Votre question

Virus- Rapport Hijackthis

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Février 2008 13:11:49

Salut,

Mon ordinateur est envahi par toute sorte de virus. Les problèmes sont vraiment nombreux et variés : impossible d'éteindre complètement l'ordinateur, fenêtres d'alerte de virus et trojan régulières, impossible d'accéder au poste de travail, impossible d'accéder au gestionnaire des tâches.....etc. J'ai passé un coup de Spybot et de ewido, mias comme je m'y attendais cela n'a pas suffit à régler les problèmes et j'ai toujours des alertes de trojans.

J'ai effectué un scan avec Hijackthis (je l'ai fait en mode sans échec car sinon ca ne marchait pas...): Voici le rapport quelques lignes dessous.

Voilà si quelqu'un peut me dire comment me débarasser de tout ca, merci d'avance.

Laurent

rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:24, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
H:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49} - C:\WINDOWS\tavcrwjo.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C9287202-FB35-48E7-8CAA-1DBA79BDAFE5} - C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202668445.dll (file missing)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [xcbwpilu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xcbwpilu.dll"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [EEF1F1F9F3FBF7F] F9FCFC05FE070.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3227] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1445] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2876] command /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8225] cmd /c del "C:\Documents and Settings\Famille\Local Settings\Temp\~DF49B0.tmp"
O4 - HKLM\..\Policies\Explorer\Run: [6T32B2J79N] C:\WINDOWS\sysst32.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: ibuntu - C:\WINDOWS\SYSTEM32\ibuntu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9546 bytes

Autres pages sur : virus rapport hijackthis

a b 8 Sécurité
17 Février 2008 13:38:02

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    17 Février 2008 14:14:00

    Voici le rapport:

    ComboFix 08-02-17.2 - Famille 2008-02-17 14:02:36.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.334 [GMT 1:00]
    Endroit: H:\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\d.exe
    C:\Documents and Settings\All Users\Application Data.\xcbwpilu.dll
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\Helper
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\absolute key logger.lnk
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\aconti.ini
    C:\WINDOWS\aconti.log
    C:\WINDOWS\aconti.sdb
    C:\WINDOWS\acontidialer.txt
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\default.htm
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\PerfInfo
    C:\WINDOWS\PerfInfo\dg0GhYUDQVwp.exe
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\acespy\__acelog.ndx
    C:\WINDOWS\system32\acespy\systune.exe
    C:\WINDOWS\system32\drivers\DXY76.sys
    C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\service.exe
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\tavcrwjo.dll
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe
    C:\WINDOWS\youtubex.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DXY76


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\WINDOWS\system32\acespy
    2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\p2pnetworks
    2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\e-zshopper
    2008-02-17 14:04 . 2008-02-17 14:08 <REP> d-------- C:\Program Files\amsys
    2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\akl
    2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\Accoona
    2008-02-17 14:04 . 2008-02-17 14:07 <REP> d-------- C:\Program Files\3721
    2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
    2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
    2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
    2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
    2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
    2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
    2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
    2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
    2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
    2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
    2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
    2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
    2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
    2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
    2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
    2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
    2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
    2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
    2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
    2008-02-10 19:46 . 2008-02-17 14:07 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
    2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
    2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
    2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
    2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
    2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
    2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
    2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
    2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
    2008-02-10 19:32 . 2008-02-17 11:43 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
    2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
    2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
    2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
    2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
    2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
    2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
    2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
    2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
    2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
    2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
    2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
    2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
    2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
    2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
    2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
    2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
    2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
    2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
    2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
    2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
    2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
    2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
    2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
    2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
    2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
    2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
    2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
    2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
    2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
    2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
    2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
    2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
    2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
    2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
    2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
    2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
    2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
    2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
    2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
    2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
    2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
    2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
    2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 11:27 5,120 ----a-w C:\WINDOWS\logon32.dll
    2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
    2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
    2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
    2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
    2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
    2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
    2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
    2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
    2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-01-03 11:34 --------- d-----w C:\Program Files\Google
    2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
    2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
    2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
    2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
    2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
    2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
    2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
    2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
    2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
    2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
    2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
    2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33a5d56-1dd1-11b2-a0e2-ab3b0eac6b49}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
    C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
    C:\Program Files\Helper\1202668445.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
    2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
    "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
    "a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
    "EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "6T32B2J79N"= C:\WINDOWS\sysst32.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
    ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
    --a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    --a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
    --a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    --a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
    --a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
    R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
    S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    *Newly Created Service* - SSFS0509
    *Newly Created Service* - SSHRMD
    *Newly Created Service* - SSIDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 14:09:48
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
    "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\ibuntu.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-17 14:11:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 13:11:06
    Contenus similaires
    17 Février 2008 17:57:43

    Quelle est la suite des opérations?
    a b 8 Sécurité
    17 Février 2008 18:04:43

    Re,

    Télécharge BTFix ([#ff0000]Bibi26[/#f]).
    Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    17 Février 2008 18:14:26

    Voilà le rapport:

    BTFix 1.078 (par bibi26) - 17/02/2008 18:12:28 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\Famille\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\Program Files\Accoona\
    - C:\Program Files\e-zshopper\

    ---> Nettoyage terminé

    Merci pour ton aide. J'attends la suite.
    a b 8 Sécurité
    17 Février 2008 18:23:21

    Euh...qui a dit de lancer la suppression ? ...
    Refais un scan Combofix...
    17 Février 2008 18:42:04

    Voici le rapport:

    J'attends la suite.Merci.

    ComboFix 08-02-17.2 - Famille 2008-02-17 18:37:29.2 - NTFSx86
    Endroit: H:\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\drivers\symavc32.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 12:26 . 2008-02-17 12:26 268 --ah----- C:\sqmdata06.sqm
    2008-02-17 12:26 . 2008-02-17 12:26 244 --ah----- C:\sqmnoopt06.sqm
    2008-02-17 12:21 . 2008-02-17 12:52 486 --a------ C:\WINDOWS\wininit.ini
    2008-02-17 11:45 . 2008-02-17 11:45 18,368 --a------ C:\WINDOWS\system32\service.sys
    2008-02-17 11:43 . 2008-02-17 11:43 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
    2008-02-17 11:42 . 2008-02-17 11:42 22,016 --a------ C:\Documents and Settings\Famille\zunprc.exe
    2008-02-17 11:10 . 2008-02-17 11:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-02-17 00:18 . 2008-02-17 00:18 268 --ah----- C:\sqmdata05.sqm
    2008-02-17 00:18 . 2008-02-17 00:18 244 --ah----- C:\sqmnoopt05.sqm
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Program Files\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Webroot
    2008-02-16 23:16 . 2008-02-16 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-02-16 23:16 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2008-02-16 23:16 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2008-02-16 23:16 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2008-02-16 23:16 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2008-02-16 23:10 . 2008-02-17 11:15 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-02-16 23:10 . 2008-02-16 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-02-16 23:09 . 2008-02-17 14:09 <REP> d-------- C:\Program Files\a-squared
    2008-02-16 23:08 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-16 23:08 . 2008-02-16 23:09 <REP> d-------- C:\Program Files\CCleaner
    2008-02-16 23:00 . 2008-02-16 23:00 268 --ah----- C:\sqmdata04.sqm
    2008-02-16 23:00 . 2008-02-16 23:00 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-16 18:10 . 2008-02-16 18:07 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-16 18:02 . 2008-02-17 11:43 151,552 --a------ C:\blhhjtpx.exe
    2008-02-16 18:02 . 2008-02-17 11:43 54,272 --a------ C:\urdeuvmj.exe
    2008-02-16 18:02 . 2008-02-16 18:02 22,016 --a------ C:\Documents and Settings\Famille\xgnfvi.exe
    2008-02-16 18:00 . 2008-02-17 11:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-16 18:00 . 2008-02-17 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-16 17:54 . 2008-02-16 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-16 17:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-16 17:52 . 2008-02-16 17:52 268 --ah----- C:\sqmdata03.sqm
    2008-02-16 17:52 . 2008-02-16 17:52 172 --ah----- C:\sqmnoopt03.sqm
    2008-02-16 17:23 . 2008-02-16 23:08 <REP> d-------- C:\Program Files\ewido anti-malware
    2008-02-10 20:10 . 2008-02-10 20:10 22,016 --a------ C:\Documents and Settings\Famille\goqezf.exe
    2008-02-10 20:10 . 2008-02-10 20:10 5,632 --a------ C:\Documents and Settings\Famille\arzxeb.exe
    2008-02-10 20:03 . 2008-02-10 20:03 5,632 --a------ C:\Documents and Settings\Famille\iavzps.exe
    2008-02-10 19:46 . 2008-02-17 18:37 37,074 --a------ C:\Documents and Settings\Famille\nmacjahb.exe
    2008-02-10 19:41 . 2008-02-10 19:40 8,704 --a------ C:\WINDOWS\sysst32.exe
    2008-02-10 19:40 . 2008-02-10 19:40 8,704 --a------ C:\Documents and Settings\Famille\arkfth.exe
    2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
    2008-02-10 19:39 . 2005-06-15 22:01 1,077,458 --a------ C:\WINDOWS\ahutyus.exe
    2008-02-10 19:39 . 2008-02-10 19:39 63,697 --a------ C:\Documents and Settings\Famille\riswhk.exe
    2008-02-10 19:38 . 2008-02-10 19:38 3,795,158 --a------ C:\WINDOWS\dg0GhYUDQV.exe
    2008-02-10 19:32 . 2008-02-10 19:32 <REP> d-------- C:\WINDOWS\afafnwgd
    2008-02-10 19:32 . 2008-02-10 19:32 180,224 --a------ C:\WINDOWS\fideharw.dll
    2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
    2008-02-10 19:32 . 2008-02-10 19:32 91,667 --a------ C:\WINDOWS\bmfgpqte.exe
    2008-02-10 19:32 . 2008-02-10 19:32 40,960 --a------ C:\WINDOWS\nmxipsju.exe
    2008-02-10 19:32 . 2008-02-10 19:32 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
    2008-02-10 19:32 . 2008-02-11 19:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
    2008-02-10 19:31 . 2008-02-10 19:31 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
    2008-02-10 19:31 . 2008-02-10 19:31 6,672 --a------ C:\WINDOWS\system32\ibuntu.dll
    2008-02-10 19:31 . 2008-02-10 19:31 5,632 --a------ C:\Documents and Settings\Famille\phoggq.exe
    2008-02-10 19:31 . 2008-02-17 12:55 2,528 --a------ C:\WINDOWS\system32\krnllds.sys
    2008-02-09 17:33 . 2008-02-09 17:33 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sports Interactive
    2008-02-09 17:06 . 2008-02-09 17:08 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-02-09 17:06 . 2008-02-09 17:06 <REP> d-------- C:\Program Files\Sports Interactive
    2008-02-09 17:05 . 2008-02-09 17:05 <REP> d--h----- C:\Documents and Settings\Famille\InstallAnywhere
    2008-01-29 21:02 . 2008-01-29 21:02 <REP> d-------- C:\Program Files\FLVPlayer
    2008-01-29 20:57 . 2008-01-29 20:58 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
    2008-01-29 20:48 . 2008-01-29 20:48 <REP> d-------- C:\Program Files\Eurekr.com
    2008-01-26 11:20 . 2008-02-16 09:58 <REP> d-------- C:\Program Files\Incomplete
    2008-01-24 15:03 . 2008-01-24 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ideas From the Deep
    2008-01-23 21:42 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\Application Data\pokerth
    2008-01-23 21:39 . 2008-01-23 21:40 <REP> d-------- C:\Program Files\PokerTH
    2008-01-23 21:38 . 2008-01-23 21:42 <REP> d-------- C:\Documents and Settings\Famille\.bitrock
    2008-01-23 13:29 . 2008-02-10 19:39 <REP> d--hs---- C:\WINDOWS\system32\dllcache
    2008-01-23 13:25 . 2008-01-23 13:25 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-23 13:17 . 2008-01-23 13:32 <REP> d-------- C:\SDFix
    2008-01-23 13:11 . 2008-01-23 13:11 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
    2008-01-23 13:11 . 2008-01-23 13:11 5,632 --a------ C:\Documents and Settings\Famille\cchxzd.exe
    2008-01-22 23:03 . 2008-01-22 23:03 9,296 --a------ C:\Documents and Settings\Famille\gvplup.exe
    2008-01-22 22:59 . 2008-01-22 22:59 9,296 --a------ C:\Documents and Settings\Famille\whzxmh.exe
    2008-01-22 22:55 . 2008-01-22 22:55 9,296 --a------ C:\Documents and Settings\Famille\lymakv.exe
    2008-01-22 22:51 . 2008-01-22 22:51 9,296 --a------ C:\Documents and Settings\Famille\qutnpm.exe
    2008-01-22 22:47 . 2008-01-22 22:47 9,296 --a------ C:\Documents and Settings\Famille\mloeyx.exe
    2008-01-22 22:43 . 2008-01-22 22:43 9,296 --a------ C:\Documents and Settings\Famille\fbjcaa.exe
    2008-01-22 22:38 . 2008-01-22 22:38 9,296 --a------ C:\Documents and Settings\Famille\qnjfkj.exe
    2008-01-22 22:34 . 2008-01-22 22:34 9,296 --a------ C:\Documents and Settings\Famille\kksryo.exe
    2008-01-22 22:30 . 2008-01-22 22:30 9,296 --a------ C:\Documents and Settings\Famille\iuoklf.exe
    2008-01-22 22:26 . 2008-01-22 22:26 9,296 --a------ C:\Documents and Settings\Famille\awtgtc.exe
    2008-01-22 22:22 . 2008-01-22 22:22 9,296 --a------ C:\Documents and Settings\Famille\yoaaos.exe
    2008-01-22 22:18 . 2008-01-22 22:18 9,296 --a------ C:\Documents and Settings\Famille\bbjwyq.exe
    2008-01-22 22:13 . 2008-01-22 22:13 9,296 --a------ C:\Documents and Settings\Famille\hrgavt.exe
    2008-01-22 22:09 . 2008-01-22 22:09 9,296 --a------ C:\Documents and Settings\Famille\qftemz.exe
    2008-01-22 22:05 . 2008-01-22 22:05 9,296 --a------ C:\Documents and Settings\Famille\pkvnxl.exe
    2008-01-22 22:01 . 2008-01-22 22:01 9,296 --a------ C:\Documents and Settings\Famille\mzrtho.exe
    2008-01-22 21:57 . 2008-01-22 21:57 9,296 --a------ C:\Documents and Settings\Famille\blnrkr.exe
    2008-01-22 21:53 . 2008-01-22 21:53 9,296 --a------ C:\Documents and Settings\Famille\kgedto.exe
    2008-01-22 21:48 . 2008-01-22 21:48 9,296 --a------ C:\Documents and Settings\Famille\wzkcya.exe
    2008-01-22 21:44 . 2008-01-22 21:44 9,296 --a------ C:\Documents and Settings\Famille\etxtvt.exe
    2008-01-22 21:40 . 2008-01-22 21:40 9,296 --a------ C:\Documents and Settings\Famille\bkssew.exe
    2008-01-22 21:36 . 2008-01-22 21:36 9,296 --a------ C:\Documents and Settings\Famille\xydvcv.exe
    2008-01-22 21:32 . 2008-01-22 21:32 9,296 --a------ C:\Documents and Settings\Famille\rwivoh.exe
    2008-01-22 21:28 . 2008-01-22 21:28 9,296 --a------ C:\Documents and Settings\Famille\bkxesn.exe
    2008-01-22 21:23 . 2008-01-22 21:23 9,296 --a------ C:\Documents and Settings\Famille\ofgzjt.exe
    2008-01-22 21:19 . 2008-01-22 21:19 9,296 --a------ C:\Documents and Settings\Famille\uporls.exe
    2008-01-22 21:15 . 2008-01-22 21:15 9,296 --a------ C:\Documents and Settings\Famille\ontswm.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 14:14 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
    2008-02-10 19:17 --------- d-----w C:\Program Files\ICQToolbar
    2008-02-01 09:05 --------- d-----w C:\Documents and Settings\Famille\Application Data\Canon
    2008-01-27 07:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\BSplayer
    2008-01-26 10:26 --------- d-----w C:\Program Files\EA SPORTS
    2008-01-22 21:54 --------- d-----w C:\Documents and Settings\Famille\Application Data\AdobeUM
    2008-01-22 16:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-14 14:48 --------- d-----w C:\Program Files\ICQ6
    2008-01-13 07:47 --------- d-----w C:\Program Files\YoutubeGet
    2008-01-04 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-04 17:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-04 17:06 --------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-01-03 11:34 --------- d-----w C:\Program Files\Google
    2007-12-30 10:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
    2007-12-30 10:25 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-12-30 10:25 --------- d-----w C:\Program Files\Fighter Squadron
    2007-12-30 10:25 --------- d-----w C:\Program Files\EA GAMES
    2007-12-30 10:17 --------- d-----w C:\Documents and Settings\Famille\Application Data\Atari
    2007-12-28 08:57 --------- d-----w C:\Documents and Settings\Famille\Application Data\Apple Computer
    2007-12-28 00:30 --------- d-----w C:\Program Files\QuickTime
    2007-12-28 00:30 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-28 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-25 13:35 --------- d-----w C:\Program Files\USB Disk Win98 Driver
    2007-12-25 11:48 --------- d-----w C:\Program Files\MTVVideoConverter_V1.11.4
    2007-12-24 15:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-24 15:29 --------- d-----w C:\Documents and Settings\Famille\Application Data\Ahead
    2007-12-24 15:28 --------- d-----w C:\Program Files\Nero
    2007-12-23 14:22 --------- d-----w C:\Program Files\Shareaza
    2007-12-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-12-23 09:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-12-20 17:25 --------- d-----w C:\Documents and Settings\Famille\Application Data\dvdcss
    2007-12-15 14:11 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-28 16:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9287202-FB35-48E7-8CAA-1DBA79BDAFE5}]
    C:\Program Files\ComPlus Applications\hokewoC:\DOCUME~1\Famille\LOCALS~1\Temp\mst455101.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
    C:\Program Files\Helper\1202668445.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
    2008-02-17 11:43 26112 --a------ C:\WINDOWS\system32\marwin32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-07 10:42 5674352]
    "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
    "a-squared"="C:\Program Files\a-squared\a2guard.exe" [2005-10-20 14:42 1144320]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 16:36 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-16 23:10 1348608]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:52 3871744]
    "EEF1F1F9F3FBF7F"="F9FCFC05FE070.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "LSD_III"="C:\WINDOWS\LSD\end.cmd" [2005-07-14 16:39 2310]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "6T32B2J79N"= C:\WINDOWS\sysst32.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
    ibuntu.dll 2008-02-10 19:31 6672 C:\WINDOWS\system32\ibuntu.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
    --a------ 2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-11-06 10:25 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    --a------ 2005-12-07 09:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
    --a------ 2004-11-01 16:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    --a------ 2005-12-07 09:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2005-12-09 14:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE Backup]
    --a------ 2006-08-20 17:10 2023424 C:\Program Files\Bodrag\Outlook Express Backup Expert\OEBackup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12]
    R1 krnllds;Kernel CryptoModule;C:\WINDOWS\system32\krnllds.sys [2008-02-17 12:55]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-02-16 23:10]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37]
    S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a949797-c73d-11dc-ba72-0030bdbb5726}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    *Newly Created Service* - SSFS0509
    *Newly Created Service* - SSHRMD
    *Newly Created Service* - SSIDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-28 00:30:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 18:39:16
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
    "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\ibuntu.dll
    .
    Temps d'accomplissement: 2008-02-17 18:39:51
    ComboFix-quarantined-files.txt 2008-02-17 17:39:42
    ComboFix2.txt 2008-02-17 13:11:12
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS