Votre question

Infection Virale au niveau du navigateur

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juin 2008 16:48:20

Bonjour a tous , depuis hier je suis victime d'un ou plusieurs virus qui d'une part m'empechent totalement de naviguer sur le net et d'autre part désactivent les mises à jour automatiques de windows.

J'ai éssayé un scan total avec antivir + spybot en mode sans échec... il a trouvé des virus mais le probleme n'est pas résolu.

Je me tourne donc vers vous ne sachant plus quoi faire.
Je vous poste un rapport HijackThis réalisé il y a qu'elques minutes :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:43, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Marvell\Mrv8000x.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BMaf209ef5] Rundll32.exe "C:\WINDOWS\system32\bdthhtab.dll",s
O4 - HKLM\..\Run: [ac13ad69] rundll32.exe "C:\WINDOWS\system32\oqaosvxt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A628EC-9AF8-4240-AE0E-038F41F6E6A1}: NameServer = 80.10.246.2,80.10.242.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8477 bytes

Merci d'avance pour celui ou ceux qui se pencheront sur mon probleme.

Autres pages sur : infection virale niveau navigateur

6 Juin 2008 17:53:46

Bonjour,

Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<
    6 Juin 2008 19:17:02

    Merci pour ta réponse voici le rapport :


    SDFix: Version 1.188
    Run by Michael on 06/06/2008 at 18:46

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\efcAPFxY.dll - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-06 19:03:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
    "khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
    "khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
    "khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Team Fortress 2\\hl2.exe"="C:\\Program Files\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:o rb"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:o rbTray"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT7.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITA.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITE.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT6.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITB.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT8.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITD.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT9.tmp"
    Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITC.tmp"

    Finished!


    PS : Apres redémarage Antivir a détecté un grand nombre de virus dans Windows/System32
    Contenus similaires
    6 Juin 2008 23:18:44

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    7 Juin 2008 01:32:35

    RE, alors apres combofix la navigation semble remarcher correctement, cependant au démarrage de windows, spybot continue de me dire que des entrés de clef du registre ont été modifiées et me demande si j'accepte ou non la modification. Je ne sais pas quoi choisir.

    Je te poste donc le rapport Combofix :

    ComboFix 08-06-06.4 - Michael 2008-06-07 1:11:10.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1417 [GMT 2:00]
    Endroit: C:\Documents and Settings\Michael\Bureau\AIDE VIR\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMaf209ef5.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bdthhtab.dll
    C:\WINDOWS\system32\bnkfxcqd.dll
    C:\WINDOWS\system32\ehfasoka.ini
    C:\WINDOWS\system32\gcvjjsba.dll
    C:\WINDOWS\system32\lfhwtapm.dll
    C:\WINDOWS\system32\ljJAtuVO.dll
    C:\WINDOWS\system32\oqaosvxt.dll
    C:\WINDOWS\system32\OVutAJjl.ini
    C:\WINDOWS\system32\OVutAJjl.ini2
    C:\WINDOWS\system32\qfwfdmas.ini
    C:\WINDOWS\system32\tuvTkklL.dll
    C:\WINDOWS\system32\txvsoaqo.ini
    C:\WINDOWS\system32\WFOVuBeg.ini
    C:\WINDOWS\system32\WFOVuBeg.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-06 18:43 . 2008-06-06 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2008-06-06 18:40 . 2008-06-06 19:08 <REP> d-------- C:\SDFix
    2008-06-06 16:39 . 2008-06-06 16:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-05 22:41 . 2008-06-06 11:19 211 --a------ C:\WINDOWS\wininit.ini
    2008-06-05 22:16 . 2008-06-05 22:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-05 22:16 . 2008-06-05 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-05 18:27 . 2008-06-05 21:45 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
    2008-06-05 09:08 . 2008-06-05 09:08 <REP> d-------- C:\Program Files\Google
    2008-06-04 13:25 . 2000-11-07 17:36 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
    2008-06-04 13:25 . 1999-05-06 20:00 262,152 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
    2008-06-04 13:25 . 1999-01-13 17:22 61,440 --a------ C:\WINDOWS\system32\RHGBTN32.DLL
    2008-06-04 13:25 . 1998-07-13 06:08 31,232 --a------ C:\WINDOWS\system32\DATGDFR.DLL
    2008-06-04 13:25 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-06-04 13:25 . 1998-07-12 20:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
    2008-06-04 13:25 . 1995-08-24 05:50 5,532 --a------ C:\WINDOWS\system32\STDOLE.TLB
    2008-06-04 13:25 . 2001-09-12 13:17 402 --a------ C:\WINDOWS\system32\msxml3.inf
    2008-06-04 13:24 . 2008-06-04 13:24 <REP> d-------- C:\Program Files\win'design
    2008-06-04 13:04 . 2003-05-15 06:48 <REP> d-------- C:\Program Files\Win'design 5.2.2
    2008-06-01 23:07 . 2008-06-01 23:07 56 --a------ C:\WINDOWS\WdEdit.INI
    2008-06-01 22:10 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Program Files\Notepad++
    2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Notepad++
    2008-05-31 03:04 . 2008-06-02 19:29 38 --a------ C:\WINDOWS\AviSplitter.INI
    2008-05-29 18:45 . 2008-05-29 18:45 173 --a------ C:\WINDOWS\ODBC.INI
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\js
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\images
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\html
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\css
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Business Objects
    2008-05-29 18:39 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
    2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
    2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft Synchronization Services
    2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-05-29 18:31 . 2008-05-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    2008-05-29 18:27 . 2008-05-29 18:27 <REP> d-------- C:\WINDOWS\symbols
    2008-05-29 18:26 . 2008-05-29 18:42 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-05-29 18:26 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-05-29 18:26 . 2008-05-29 18:28 <REP> d-------- C:\Program Files\HTML Help Workshop
    2008-05-29 18:26 . 2008-05-29 18:31 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\CE Remote Tools
    2008-05-29 17:56 . 2008-05-29 17:56 <REP> d-------- C:\Program Files\Microsoft Web Designer Tools
    2008-05-29 17:54 . 2008-05-29 18:21 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-05-29 17:54 . 2008-05-29 17:54 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-05-29 17:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-05-29 17:52 . 2008-05-29 17:52 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-05-27 18:18 . 2008-05-27 18:18 <REP> d-------- C:\Program Files\DVD Decrypter
    2008-05-27 02:13 . 2008-05-27 02:13 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-26 17:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-05-26 17:14 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2008-05-26 17:14 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2008-05-26 17:14 . 2004-06-26 01:54 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
    2008-05-26 17:14 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2008-05-26 17:14 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2008-05-26 17:14 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2008-05-26 17:14 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\HP
    2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-05-26 17:13 . 2004-05-10 15:54 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll
    2008-05-26 17:13 . 2004-05-10 15:54 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll
    2008-05-26 17:13 . 2004-05-10 15:54 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
    2008-05-26 17:13 . 2004-05-10 15:54 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll
    2008-05-26 17:13 . 2004-05-10 15:54 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
    2008-05-26 17:13 . 2004-05-10 15:54 10,092 -ra------ C:\WINDOWS\system32\hptcpmui.hlp
    2008-05-26 17:13 . 2004-05-10 15:54 10,062 -ra------ C:\WINDOWS\system32\hpipxmui.hlp
    2008-05-26 17:13 . 2004-05-10 15:54 3,279 -ra------ C:\WINDOWS\system32\hptcpmon.ini
    2008-05-26 17:13 . 2008-05-26 17:13 138 --a------ C:\WINDOWS\system32\AddPort.ini
    2008-05-26 17:11 . 2008-05-26 17:14 102,846 --a------ C:\WINDOWS\hpdj6800.his
    2008-05-26 17:11 . 2008-05-26 17:16 23,083 --a------ C:\WINDOWS\hpf6800m.his
    2008-05-26 17:11 . 2008-05-26 17:14 13,829 --a------ C:\WINDOWS\hpdj6800.ini
    2008-05-26 17:11 . 2008-05-26 17:16 5,412 --a------ C:\WINDOWS\hpf6800m.ini
    2008-05-25 20:30 . 2008-06-06 14:44 0 --a------ C:\23990098.$$$
    2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Downloads
    2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Bases
    2008-05-25 18:04 . 2008-05-25 18:04 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
    2008-05-25 17:31 . 2008-05-25 17:31 <REP> d-------- C:\Program Files\Lavalys
    2008-05-25 01:31 . 2008-05-25 01:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CCP
    2008-05-25 01:28 . 2008-05-25 01:28 <REP> d-------- C:\Program Files\CCP
    2008-05-24 14:46 . <REP> C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu T II
    2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Electronic Arts
    2008-05-22 21:32 . 2008-05-22 21:32 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Command & Conquer 3 Kane's Wrath
    2008-05-22 21:22 . 2008-05-25 00:00 <REP> d-------- C:\Documents and Settings\Michael\Application Data\skypePM
    2008-05-22 21:22 . 2008-05-22 21:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-05-22 21:19 . 2008-05-23 10:58 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Hamachi
    2008-05-22 21:18 . 2008-05-22 21:18 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Skype
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-05-22 21:17 . 2008-05-25 03:17 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Skype
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-05-22 13:36 . 2008-06-05 21:48 <REP> d-------- C:\Program Files\Winamp Remote
    2008-05-22 13:36 . 2008-05-22 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-05-22 11:17 . 2008-05-22 11:17 <REP> d-------- C:\Program Files\GIGABYTE
    2008-05-21 21:37 . 2008-05-21 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-05-21 12:22 . 2008-05-21 12:22 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-05-21 12:14 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-05-21 12:14 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-05-21 01:59 . 2008-05-21 01:59 <REP> d-------- C:\Program Files\X'nStop 2.5
    2008-05-21 00:50 . 2008-05-21 00:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-20 19:59 . 2008-05-20 20:57 <REP> d-------- C:\Program Files\uTorrent
    2008-05-20 19:59 . 2008-06-07 01:13 <REP> d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
    2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-05-19 22:53 . 2008-05-19 22:53 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-05-19 22:53 . 2008-05-19 22:53 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-05-19 22:53 . 2008-05-19 22:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\Documents and Settings\Michael\Application Data\PnkBstrK.sys
    2008-05-19 22:44 . 2008-05-21 12:09 <REP> d-------- C:\Program Files\Ubisoft
    2008-05-19 21:50 . 2008-05-19 21:50 <REP> d-------- C:\Program Files\FileZilla
    2008-05-19 12:35 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-05-19 01:03 . 2008-05-19 01:03 <REP> d-------- C:\Program Files\UselessCreations
    2008-05-19 00:34 . 2008-05-20 22:45 <REP> d--h----- C:\WINDOWS\Icons
    2008-05-19 00:19 . 2008-05-19 00:19 <REP> d-------- C:\Documents and Settings\Michael\Application Data\TuneUp Software
    2008-05-19 00:19 . 2008-05-19 00:19 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-05-19 00:19 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2008-05-19 00:18 . 2008-05-19 00:19 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
    2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-05-18 21:59 . 2008-05-18 21:59 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
    2008-05-18 21:53 . 2008-05-18 21:53 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
    2008-05-18 21:53 . 2008-05-18 21:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
    2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp Toolbar
    2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2008-05-18 21:38 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 16:28 --------- d-----w C:\Program Files\Command & Conquer 3 Kane's Wrath
    2008-05-25 12:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu ™ II
    2008-05-22 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-21 23:47 --------- d-----w C:\Program Files\Team Fortress 2
    2008-05-18 09:31 --------- d-----w C:\Program Files\Warcraft III
    2008-05-17 14:54 --------- d-----w C:\Program Files\Realtek AC97
    2008-05-17 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-05-17 14:32 --------- d-----w C:\Program Files\ma-config.com
    2008-05-17 14:12 155,995 ----a-w C:\WINDOWS\java\Packages\0LBX3P3N.ZIP
    2008-05-17 14:05 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-05-17 12:45 --------- d-----w C:\Program Files\Marvell
    2008-05-17 12:29 --------- d-----w C:\Program Files\Realtek Sound Manager
    2008-05-17 12:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-17 12:29 --------- d-----w C:\Program Files\AvRack
    2008-05-17 12:29 --------- d-----w C:\Program Files\AMD
    2008-05-17 12:21 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-17 12:18 --------- d-----w C:\Program Files\Services en ligne
    2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    .

    ------- Sigcheck -------

    2001-08-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\svchost.exe
    2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

    2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    2002-08-29 11:45 561152 0abf2f5280940d32d1d52bd3500b0c37 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
    2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

    2001-08-24 14:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
    2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ws2_32.dll
    2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

    2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

    2002-08-29 11:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\winlogon.exe
    2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

    2002-08-29 02:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ndis.sys
    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ip6fw.sys
    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2002-08-29 11:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-08-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\services.exe
    2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

    2002-08-29 11:45 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\lsass.exe
    2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

    2002-08-29 11:45 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ctfmon.exe
    2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0964C6CC-A7C4-465C-864F-E778887E5D25}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f93b879-54c3-4e32-9149-0529fbc1d033}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 02:32 172032]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
    "ac13ad69"="C:\WINDOWS\system32\oqaosvxt.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Team Fortress 2\\hl2.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
    S3 maconfservice;maconfservice;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-14 16:40]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 00:19]
    S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-06 23:15:28 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-07 01:15:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\mc22.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-07 1:22:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-06 23:22:36

    Pre-Run: 89,958,629,376 octets libres
    Post-Run: 90,173,652,992 octets libres

    340 --- E O F --- 2008-05-30 01:01:49


    Merci encore , et a demain
    7 Juin 2008 13:10:39

    Re,

    Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

    ********

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\DOCUME~1\Michael\LOCALS~1\Temp\mc22.tmp

    Driver::
    mchInjDrv]
    msvsmon90

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"=-
    "Adobe Reader Speed Launcher"=-
    "ac13ad69"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    *******

    - Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK

    Tu recoches ces options après !

    Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\23990098.$$$
  • Clique maintenant sur Envoyer le fichier.
  • Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
    7 Juin 2008 17:57:34

    Re , alors jai refait le combofix comme tu mas dit voici le rapport :

    ComboFix 08-06-06.4 - Michael 2008-06-07 17:22:07.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1247 [GMT 2:00]
    Endroit: C:\Documents and Settings\Michael\Bureau\AIDE VIR\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Michael\Bureau\AIDE VIR\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_msvsmon90


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-06 18:43 . 2008-06-06 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2008-06-06 18:40 . 2008-06-06 19:08 <REP> d-------- C:\SDFix
    2008-06-06 16:39 . 2008-06-06 16:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-05 22:41 . 2008-06-06 11:19 211 --a------ C:\WINDOWS\wininit.ini
    2008-06-05 22:16 . 2008-06-05 22:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-05 22:16 . 2008-06-05 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-05 18:27 . 2008-06-05 21:45 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
    2008-06-05 09:08 . 2008-06-05 09:08 <REP> d-------- C:\Program Files\Google
    2008-06-04 13:25 . 2000-11-07 17:36 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
    2008-06-04 13:25 . 1999-05-06 20:00 262,152 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
    2008-06-04 13:25 . 1999-01-13 17:22 61,440 --a------ C:\WINDOWS\system32\RHGBTN32.DLL
    2008-06-04 13:25 . 1998-07-13 06:08 31,232 --a------ C:\WINDOWS\system32\DATGDFR.DLL
    2008-06-04 13:25 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-06-04 13:25 . 1998-07-12 20:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
    2008-06-04 13:25 . 1995-08-24 05:50 5,532 --a------ C:\WINDOWS\system32\STDOLE.TLB
    2008-06-04 13:25 . 2001-09-12 13:17 402 --a------ C:\WINDOWS\system32\msxml3.inf
    2008-06-04 13:24 . 2008-06-04 13:24 <REP> d-------- C:\Program Files\win'design
    2008-06-04 13:04 . 2003-05-15 06:48 <REP> d-------- C:\Program Files\Win'design 5.2.2
    2008-06-01 23:07 . 2008-06-01 23:07 56 --a------ C:\WINDOWS\WdEdit.INI
    2008-06-01 22:10 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Program Files\Notepad++
    2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Notepad++
    2008-05-31 03:04 . 2008-06-02 19:29 38 --a------ C:\WINDOWS\AviSplitter.INI
    2008-05-29 18:45 . 2008-05-29 18:45 173 --a------ C:\WINDOWS\ODBC.INI
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\js
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\images
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\html
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\css
    2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Business Objects
    2008-05-29 18:39 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
    2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
    2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft Synchronization Services
    2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-05-29 18:31 . 2008-05-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    2008-05-29 18:27 . 2008-05-29 18:27 <REP> d-------- C:\WINDOWS\symbols
    2008-05-29 18:26 . 2008-05-29 18:42 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-05-29 18:26 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-05-29 18:26 . 2008-05-29 18:28 <REP> d-------- C:\Program Files\HTML Help Workshop
    2008-05-29 18:26 . 2008-05-29 18:31 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\CE Remote Tools
    2008-05-29 17:56 . 2008-05-29 17:56 <REP> d-------- C:\Program Files\Microsoft Web Designer Tools
    2008-05-29 17:54 . 2008-05-29 18:21 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-05-29 17:54 . 2008-05-29 17:54 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-05-29 17:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-05-29 17:52 . 2008-05-29 17:52 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-05-27 18:18 . 2008-05-27 18:18 <REP> d-------- C:\Program Files\DVD Decrypter
    2008-05-27 02:13 . 2008-05-27 02:13 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-26 17:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-05-26 17:14 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2008-05-26 17:14 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2008-05-26 17:14 . 2004-06-26 01:54 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
    2008-05-26 17:14 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2008-05-26 17:14 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2008-05-26 17:14 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2008-05-26 17:14 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\HP
    2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-05-26 17:13 . 2004-05-10 15:54 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll
    2008-05-26 17:13 . 2004-05-10 15:54 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll
    2008-05-26 17:13 . 2004-05-10 15:54 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
    2008-05-26 17:13 . 2004-05-10 15:54 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll
    2008-05-26 17:13 . 2004-05-10 15:54 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
    2008-05-26 17:13 . 2004-05-10 15:54 10,092 -ra------ C:\WINDOWS\system32\hptcpmui.hlp
    2008-05-26 17:13 . 2004-05-10 15:54 10,062 -ra------ C:\WINDOWS\system32\hpipxmui.hlp
    2008-05-26 17:13 . 2004-05-10 15:54 3,279 -ra------ C:\WINDOWS\system32\hptcpmon.ini
    2008-05-26 17:13 . 2008-05-26 17:13 138 --a------ C:\WINDOWS\system32\AddPort.ini
    2008-05-26 17:11 . 2008-05-26 17:14 102,846 --a------ C:\WINDOWS\hpdj6800.his
    2008-05-26 17:11 . 2008-05-26 17:16 23,083 --a------ C:\WINDOWS\hpf6800m.his
    2008-05-26 17:11 . 2008-05-26 17:14 13,829 --a------ C:\WINDOWS\hpdj6800.ini
    2008-05-26 17:11 . 2008-05-26 17:16 5,412 --a------ C:\WINDOWS\hpf6800m.ini
    2008-05-25 20:30 . 2008-06-06 14:44 0 --a------ C:\23990098.$$$
    2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Downloads
    2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Bases
    2008-05-25 18:04 . 2008-05-25 18:04 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
    2008-05-25 17:31 . 2008-05-25 17:31 <REP> d-------- C:\Program Files\Lavalys
    2008-05-25 01:31 . 2008-05-25 01:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CCP
    2008-05-25 01:28 . 2008-05-25 01:28 <REP> d-------- C:\Program Files\CCP
    2008-05-24 14:46 . <REP> C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu T II
    2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Electronic Arts
    2008-05-22 21:32 . 2008-05-22 21:32 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Command & Conquer 3 Kane's Wrath
    2008-05-22 21:22 . 2008-05-25 00:00 <REP> d-------- C:\Documents and Settings\Michael\Application Data\skypePM
    2008-05-22 21:22 . 2008-05-22 21:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-05-22 21:19 . 2008-05-23 10:58 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Hamachi
    2008-05-22 21:18 . 2008-05-22 21:18 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Skype
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-05-22 21:17 . 2008-05-25 03:17 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Skype
    2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-05-22 13:36 . 2008-06-05 21:48 <REP> d-------- C:\Program Files\Winamp Remote
    2008-05-22 13:36 . 2008-05-22 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-05-22 11:17 . 2008-05-22 11:17 <REP> d-------- C:\Program Files\GIGABYTE
    2008-05-21 21:37 . 2008-05-21 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-05-21 12:22 . 2008-05-21 12:22 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-05-21 12:14 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-05-21 12:14 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-05-21 01:59 . 2008-05-21 01:59 <REP> d-------- C:\Program Files\X'nStop 2.5
    2008-05-21 00:50 . 2008-05-21 00:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-20 19:59 . 2008-05-20 20:57 <REP> d-------- C:\Program Files\uTorrent
    2008-05-20 19:59 . 2008-06-07 17:24 <REP> d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
    2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-05-19 22:53 . 2008-05-19 22:53 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-05-19 22:53 . 2008-05-19 22:53 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-05-19 22:53 . 2008-05-19 22:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\Documents and Settings\Michael\Application Data\PnkBstrK.sys
    2008-05-19 22:44 . 2008-05-21 12:09 <REP> d-------- C:\Program Files\Ubisoft
    2008-05-19 21:50 . 2008-05-19 21:50 <REP> d-------- C:\Program Files\FileZilla
    2008-05-19 12:35 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-05-19 01:03 . 2008-05-19 01:03 <REP> d-------- C:\Program Files\UselessCreations
    2008-05-19 00:34 . 2008-05-20 22:45 <REP> d--h----- C:\WINDOWS\Icons
    2008-05-19 00:19 . 2008-05-19 00:19 <REP> d-------- C:\Documents and Settings\Michael\Application Data\TuneUp Software
    2008-05-19 00:19 . 2008-05-19 00:19 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-05-19 00:19 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2008-05-19 00:18 . 2008-05-19 00:19 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
    2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-05-18 21:59 . 2008-05-18 21:59 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
    2008-05-18 21:53 . 2008-05-18 21:53 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
    2008-05-18 21:53 . 2008-05-18 21:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
    2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp Toolbar
    2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2008-05-18 21:38 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 16:28 --------- d-----w C:\Program Files\Command & Conquer 3 Kane's Wrath
    2008-05-25 12:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu ™ II
    2008-05-22 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-21 23:47 --------- d-----w C:\Program Files\Team Fortress 2
    2008-05-18 09:31 --------- d-----w C:\Program Files\Warcraft III
    2008-05-17 14:54 --------- d-----w C:\Program Files\Realtek AC97
    2008-05-17 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-05-17 14:32 --------- d-----w C:\Program Files\ma-config.com
    2008-05-17 14:05 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-05-17 12:45 --------- d-----w C:\Program Files\Marvell
    2008-05-17 12:29 --------- d-----w C:\Program Files\Realtek Sound Manager
    2008-05-17 12:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-17 12:29 --------- d-----w C:\Program Files\AvRack
    2008-05-17 12:29 --------- d-----w C:\Program Files\AMD
    2008-05-17 12:21 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-17 12:18 --------- d-----w C:\Program Files\Services en ligne
    2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    .

    ------- Sigcheck -------

    2001-08-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\svchost.exe
    2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

    2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    2002-08-29 11:45 561152 0abf2f5280940d32d1d52bd3500b0c37 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
    2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

    2001-08-24 14:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
    2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ws2_32.dll
    2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

    2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

    2002-08-29 11:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\winlogon.exe
    2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

    2002-08-29 02:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ndis.sys
    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ip6fw.sys
    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2002-08-29 11:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-08-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\services.exe
    2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

    2002-08-29 11:45 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\lsass.exe
    2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

    2002-08-29 11:45 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ctfmon.exe
    2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-07_ 1.22.23.17 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-06 23:15:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-07 15:26:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 02:32 172032]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Team Fortress 2\\hl2.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
    S3 maconfservice;maconfservice;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-14 16:40]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 00:19]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-07 15:26:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-07 17:26:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\mc21.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-07 17:33:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-07 15:33:25
    ComboFix2.txt 2008-06-06 23:22:41

    Pre-Run: 90,214,686,720 octets libres
    Post-Run: 90,196,090,880 octets libres

    325 --- E O F --- 2008-05-30 01:01:49


    Par ailleurs le fichier 23990098.$$$ est bien présent sur C:\ mais quand je l'envoie sur "virustotal" je reçois ce message : 0 bytes size received
    7 Juin 2008 18:53:47

    Re,

    Supprime ce fichier.

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    del /q "%windir%\Temp\*.*"
    del /q "%windir%\Prefetch\*.*"
    del /q "%userprofile%\Cookies\*.*"
    del /s /q "%temp%\*.*"
    del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
    del /s /q "%userprofile%\Local Settings\Historique\*.*"
    reg delete HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv /F
    reg delete HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv /F
    reg delete HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv /F
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sous sur ton Bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).

    Puis poste un nouveau rapport HJT.
    7 Juin 2008 19:31:27

    Pas de rapport géneré pour les instructions sous DOS , je poste cellui de HJT :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:51, on 07/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Marvell\Mrv8000x.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\program files\winamp toolbar\WinampTbServer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A628EC-9AF8-4240-AE0E-038F41F6E6A1}: NameServer = 80.10.246.2,80.10.242.129
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 8264 bytes
    8 Juin 2008 18:01:45

    Re,

    Télécharge Clean (de Malekal) sur ton Bureau.

  • Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
  • Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
  • Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
  • Poste le rapport qui se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    Aide : Comment utiliser Clean.

    *******

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    9 Juin 2008 11:06:16

    RE, alors voici le petit rapport Clean :

    09/06/2008 a 10:02:00,59

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files

    Par contre MBAM, une erreur se produit en plein scan :



    J'ai essayé un scan rapide.. meme erreur.. l'aurai je mal installé?
    9 Juin 2008 18:44:31

    Peux-tu tenter de le désinstaller/réinstaller et l'exécuter en mode sans échec ? Voir si ça change quelque chose.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS