Votre question

Tout plein de virus :(

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mars 2008 18:19:17

Bonjour,
J'ai tout plein de virus sur mon ordinateur, voici le rapport HijackThis :
Y'a moyen que vous m'aidiez ? :(  En tout cas merci d'avance ! :hello: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:48, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [advap32] c:\vbhbnr.exe/r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing)
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

End of file - 13901 bytes

Autres pages sur : plein virus

a b 8 Sécurité
24 Mars 2008 18:58:01

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
24 Mars 2008 21:09:24

Voila le rapport :

MSNFix 1.673

C:\Documents and Settings\utilisateur\Bureau\MSNFix
Fix exécuté le 24/03/2008 - 20:59:24,53 By utilisateur
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\utilisateur\??????.exe
... C:\Documents and Settings\utilisateur\????????.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\utilisateur\??????.exe
.. OK ... C:\Documents and Settings\utilisateur\????????.exe



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\qklxwxtc.exe] 25014FBE096E356608EFB3A705F6E3B1

==> SVP merci d'envoyer le fichier C:\DOCUME~1\UTILIS~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24032008_21022565.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

merci
Contenus similaires
a b 8 Sécurité
25 Mars 2008 12:37:49

Re,

[#ff0000]CECI EST UNE ETAPE IMPORTANTE A REALISER ![/#f]
Upload l'archive Upload_Me.zip contenant les fichiers suspects afin de développer l'outil MSNFix.
AIDE : Upload des fichiers supects pour MSNFix
27 Mars 2008 22:34:30

Salut,
C'est bon j'ai envoyé le fichier demandé.
Merci de m'aider.
a b 8 Sécurité
28 Mars 2008 12:18:47

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    28 Mars 2008 22:19:58

    Voila le rapport combofix :

    ComboFix 08-03-27.1 - utilisateur 2008-03-28 22:04:31.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1335 [GMT 1:00]
    Endroit: C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\90VAK21R\ComboFix[1].exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    -- Script messages for sUBs --
    GREP -Fis \baiso
    VFind -td "C:\WINDOWS\system32\*"
    Findstr -MIF:/ sursen

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    C:\WINDOWS\inf\wseqnx.inf
    C:\WINDOWS\system\userinfo32.ggt
    c:\windows\system32\Drivers\Yjs77.sys
    C:\WINDOWS\system32\WLCtrl32.dl_
    C:\WINDOWS\system32\WLCtrl32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE
    -------\Legacy_SYMAVC32
    -------\Legacy_YJS77
    -------\Service_infoxmid
    -------\Service_symavc32
    -------\Service_userinfo32
    -------\Service_Yjs77
    -------\Legacy_ASBroker
    -------\Legacy_PCA
    -------\ASBroker
    -------\PCA


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-27 12:21 . 2008-03-27 12:21 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2008-03-24 18:45 . 2008-03-24 18:45 72 --a------ C:\WINDOWS\system32\DelReboot
    2008-03-24 18:36 . 2008-03-26 23:12 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-22 19:59 . 2008-03-22 19:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-22 19:05 . 2008-03-22 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-22 17:46 . 2006-10-05 17:30 53,248 --------- C:\WINDOWS\biwlandrvxpver.dll
    2008-03-22 17:44 . 2007-04-25 15:17 12,800 --------- C:\WINDOWS\HPNICVersion.dll
    2008-03-22 17:42 . 2008-03-22 17:42 1,773 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GB887ET#ABF)_YN_0U_QCNU7241L6K_EU_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L40C_M2040_J120_7Intel_8Core2 Duo T7100_91.8_#070605_N80864222_(GB887ET#ABF)_XMOBILE.MRK
    2008-03-22 15:44 . 2008-03-22 15:45 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-03-22 15:44 . 2008-03-22 15:44 <REP> d-------- C:\Program Files\Ahead
    2008-03-22 15:44 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-03-22 15:44 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-03-22 15:44 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-03-22 15:44 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-03-22 15:44 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-03-22 15:44 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-03-22 15:40 . 2008-03-22 17:36 <REP> d-------- C:\SYSTEM.SAV
    2008-03-17 18:23 . 2008-03-17 18:23 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-17 18:21 . 2008-03-17 18:21 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-17 18:17 . 2008-03-17 18:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-03-17 18:16 . 2008-03-24 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-03 20:57 . 2008-03-17 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-03 20:57 . 2008-03-03 20:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-02 14:46 . 2008-03-02 14:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-02 14:36 . 2008-02-24 20:06 2,511,424 --a------ C:\Documents and Settings\Administrateur\Application Data.exe
    2008-02-29 19:01 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-29 19:01 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-29 19:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-29 19:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-29 19:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-29 19:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-29 19:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-29 19:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-29 14:12 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2008-02-29 14:12 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-02-29 14:01 . 2008-03-24 18:38 <REP> d-------- C:\BackUpMSNCleaner
    2008-02-29 13:15 . 2008-02-29 13:15 113 --a------ C:\WINDOWS\wininit.ini
    2008-02-29 00:27 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
    2008-02-29 00:27 . 2004-08-03 22:59 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
    2008-02-29 00:27 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
    2008-02-29 00:25 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
    2008-02-29 00:25 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
    2008-02-29 00:23 . 2008-02-29 15:38 6,144 --a------ C:\qklxwxtc.exe
    2008-02-28 22:07 . 2008-02-29 15:39 2 --a------ C:\1817182118

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-18 21:16 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-27 21:41 --------- d-----w C:\Program Files\OFFICE One v7
    2008-03-27 21:39 --------- d-----w C:\Program Files\Astonsoft
    2008-03-25 19:28 --------- d-----w C:\Program Files\Bonjour
    2008-03-22 19:28 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DNA
    2008-03-22 18:55 --------- d-----w C:\Program Files\Bluebeam Software
    2008-03-22 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-22 16:42 1,773 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GB887ET#ABF)_YN_0U_QCNU7241L6K_EU_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L40C_M2040_J120_7Intel_8Core2 Duo T7100_91.8_#070605_N80864222_(GB887ET#ABF)_XMOBILE.MRK
    2008-03-22 16:39 --------- d-----w C:\Program Files\HPQ
    2008-03-22 16:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-03-17 17:23 --------- d-----w C:\Program Files\MSBuild
    2008-03-14 18:40 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\OFFICEOne7
    2008-03-09 14:16 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\LimeWire
    2008-03-09 14:00 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\BitTorrent
    2008-03-09 13:40 --------- d-----w C:\Program Files\LimeWire
    2008-03-05 17:42 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Canon
    2008-02-29 15:06 --------- d-----w C:\Program Files\Windows Live
    2008-02-29 15:04 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-02-29 14:58 --------- d-----w C:\Program Files\SolidWorks
    2008-02-29 14:56 --------- d-----w C:\Program Files\IRAI
    2008-02-23 19:04 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DeepBurner
    2008-02-22 17:29 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\dvdcss
    2008-02-22 09:54 --------- d-----w C:\Program Files\PDFCreator
    2008-02-21 14:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-21 14:25 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-08 21:24 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Apple Computer
    2008-02-08 21:23 --------- d-----w C:\Program Files\QuickTime
    2008-02-08 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-08 07:25 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\U3
    2008-01-16 22:04 77,421 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 17:58 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
    "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 15:51 1187840]
    "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 16:38 806912]
    "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 10:23 697976]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
    "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 14:28 124928]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 07:57 1282048]
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 14:46 40960]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 14:13 472776]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 14:54 159744]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 10:19 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 10:17 970752]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
    "PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52 145184]
    "CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 16:12 17920]
    "IFXSPMGT"="c:\WINDOWS\system32\ifxspmgt.exe" [2007-02-15 12:00 677408]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 13:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "advap32"="c:\vbhbnr.exe/r" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 17:36 872448]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 10:34 131072]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 10:34 155648]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 10:33 131072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yjs77.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
    C:\WINDOWS\system32\amvo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a------ 2008-03-18 17:39 287040 C:\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNCleaner]
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.500\MSNCleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    C:\Program Files\Shareaza\Shareaza.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-22 16:24]
    R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 13:31]
    R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 16:54]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2007-01-23 19:07]
    R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-22 16:25]
    R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00]
    R2 DUNTLW;SA UNITELWAY Protocol;C:\WINDOWS\system32\drivers\duntlw.sys [1999-03-11 15:29]
    R2 HpFkCryptService;Drive Encryption Service;"C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-22 16:32]
    R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 16:13]
    R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 18:13]
    S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5987da84-bfae-11dc-bef8-0017a4e891aa}]
    \Shell\AutoRun\command - yo2mq6.exe
    \Shell\explore\Command - yo2mq6.exe
    \Shell\open\Command - yo2mq6.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5c23ac-661b-11dc-be4c-0017a4e891aa}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e3d51a-5bcc-11dc-be35-001b773458a1}]
    \Shell\AutoRun\command - wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1deb03c-eb7d-11dc-bf6a-001b773458a1}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aef183e1-ac16-11dc-bed3-0017a4e891aa}]
    \Shell\AutoRun\command - F:\cfdflx.com
    \Shell\explore\Command - F:\cfdflx.com
    \Shell\open\Command - F:\cfdflx.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd086938-d4ac-11dc-bf2b-0017a4e891aa}]
    \Shell\AutoRun\command - G:\y82td3td.com
    \Shell\explore\Command - G:\y82td3td.com
    \Shell\open\Command - G:\y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59993aa-aa32-11dc-bece-0017a4e891aa}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5db8a7-914f-11dc-be98-0017a4e891aa}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee0da936-eb8c-11dc-bf6b-001b773458a1}]
    \Shell\AutoRun\command - E:\y82td3td.com
    \Shell\explore\Command - E:\y82td3td.com
    \Shell\open\Command - E:\y82td3td.com

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 22:12:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    ? [432]

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????_????????@???????@

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    c:\WINDOWS\system32\ifxtcs.exe
    c:\WINDOWS\system32\IfxPsdSv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-28 22:17:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-28 21:16:57
    Pre-Run: 38,027,325,440 octets libres
    Post-Run: 39,111,761,920 octets libres
    .
    2008-03-27 11:23:06 --- E O F ---
    a b 8 Sécurité
    29 Mars 2008 12:49:54

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    29 Mars 2008 20:58:48

    Voici le rapport MalwareByte :

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 564

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 156032
    Temps écoulé: 59 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550o (Rootkit.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Flash Media (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Heuristics.Reserved.Word.Exploit) -> Data: c:\docume~1\utilis~1\locals~1\temp\services.exe -> Delete on reboot.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\qklxwxtc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP182\A0023053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP183\A0025856.dll (Adware.E404) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP183\A0028796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP183\A0028799.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP193\A0029603.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP193\A0029834.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4359A9C4-786D-4727-9EA2-49BF9A06529B}\RP193\A0029838.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\utilisateur\Local Settings\Temp\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
    a b 8 Sécurité
    30 Mars 2008 13:44:00

    Refais un scan Combofix.
    30 Mars 2008 18:12:45

    Voici de nouveau le scan Combofix :

    ComboFix 08-03-30.2 - utilisateur 2008-03-30 18:01:35.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1425 [GMT 2:00]
    Endroit: C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\3NDJMSCF\ComboFix[1].exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-29 19:32 . 2008-03-29 19:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-03-29 19:19 . 2008-03-29 19:19 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
    2008-03-29 19:18 . 2008-03-29 19:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-29 19:18 . 2008-03-29 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-24 19:45 . 2008-03-24 19:45 72 --a------ C:\WINDOWS\system32\DelReboot
    2008-03-24 19:36 . 2008-03-27 00:12 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-22 20:59 . 2008-03-22 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-22 20:05 . 2008-03-22 20:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-22 18:46 . 2006-10-05 18:30 53,248 --------- C:\WINDOWS\biwlandrvxpver.dll
    2008-03-22 18:44 . 2007-04-25 16:17 12,800 --------- C:\WINDOWS\HPNICVersion.dll
    2008-03-22 18:42 . 2008-03-22 18:42 1,773 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GB887ET#ABF)_YN_0U_QCNU7241L6K_EU_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L40C_M2040_J120_7Intel_8Core2 Duo T7100_91.8_#070605_N80864222_(GB887ET#ABF)_XMOBILE.MRK
    2008-03-22 16:44 . 2008-03-22 16:45 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-03-22 16:44 . 2008-03-22 16:44 <REP> d-------- C:\Program Files\Ahead
    2008-03-22 16:44 . 2004-07-26 18:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-03-22 16:44 . 2004-07-26 18:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-03-22 16:44 . 2004-07-26 18:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-03-22 16:44 . 2004-07-26 18:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-03-22 16:44 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-03-22 16:44 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-03-22 16:40 . 2008-03-22 18:36 <REP> d-------- C:\SYSTEM.SAV
    2008-03-17 19:23 . 2008-03-17 19:23 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-17 19:21 . 2008-03-17 19:21 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-17 19:17 . 2008-03-17 19:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-03-17 19:16 . 2008-03-24 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-03 21:57 . 2008-03-18 00:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-03 21:57 . 2008-03-03 21:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-02 15:46 . 2008-03-02 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-02 15:36 . 2008-02-24 21:06 2,511,424 --a------ C:\Documents and Settings\Administrateur\Application Data.exe
    2008-02-29 20:01 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-29 20:01 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-29 20:01 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-29 20:01 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-29 20:01 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-29 20:01 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-29 20:01 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-29 20:01 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-29 15:12 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2008-02-29 15:12 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-02-29 15:01 . 2008-03-24 19:38 <REP> d-------- C:\BackUpMSNCleaner
    2008-02-29 14:15 . 2008-02-29 14:15 113 --a------ C:\WINDOWS\wininit.ini
    2008-02-29 01:27 . 2004-08-03 23:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
    2008-02-29 01:27 . 2004-08-03 23:59 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
    2008-02-29 01:27 . 2004-08-04 00:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
    2008-02-29 01:25 . 2004-08-04 00:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
    2008-02-29 01:25 . 2004-08-04 00:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
    2008-02-28 23:07 . 2008-02-29 16:39 2 --a------ C:\1817182118
    2008-02-23 19:49 . 2008-02-23 21:04 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\DeepBurner
    2008-02-23 19:39 . 2008-03-27 23:39 <REP> d-------- C:\Program Files\Astonsoft
    2008-02-22 11:53 . 2008-02-22 11:54 <REP> d-------- C:\Program Files\PDFCreator
    2008-02-22 11:53 . 1998-07-13 03:08 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-02-22 11:53 . 1998-06-24 02:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-02-22 11:53 . 2001-10-28 18:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-02-22 11:53 . 1998-07-13 03:08 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
    2008-02-22 11:53 . 1998-07-06 02:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-02-21 16:25 . 2008-02-21 16:25 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-18 21:16 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-29 15:12 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\LimeWire
    2008-03-27 21:41 --------- d-----w C:\Program Files\OFFICE One v7
    2008-03-25 19:28 --------- d-----w C:\Program Files\Bonjour
    2008-03-22 19:28 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DNA
    2008-03-22 18:55 --------- d-----w C:\Program Files\Bluebeam Software
    2008-03-22 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-22 16:42 1,773 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GB887ET#ABF)_YN_0U_QCNU7241L6K_EU_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L40C_M2040_J120_7Intel_8Core2 Duo T7100_91.8_#070605_N80864222_(GB887ET#ABF)_XMOBILE.MRK
    2008-03-22 16:39 --------- d-----w C:\Program Files\HPQ
    2008-03-22 16:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-03-17 17:23 --------- d-----w C:\Program Files\MSBuild
    2008-03-14 18:40 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\OFFICEOne7
    2008-03-09 14:00 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\BitTorrent
    2008-03-09 13:40 --------- d-----w C:\Program Files\LimeWire
    2008-03-05 17:42 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Canon
    2008-02-29 15:06 --------- d-----w C:\Program Files\Windows Live
    2008-02-29 15:04 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-02-29 14:58 --------- d-----w C:\Program Files\SolidWorks
    2008-02-29 14:56 --------- d-----w C:\Program Files\IRAI
    2008-02-22 17:29 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\dvdcss
    2008-02-21 14:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-08 21:24 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Apple Computer
    2008-02-08 21:23 --------- d-----w C:\Program Files\QuickTime
    2008-02-08 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-08 07:25 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\U3
    2008-01-16 22:04 77,421 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-28_22.16.46.60 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    - 2008-12-20 12:39:05 3,632 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{EDAAA218-E8FE-42C2-97EB-3815337B4BFC}.bin
    + 2008-12-20 12:39:05 4,248 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{EDAAA218-E8FE-42C2-97EB-3815337B4BFC}.bin
    - 2008-03-28 16:50:14 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-30 09:15:49 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-28 16:50:14 95,016 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-03-30 09:15:49 95,016 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-28 16:50:14 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-30 09:15:49 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-28 16:50:14 536,664 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-30 09:15:49 536,664 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2008-03-30 09:11:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_774.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 18:58 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
    "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
    "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
    "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 15:28 124928]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 08:57 1282048]
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 15:46 40960]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 15:54 159744]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]
    "PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
    "CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17:12 17920]
    "IFXSPMGT"="c:\WINDOWS\system32\ifxspmgt.exe" [2007-02-15 13:00 677408]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 14:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 11:34 131072]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 11:34 155648]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 11:33 131072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-11-27 13:40:15 713728]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yjs77.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
    C:\WINDOWS\system32\amvo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a------ 2008-03-18 18:39 287040 C:\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNCleaner]
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.500\MSNCleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    C:\Program Files\Shareaza\Shareaza.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-22 17:24]
    R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 14:31]
    R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 17:54]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2007-01-23 20:07]
    R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-22 17:25]
    R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R2 DUNTLW;SA UNITELWAY Protocol;C:\WINDOWS\system32\drivers\duntlw.sys [1999-03-11 16:29]
    R2 HpFkCryptService;Drive Encryption Service;"C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-22 17:32]
    R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 17:13]
    R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 19:13]
    S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 01:23]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 19:31]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5987da84-bfae-11dc-bef8-0017a4e891aa}]
    \Shell\AutoRun\command - yo2mq6.exe
    \Shell\explore\Command - yo2mq6.exe
    \Shell\open\Command - yo2mq6.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5c23ac-661b-11dc-be4c-0017a4e891aa}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e3d51a-5bcc-11dc-be35-001b773458a1}]
    \Shell\AutoRun\command - wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1deb03c-eb7d-11dc-bf6a-001b773458a1}]
    \Shell\AutoRun\command - y82td3td.com
    \Shell\explore\Command - y82td3td.com
    \Shell\open\Command - y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aef183e1-ac16-11dc-bed3-0017a4e891aa}]
    \Shell\AutoRun\command - F:\cfdflx.com
    \Shell\explore\Command - F:\cfdflx.com
    \Shell\open\Command - F:\cfdflx.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd086938-d4ac-11dc-bf2b-0017a4e891aa}]
    \Shell\AutoRun\command - G:\y82td3td.com
    \Shell\explore\Command - G:\y82td3td.com
    \Shell\open\Command - G:\y82td3td.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59993aa-aa32-11dc-bece-0017a4e891aa}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5db8a7-914f-11dc-be98-0017a4e891aa}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee0da936-eb8c-11dc-bf6b-001b773458a1}]
    \Shell\AutoRun\command - E:\y82td3td.com
    \Shell\explore\Command - E:\y82td3td.com
    \Shell\open\Command - E:\y82td3td.com

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-30 18:04:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    ? [192]

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????`????????@???????@

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-30 18:05:23
    ComboFix-quarantined-files.txt 2008-03-30 16:05:14
    ComboFix2.txt 2008-03-28 21:17:02
    Pre-Run: 39,092,219,904 octets libres
    Post-Run: 39,078,817,792 octets libres
    .
    2008-03-29 15:16:01 --- E O F ---
    a b 8 Sécurité
    31 Mars 2008 17:53:01

    Tu as le même problème ?
    31 Mars 2008 18:39:37

    Mon pc a l'air d'aller mieux. Je n'ai plus toutes les fenetres d'avast me disant que trop de mail ont voulu être envoyés en meme temps.

    J'espere que tous les problèmes ne vont pas revenir...

    Merci beaucoup.
    24 Avril 2008 20:37:42

    Voila le scan avec beaucoup de retard, désolé ! C'est le 2ème que j'ai fait et que je poste, Antivir m'a trouvé 12 détéctions au 1er scan le 15 avril que j'ai mis en quarantaine ou supprimé, aujourd'hui 24 avril Antivir me retrouve 12 détéctions... Simple coïncidence ? :( 

    Avira AntiVir Personal
    Report file date: jeudi 24 avril 2008 19:17

    Scanning for 1236042 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Administrateur
    Computer name: UTILISAT-1E2B5F

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 15/04/2008 19:51:31
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 15/04/2008 19:51:31
    LUKE.DLL : 8.1.2.9 151809 Bytes 15/04/2008 19:51:31
    LUKERES.DLL : 8.1.2.1 12033 Bytes 15/04/2008 19:51:31
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:51:31
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 11:59:41
    ANTIVIR3.VDF : 7.0.3.207 102912 Bytes 24/04/2008 12:00:09
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 15/04/2008 19:51:32
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 18/04/2008 17:56:40
    AESCN.DLL : 8.1.0.14 119156 Bytes 18/04/2008 17:56:36
    AERDL.DLL : 8.1.0.19 418164 Bytes 15/04/2008 19:51:32
    AEPACK.DLL : 8.1.1.2 364917 Bytes 18/04/2008 17:56:34
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 17:56:28
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 15/04/2008 19:51:32
    AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 17:56:26
    AEGEN.DLL : 8.1.0.17 299380 Bytes 18/04/2008 17:56:24
    AEEMU.DLL : 8.1.0.5 430450 Bytes 15/04/2008 19:51:32
    AECORE.DLL : 8.1.0.27 168310 Bytes 18/04/2008 17:56:19
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 15/04/2008 19:51:31
    AVPREF.DLL : 8.0.0.1 25857 Bytes 15/04/2008 19:51:31
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 15/04/2008 19:51:31
    AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 19:51:31
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 15/04/2008 19:51:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 19:51:31
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 15/04/2008 19:51:31
    NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 19:51:31
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 15/04/2008 19:51:28
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 15/04/2008 19:51:28

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 24 avril 2008 19:17

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    14 processes with 14 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\Documents and Settings\utilisateur\Local Settings\Temp\services.exe
    [WARNING] The file could not be opened!
    The registry was scanned ( '45' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\207aedb5b418cd74f1\legitcheckcontrol.dll
    [WARNING] The file could not be opened!
    C:\207aedb5b418cd74f1\spmsg.dll
    [WARNING] The file could not be opened!
    C:\207aedb5b418cd74f1\spuninst.exe
    [WARNING] The file could not be opened!
    C:\207aedb5b418cd74f1\wgalogon.dll
    [WARNING] The file could not be opened!
    C:\207aedb5b418cd74f1\wgatray.exe
    [WARNING] The file could not be opened!
    C:\Documents and Settings\utilisateur\aoluri.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.328262
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\cqaxya.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.328262
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\hbrbdx.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\zmjgij.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\Bureau\Upload_Me.zip
    [0] Archive type: ZIP
    --> DOCUME~1/UTILIS~1/Bureau/Upload_Me/qklxwxtc.exe
    [DETECTION] Is the Trojan horse TR/Dldr.JJPT
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\Bureau\MSNFix\24032008_21022565.zip
    [0] Archive type: ZIP
    --> backup/dodoao.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '4840c2bc.qua'!
    C:\Documents and Settings\utilisateur\Bureau\MSNFix\29022008_12151673.zip
    [0] Archive type: ZIP
    --> backup/dfxnkc.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/dqiilp.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/fozokx.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\utilisateur\Local Settings\Temp\services.exe
    [WARNING] The file could not be opened!
    C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\WWJQYDJ2\dummy[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dl_.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!


    End of the scan: jeudi 24 avril 2008 20:15
    Used time: 57:38 min

    The scan has been done completely.

    10617 Scanning directories
    490095 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    9 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    8 Files cannot be scanned
    490083 Files not concerned
    4148 Archives were scanned
    8 Warnings
    10 Notes

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS