F:\327882R2FWJFW
2008-05-01 17:26 . 2008-05-01 17:26 281,600 --------- F:\WINDOWS\system32\byXQIYSk.dll_old
2008-04-30 21:31 . 2008-05-01 18:25 <REP> d-------- F:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-30 21:17 . 2008-04-30 21:17 <REP> d-------- F:\Program Files\Opera 9.5 beta
2008-04-30 21:05 . 2008-04-30 21:05 268 --ah----- F:\sqmdata01.sqm
2008-04-30 21:05 . 2008-04-30 21:05 244 --ah----- F:\sqmnoopt01.sqm
2008-04-30 01:08 . 2008-04-30 01:18 <REP> d-------- F:\Six feet under - Saison 4
2008-04-29 23:31 . 2008-04-30 23:31 109,738 --a------ F:\WINDOWS\BM3f2f1e46.xml
2008-04-29 22:51 . 2008-04-29 22:51 <REP> d-------- F:\Documents and Settings\e\Application Data\Bitdefender
2008-04-29 22:46 . 2008-05-01 19:25 81,984 --a------ F:\WINDOWS\system32\bdod.bin
2008-04-29 22:43 . 2008-04-29 22:43 <REP> d-------- F:\Program Files\Softwin
2008-04-29 22:43 . 2008-04-29 22:43 <REP> d-------- F:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-29 22:40 . 2008-04-29 22:43 <REP> d-------- F:\Program Files\Fichiers communs\Softwin
2008-04-29 21:25 . 2008-04-29 22:27 <REP> d-------- F:\WINDOWS\BDOSCAN8
2008-04-25 01:57 . 2008-04-25 01:57 <REP> d-------- F:\Program Files\MagicISO
2008-04-24 23:46 . 2008-04-22 15:57 186,463 --a------ F:\wubildr
2008-04-24 23:46 . 2008-04-22 15:57 8,192 --a------ F:\wubildr.mbr
2008-04-19 14:48 . 2008-04-19 14:50 890,953 --a------ F:\WINDOWS\HSCadn1.ini
2008-04-18 22:20 . 2008-04-18 22:20 <REP> d-------- F:\Program Files\onOne Software
2008-04-18 22:20 . 2008-04-18 22:24 <REP> d-------- F:\Documents and Settings\e\Application Data\onOne Software
2008-04-17 21:42 . 2008-04-29 14:46 <REP> d-------- F:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-17 21:30 . 2008-04-17 21:32 <REP> d-------- F:\Program Files\TmNationsForever
2008-04-16 13:44 . 2006-11-29 07:06 <REP> d-------- F:\Six feet under - Saison 1
2008-04-14 21:29 . 2006-09-14 12:21 363,243,520 --a------ F:\02x02 - La vie ne tient qu'… un fil.avi
2008-04-14 21:14 . 2008-02-13 00:08 4,636,383,673 --a------ F:\Six feet under - Saison 2 fr.rar
2008-04-13 03:03 . 2008-04-14 06:04 <REP> d-------- F:\Program Files\XenoDream2
2008-04-01 20:23 . 2008-04-01 20:23 368,045 --a------ F:\DSCF2006.jpg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 17:28 --------- d-----w F:\Documents and Settings\e\Application Data\uTorrent
2008-05-01 01:42 --------- d-----w F:\Program Files\Steam
2008-04-30 22:18 --------- d-----w F:\Program Files\HomePlayer1.5.3.1
2008-04-30 19:21 --------- d-----w F:\Documents and Settings\e\Application Data\WholeSecurity
2008-04-30 19:15 --------- d-----w F:\Program Files\Opera
2008-04-30 12:50 --------- d-----w F:\Program Files\PeerGuardian2
2008-04-30 09:16 --------- d-----w F:\Documents and Settings\e\Application Data\OpenOffice.org2
2008-04-30 08:34 --------- d-----w F:\Documents and Settings\All Users\Application Data\Avira
2008-04-20 17:14 --------- d-----w F:\Program Files\adslTV
2008-04-18 20:20 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-04-18 18:36 --------- d-----w F:\Program Files\TrackMania Nations ESWC
2008-04-17 11:38 --------- d-----w F:\Program Files\Fichiers communs\Adobe
2008-04-13 17:54 --------- d-----w F:\Program Files\SyllabiK
2008-04-02 23:29 --------- d-----w F:\Program Files\Aspell
2008-04-02 22:26 --------- d-----w F:\Program Files\Photomatix
2008-04-01 13:46 --------- d-----w F:\Documents and Settings\e\Application Data\gtk-2.0
2008-04-01 04:19 --------- d-----w F:\Program Files\SpeedFan
2008-03-30 14:41 --------- d-----w F:\Documents and Settings\e\Application Data\Ambient Design
2008-03-30 14:39 --------- d-----w F:\Program Files\Ambient Design
2008-03-29 19:11 --------- d-----w F:\Program Files\Winamp
2008-03-26 22:28 --------- d-----w F:\Program Files\Prism
2008-03-24 01:02 --------- d-----w F:\Program Files\BestGameEver
2008-03-22 15:45 --------- d-----w F:\Program Files\Gran Paradiso
2008-03-19 17:37 67,584 ----a-w F:\WINDOWS\ScUnin.exe
2008-03-19 17:37 --------- d-----w F:\Program Files\Starcraft
2008-03-18 21:29 --------- d-----w F:\Program Files\Fichiers communs\Motorola Shared
2008-03-17 22:15 --------- d-----w F:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-17 22:09 --------- d-----w F:\Documents and Settings\e\Application Data\PCF-VLC
2008-03-17 21:29 --------- d-----w F:\Program Files\Bonjour
2008-03-17 21:21 --------- d-----w F:\Program Files\Fichiers communs\Macrovision Shared
2008-03-17 17:39 --------- d-----w F:\Program Files\Picasa2
2008-03-11 21:36 --------- d-----w F:\Documents and Settings\e\Application Data\Ultra Fractal 4
2008-03-11 21:17 --------- d-----w F:\Program Files\Ultra Fractal 4
2008-03-08 02:19 --------- d-----w F:\Program Files\Fichiers communs\Symantec Shared
2008-03-05 14:27 --------- d-----w F:\Program Files\WinAVI Video Capture
2008-03-05 01:46 --------- d-----w F:\Documents and Settings\e\Application Data\InstallShield
2008-03-03 21:59 --------- d-----w F:\Documents and Settings\e\Application Data\Hamachi
2008-03-03 15:41 --------- d-----w F:\Program Files\FairUse Wizard 2
2008-03-01 23:50 --------- d-----w F:\Documents and Settings\e\Application Data\Ubisoft
2008-03-01 23:50 --------- d-----w F:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-01 23:34 --------- d-----w F:\Program Files\UBISOFT
2008-03-01 23:29 --------- d-----w F:\Program Files\DAEMON Tools Pro
2008-03-01 23:28 --------- d-----w F:\Documents and Settings\e\Application Data\DAEMON Tools Pro
2008-03-01 23:20 --------- d-----w F:\Program Files\WinPcap
2008-03-01 23:20 --------- d-----w F:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-01 23:14 685,816 ----a-w F:\WINDOWS\system32\drivers\sptd.sys
2008-03-01 21:28 --------- d-----w F:\Program Files\eBay Desktop
2008-03-01 00:51 --------- d-----w F:\Program Files\BabasChess
2008-02-25 03:28 691,545 ----a-w F:\WINDOWS\unins000.exe
2007-11-17 07:57 22,328 ----a-w F:\Documents and Settings\e\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2007-06-13 15:22 3199488 d47db3366ecc9e9de86fb24eaa10b411 F:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 F:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 F:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 3199488 d47db3366ecc9e9de86fb24eaa10b411 F:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A755BA-D6F8-4412-90BF-6E7B402CD8F0}]
F:\WINDOWS\system32\qoMeFyww.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c324e6b-48ad-4bd2-817b-15e108b91e80}]
F:\WINDOWS\system32\heonlmyj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E06B0BC-47B3-4E8D-9CF8-56F02B2C26DD}]
2008-03-02 01:50 14848 --a------ F:\WINDOWS\system32\dmsynthd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDF99DD6-98B8-4778-A417-B8A11DA878BE}]
F:\WINDOWS\system32\byXQIYSk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="F:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 03:22 219952]
"NVIDIA nTune"="F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32 81920]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Pro Agent"="F:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"PeerGuardian"="F:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"SODCPreLoad"="F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070913-1045\preload.exe" [2007-09-30 00:11 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="F:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]
"RivaTunerStatisticsServer"="F:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [2007-10-30 20:05 57344]
"RivaTunerStartupDaemon"="F:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"ClockGen"="D:\Mes documents\Mes téléchargements\ClockGen.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 F:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 F:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDMCon"="F:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="F:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"94d196e5"="F:\WINDOWS\system32\xomquddb.dll" [ ]
"BM3f2f1e46"="F:\WINDOWS\system32\ergtfgdw.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcBSm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= F:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm
"VIDC.YV12"= yv12vfw.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Avvenu Connector.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^Hamachi.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^Mozilla Firefox.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^Raccourci vers Yodm3D.lnk]

[HKLM\~\startupfolder\F:^Documents and Settings^e^Menu Démarrer^Programmes^Démarrage^Stardock Keyboard Launchpad.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
--a------ 2007-06-13 17:42 31872 F:\Program Files\Avvenu\Avvenu_updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 19:00 1818624 F:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 2003-03-01 17:25 138240 F:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-03-31 05:45 652528 F:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2006-12-19 15:02 2842624 F:\FRAPS\FRAPS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gigaget]
--a------ 2006-02-07 11:28 495616 F:\Program Files\Giganology\Gigaget\GigagetShell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-12-04 02:55 1840128 F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HumanizedEnso]
--a------ 2008-01-14 22:42 117232 F:\Documents and Settings\e\Local Settings\Application Data\HumanizedEnso\Enso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2007-08-08 17:03 177400 F:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 F:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Krait]
--a------ 2006-01-24 10:38 147456 F:\Program Files\Razer\Krait\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 F:\WINDOWS\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-03 13:32 81920 F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-06-09 03:28 310520 F:\Program Files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2005-09-18 19:40 1421824 F:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 03:17 443968 F:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-11-17 05:42 577536 F:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-30 02:14 1271032 f:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-02 16:32 68856 F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-03-27 08:35 36352 F:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-06-26 19:26 2058752 F:\yodm-3d-crystalxp.net-en-1250\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager"=3 (0x3)
"vsmon"=2 (0x2)
"iPod Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"UxTuneUp"=2 (0x2)
"PnkBstrA"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager-091907-194040"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"idsvc"=3 (0x3)
"nTuneService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SODCPreLoad"=F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070913-1045\preload.exe F:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" -atboottime
"NvMediaCenter"=RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Monitor"=F:\WINDOWS\PixArt\PAC207\Monitor.exe
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Steam\\Steam.exe"=
"F:\\Program Files\\Steam\\steamapps\\ll0ll\\dedicated server\\hlds.exe"=
"F:\\Program Files\\Steam\\steamapps\\ll0ll\\counter-strike\\hl.exe"=
"F:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\Program Files\\adslTV\\adsltv.exe"=
"F:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.200707311521\\jre\\bin\\expeditorw.exe"=
"F:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"F:\\Program Files\\ICQ6\\ICQ.exe"=
"F:\\Program Files\\mIRC\\mirc.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"D:\\Mes documents\\antonin\\IrcBot\\BOtscript\\mIRC.exe"=
"F:\\Program Files\\Tremulous\\tremulous.exe"=
"F:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"F:\\TYPSoft FTP Server\\ftpserv.exe"=
"F:\\Program Files\\adslTV\\vlc.exe"=
"F:\\Program Files\\SyllabiK\\mirc.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Program Files\\Shutdown Monster\\Shutd.exe"=
"F:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe"=
"F:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"F:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"F:\\WINDOWS\\system32\\PnkBstrA.exe"=
"F:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Jeux\\Q3\\quake3.exe"=
"F:\\Program Files\\Hamachi\\hamachi.exe"=
"F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"F:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"F:\\Program Files\\Home Jukebox\\bin\\HomeJukebox.exe"=
"F:\\Program Files\\HomePlayer1.5.3.1\\HomePlayer.exe"=
"F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\UBISOFT\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"F:\\Program Files\\UBISOFT\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"F:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);F:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 VBoxDrv;VirtualBox Service;F:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;F:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
R3 AmdTools;AMD Special Tools Driver;F:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]
R3 krait03;Razer krait USB Filter Driver;F:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 17:27]
R3 PAC207;PC Camera;F:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]
S3 cpuz;cpuz;F:\DOCUME~1\e\LOCALS~1\Temp\cpuz.sys []
S3 cpuz126;cpuz126;F:\DOCUME~1\e\LOCALS~1\Temp\cpuz.sys []
S3 DIGIRPS;Pilote PortServer Digi;F:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 18:10]
S3 MEMSWEEP2;MEMSWEEP2;F:\WINDOWS\system32\B4.tmp []
S3 UPnPService;UPnPService;F:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S3 VBoxUSB;VirtualBox USB;F:\WINDOWS\system32\Drivers\VBoxUSB.sys [2008-02-20 21:17]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S4 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-04 02:55]
S4 UxTuneUp;TuneUp Extension de thème;F:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\setup.exe

*Newly Created Service* - PGFILTER
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 15:16:47 F:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- F:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:28:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 73

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\F:\WINDOWS\system32\B4.tmp"
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070913-1045\soffice.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
F:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 19:39:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 17:39:44

Pre-Run: 5,532,639,232 octets libres
Post-Run: 12,130,488,320 octets libres

371 --- E O F --- 2008-02-21 23:20:17
Contenus similaires
1 Mai 2008 22:05:11

Re,

Sélectionne l'intégralité du cadre ci-dessous :

Driver::
MEMSWEEP2
cpuz126
cpuz

File::
F:\WINDOWS\system32\B4.tmp
F:\WINDOWS\system32\byXQIYSk.dll
F:\WINDOWS\system32\qoMeFyww.dll
F:\WINDOWS\system32\dmsynthd.dll
F:\WINDOWS\system32\heonlmyj.dll
F:\WINDOWS\HSCadn1.ini
F:\WINDOWS\BM3f2f1e46.xml
F:\WINDOWS\system32\byXQIYSk.dll_old

DirLook::
F:\327882R2FWJFW

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SODCPreLoad"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcBSm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClockGen"=-
"Adobe Reader Speed Launcher"=-
"94d196e5"=-
"BM3f2f1e46"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"SODCPreLoad"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A755BA-D6F8-4412-90BF-6E7B402CD8F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c324e6b-48ad-4bd2-817b-15e108b91e80}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E06B0BC-47B3-4E8D-9CF8-56F02B2C26DD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDF99DD6-98B8-4778-A417-B8A11DA878BE}]


Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    30 Juin 2008 23:27:58

    Salut !
    Encore moi, j'ai de nouveau un problème avec un virus...
    J'ai formaté depuis (j'avais des problèmes avec mes partitions et un Linux mal supprimé, donc c'était plus ou moins necessaire).
    Voilà, j'ai rechoppé un virus, pourtant j'ai installé AntiVir dès le début, SpyBot et Ad-Aware aussi... Rien n'y fait... Pourtant je scanne tout ce que j'execute, mais visiblement ça ne suffit pas, j'ai une merdouille qui traine dans mes dossiers, reste à l'identifier...

    Merci de m'aider encore !! [:blast-r]


    ComboFix 08-06-20.4 - e 2008-06-30 23:16:06.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1415 [GMT 2:00]
    Endroit: C:\Documents and Settings\e\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM53a474b2.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\guatrmbl.ini
    C:\WINDOWS\system32\IRuvycfe.ini
    C:\WINDOWS\system32\IRuvycfe.ini2
    C:\WINDOWS\system32\wqdbxbqy.ini
    C:\WINDOWS\system32\xENWwyxx.ini
    C:\WINDOWS\system32\xENWwyxx.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-30 23:18 . 2008-06-30 23:18 320,000 --a------ C:\WINDOWS\system32\cbXNEXNF.dll
    2008-06-30 23:18 . 2008-06-30 23:18 345 --ahs---- C:\WINDOWS\system32\FNXENXbc.ini
    2008-06-30 23:10 . 2008-06-30 23:10 103,424 --a------ C:\WINDOWS\system32\ktwjybwl.dll
    2008-06-30 23:10 . 2008-06-30 23:10 103,424 --a------ C:\WINDOWS\system32\citawx.dll
    2008-06-30 23:04 . 2008-06-30 23:04 91,136 --a------ C:\WINDOWS\system32\viwftnys.dll
    2008-06-30 21:58 . 2008-06-30 21:58 320,000 --------- C:\WINDOWS\system32\xxywWNEx.dll_old
    2008-06-30 21:48 . 2008-06-30 21:48 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-30 21:45 . 2008-06-30 23:02 211 --a------ C:\WINDOWS\wininit.ini
    2008-06-30 21:28 . 2008-06-30 21:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-30 21:28 . 2008-06-30 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 21:26 . 2008-06-19 00:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-06-30 21:26 . 2008-06-19 00:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-06-30 21:26 . 2008-06-18 22:25 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-06-30 21:26 . 2008-06-19 00:18 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-06-30 21:26 . 2008-06-19 00:18 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-06-30 21:26 . 2008-06-30 21:27 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-30 21:26 . 2008-06-30 21:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-30 21:26 . 2008-06-30 21:26 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-30 15:49 . 2008-06-30 15:49 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-30 15:49 . 2008-06-30 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-30 15:49 . 2008-06-30 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-30 11:14 . 2008-06-30 11:14 103,424 --a------ C:\WINDOWS\system32\cpohbxgx.dll
    2008-06-30 11:14 . 2008-06-30 11:14 103,424 --a------ C:\WINDOWS\system32\cbmtfo.dll
    2008-06-29 17:52 . 2008-06-29 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 17:15 . 2008-06-29 17:15 26,112 --a------ C:\WINDOWS\system32\ssqPhGxU.dll
    2008-06-29 17:11 . 2008-06-29 17:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-06-29 17:10 . 2008-06-29 17:10 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-06-29 17:10 . 2008-06-29 17:10 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-06-29 17:10 . 2008-06-29 17:10 <REP> d-------- C:\Program Files\MSBuild
    2008-06-29 17:10 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-06-29 17:08 . 2008-06-29 17:08 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-06-29 17:02 . 2008-06-29 17:02 26,112 --a------ C:\WINDOWS\system32\xxyyyWQJ.dll
    2008-06-29 17:00 . 2008-06-29 17:00 26,112 --a------ C:\WINDOWS\system32\wvUoOHay.dll
    2008-06-29 16:59 . 2008-06-29 16:59 26,112 --a------ C:\WINDOWS\system32\rqRiJCUo.dll
    2008-06-28 18:59 . 2008-06-28 18:59 <REP> d-------- C:\Program Files\Bonjour
    2008-06-28 17:51 . 2008-06-28 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-28 17:44 . 2008-06-28 17:44 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-06-28 17:41 . 2008-06-28 17:43 <REP> d-------- C:\Program Files\DAEMON Tools Pro
    2008-06-28 17:41 . 2008-06-28 17:41 <REP> d-------- C:\Documents and Settings\e\Application Data\DAEMON Tools Pro
    2008-06-28 17:41 . 2008-06-28 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2008-06-28 16:10 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-06-28 16:10 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-06-28 15:55 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-06-26 01:05 . 2008-06-26 01:05 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-06-26 01:05 . 2008-06-26 01:05 <REP> d-------- C:\Program Files\AMD
    2008-06-26 01:05 . 2006-11-01 14:42 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
    2008-06-25 12:11 . 2008-06-28 20:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-24 14:22 . 2008-06-24 14:22 <REP> d-------- C:\Program Files\OpenAL
    2008-06-24 14:22 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp5D.tmp
    2008-06-24 14:22 . 2008-04-28 16:53 805,400 -ra------ C:\WINDOWS\system32\tmp5C.tmp
    2008-06-24 14:22 . 2008-06-24 14:22 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-06-24 14:22 . 2008-06-24 14:22 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-06-24 14:16 . 2008-06-24 14:16 <REP> d-------- C:\WINDOWS\Logs
    2008-06-23 15:33 . 2008-06-30 02:37 <REP> d-------- C:\Program Files\Picasa2
    2008-06-23 15:33 . 2008-06-23 15:33 <REP> d-------- C:\Program Files\Google
    2008-06-23 15:33 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-06-23 15:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-06-23 15:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-06-23 15:33 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-06-21 01:37 . 2008-06-21 01:39 <REP> d-------- C:\Program Files\Subdownloader
    2008-06-20 17:54 . 2008-06-20 17:54 <REP> d-------- C:\Program Files\uTorrent
    2008-06-20 17:54 . 2008-06-30 23:19 <REP> d-------- C:\Documents and Settings\e\Application Data\uTorrent
    2008-06-20 06:28 . 2008-06-26 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-06-20 06:25 . 2008-06-20 06:26 <REP> d-------- C:\Program Files\TmNationsForever
    2008-06-20 05:22 . 2008-06-20 05:22 <REP> d-------- C:\Documents and Settings\e\Application Data\vlc
    2008-06-20 03:33 . 2008-06-20 03:33 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-20 02:42 . 2008-06-20 02:42 <REP> d-------- C:\WINDOWS\nview
    2008-06-20 02:42 . 2008-06-20 02:42 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-06-20 01:34 . 2008-06-20 01:34 <REP> d-------- C:\CUDA
    2008-06-19 16:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-19 16:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-06-19 16:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-19 02:07 . 2008-06-19 02:07 <REP> d---s---- C:\Documents and Settings\e\UserData
    2008-06-18 21:55 . 2008-06-19 22:02 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-06-18 21:55 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-06-18 21:26 . 2008-06-18 21:26 <REP> d-------- C:\Program Files\ASUS
    2008-06-18 21:13 . 2008-06-30 23:18 <REP> d-------- C:\Program Files\Steam
    2008-06-18 21:12 . 2008-06-18 21:12 <REP> d-------- C:\Program Files\Avira
    2008-06-18 21:12 . 2008-06-18 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-18 20:53 . 2008-06-18 20:53 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-06-18 20:53 . 2008-06-18 20:53 51,919 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-06-18 20:52 . 2008-06-18 20:52 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-06-18 20:52 . 2008-06-18 20:53 4,825 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-06-18 20:49 . 2008-06-18 20:49 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-18 20:45 . 2008-06-18 20:45 <REP> d-------- C:\WINDOWS\nvidia icons
    2008-06-18 20:45 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-06-18 20:45 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
    2008-06-18 20:45 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
    2008-06-18 20:45 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
    2008-06-18 20:45 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
    2008-06-18 20:45 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-06-18 20:44 . 2008-06-18 20:44 <REP> d-------- C:\NVIDIA
    2008-06-18 20:40 . 2008-06-18 20:40 <REP> d-------- C:\Program Files\Realtek AC97
    2008-06-18 20:40 . 2008-06-20 01:34 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-06 15:47 . 2002-10-15 19:00 1,818,624 --a------ C:\WINDOWS\mixer.exe
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-02 22:46 . 2007-12-05 01:41 7,435,392 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2008-05-02 22:46 . 2007-12-05 01:41 7,435,392 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
    2008-05-02 22:46 . 2007-12-05 01:41 5,773,568 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2008-05-02 22:46 . 2007-12-05 01:41 5,773,568 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-05-02 22:46 . 2007-12-05 01:41 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-18 20:37 --------- d-----w C:\Documents and Settings\e\Application Data\Winamp
    2008-06-18 20:28 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-18 20:27 --------- d-----w C:\Program Files\Services en ligne
    2008-06-18 20:15 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-18 20:13 --------- d-----w C:\Program Files\Winamp
    2008-06-18 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-18 20:06 --------- d-----w C:\Program Files\Windows Live
    2008-06-18 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-18 19:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-18 18:53 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-07 10:29 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-21 07:02 1,141,248 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-01 11:23 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
    2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
    2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
    2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
    .

    ------- Sigcheck -------

    2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
    2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
    2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
    2004-08-19 16:09 1138176 bfc6bc83231984030ec672323c9d8865 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
    2008-04-21 09:02 1141248 1ab26c243aeb86892452b651d8960fe4 C:\WINDOWS\system32\wininet.dll
    2008-04-21 09:02 1141248 1ab26c243aeb86892452b651d8960fe4 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:22 3199488 d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-19 16:09 3198464 cbd11120f0aef7e7567fb04ba1236fdf C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 3199488 d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018B27FF-E05F-4CB5-8763-540CB3FD457A}]
    2008-06-29 16:59 26112 --a------ C:\WINDOWS\system32\rqRiJCUo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB5D44A-7A80-4BB7-87BC-F675E315C062}]
    C:\WINDOWS\system32\efcyvuRI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b396e3c9-f547-43ca-bcbb-190ba667b218}]
    2008-06-30 23:10 103424 --a------ C:\WINDOWS\system32\citawx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C572FDAE-C6BA-4561-9077-34C9F4D7305A}]
    C:\WINDOWS\system32\xxywWNEx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9C85E4E-5E4C-4A1C-85E9-59EA3B612278}]
    2008-06-30 23:18 320000 --a------ C:\WINDOWS\system32\cbXNEXNF.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-06-18 21:14 1271032]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-20 17:54 219952]
    "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
    "BM53a474b2"="C:\WINDOWS\system32\viwftnys.dll" [2008-06-30 23:04 91136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{018B27FF-E05F-4CB5-8763-540CB3FD457A}"= C:\WINDOWS\system32\rqRiJCUo.dll [2008-06-29 16:59 26112]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRiJCUo]
    rqRiJCUo.dll 2008-06-29 16:59 26112 C:\WINDOWS\system32\rqRiJCUo.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\cbXNEXNF

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Steam\\steamapps\\ll0ll\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-30 23:18:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\WINDOWS\system32\FNXENXbc.ini 345 bytes
    C:\WINDOWS\system32\FNXENXbc.ini2 345 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\rqRiJCUo.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\viwftnys.dll
    -> C:\WINDOWS\system32\cbXNEXNF.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-30 23:20:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-30 21:20:41

    Pre-Run: 144,293,310,464 octets libres
    Post-Run: 144,456,458,240 octets libres

    263 --- E O F --- 2008-06-19 20:02:19
    2 Juillet 2008 00:54:41

    up ?

    Pour l'instant je tourne sur Linux mais j'ai besoin de windows :cry: 
    merci de m'aider :D 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS