Se connecter / S'enregistrer
Votre question

virus dur dur à nettoyer!!!!!!!

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Novembre 2006 19:11:07

salut tout le monde
voila j'ai chopé des spy et virus que je n'arrive pas à detroner
voila mes defenses : bitdefender internet security 9, adaware pro se,spybot, ewido, killbox, ccleaner, hijack, smitfraudfix
tous ces utilitaires n'arrivent pas à desinfecter ces trojans meme en mode sans echec

voici mon rapport hijack et mon log bitdefender :

Logfile of HijackThis v1.99.1
Scan saved at 19:07:49, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ismini.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe
C:\Documents and Settings\pop\Bureau\securite\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpah.dll,startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

rapport bitdefender



//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Created on: 27/11/2006 15:08:49
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
J:\
Folders : 6470
Files : 678550
Archives : 3760
Packed files : 70740
Identified viruses : 3
Infected files : 18
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 2
Renamed files : 0
I/O errors : 40
Scan time : 02:15:06
Scan speed (files/sec) : 83

Virus definitions : 345825
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1164636529.log


Summary:

C:\Documents and Settings\pop\Local Settings\Temp\mst68.tmp Infected: Trojan.Klone.H
C:\Documents and Settings\pop\Local Settings\Temp\mst68.tmp Disinfection failed
C:\Documents and Settings\pop\Local Settings\Temp\mst68.tmp Moved
C:\Documents and Settings\pop\Local Settings\Temp\Temporary Internet Files\Content.IE5\HWC4VRRS\srvedr[1].exe Detected: Dialer.Zicapli.A
C:\Documents and Settings\pop\Local Settings\Temp\win6C.tmp.exe Detected: Adware.Softomate.W
C:\Documents and Settings\pop\Local Settings\Temporary Internet Files\Content.IE5\584Q9Y83\srvtll[1].exe Detected: Dialer.Zicapli.A
C:\Documents and Settings\pop\Local Settings\Temporary Internet Files\Content.IE5\UUBD1PC3\srvhlx[1].exe Detected: Dialer.Zicapli.A
C:\Documents and Settings\pop\Local Settings\Temporary Internet Files\Content.IE5\ZQB64GKX\srvorf[1].exe Detected: Dialer.Zicapli.A
C:\WINDOWS\system32\winwea32.dll Infected: Trojan.Klone.H
C:\WINDOWS\system32\winwea32.dll Disinfection failed
C:\WINDOWS\system32\winwea32.dll Moved
C:\WINDOWS\Temp\idd375.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd377.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd37A.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd38C.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd38D.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd38F.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd3A6.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\idd3BB.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\win374.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\win376.tmp.exe Detected: Dialer.Zicapli.A
C:\WINDOWS\Temp\win379.tmp.exe Detected: Dialer.Zicapli.A


merci pour votre aide à bientot!!!!!

Autres pages sur : virus dur dur nettoyer

a b 8 Sécurité
27 Novembre 2006 19:13:25

Bonsoir,

Infection Vundo je pense.

-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.

- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

AIDE : Tuto sur Hijackthis (Malekal)
28 Novembre 2006 01:56:46

voila mon nouveau log, merci pour tout!!


Logfile of HijackThis v1.99.1
Scan saved at 01:55:59, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\pop\Bureau\progs\utorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pop\Bureau\securite\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
O2 - BHO: (no name) - {2A193DF5-C8F5-4864-BCF5-8B04923972C7} - C:\WINDOWS\system32\pmkjk.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

Contenus similaires
28 Novembre 2006 10:23:49

Bonjour,

Effectivement c'est une infection Vundo (bien vu Angeldark :) )

1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    2/ Télécharge combofix.exe (par sUBs) sur ton Bureau

    http://download.bleepingcomputer.com/sUBs/combofix.exe

    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    3/ Reposte un nouveau rapport HijackThis (heu.. scanner)
    28 Novembre 2006 15:43:03

    bonjour voila mon log vundo



    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 12:35:46 28/11/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\pmkjk.dll
    C:\WINDOWS\system32\kjkmp.ini
    C:\WINDOWS\system32\kjkmp.bak1
    C:\WINDOWS\system32\kjkmp.bak2
    C:\WINDOWS\system32\kjkmp.ini2
    C:\WINDOWS\system32\kjkmp.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmkjk.dll
    C:\WINDOWS\system32\pmkjk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjkmp.ini
    C:\WINDOWS\system32\kjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjkmp.bak1
    C:\WINDOWS\system32\kjkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjkmp.bak2
    C:\WINDOWS\system32\kjkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjkmp.ini2
    C:\WINDOWS\system32\kjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjkmp.tmp
    C:\WINDOWS\system32\kjkmp.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    voila mon log combo

    pop - 06-11-28 15:22:30,62 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\pop\Bureau"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\components
    C:\Program Files\Fichiers communs\{387A48F7-0728-1036-1208-040510120021}


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


    2006-11-28 13:04 <REP> dr-h----- C:\Documents and Settings\pop\Recent
    2006-11-28 13:03 <REP> d-------- C:\Documents and Settings\pop\Application Data\Prevx
    2006-11-28 13:02 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
    2006-11-28 13:02 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
    2006-11-28 13:02 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
    2006-11-28 13:02 272,256 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
    2006-11-28 13:02 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
    2006-11-28 13:02 13,568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
    2006-11-28 13:02 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
    2006-11-28 13:02 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
    2006-11-28 13:01 <REP> d-------- C:\Program Files\Prevx1
    2006-11-28 13:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2006-11-28 12:35 <REP> d-------- C:\VundoFix Backups
    2006-11-28 12:30 42,516 --a------ C:\WINDOWS\system32\xpdpqbxg.dll
    2006-11-28 04:15 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-11-28 04:07 <REP> d-------- C:\WINDOWS\WBEM
    2006-11-28 04:07 <REP> d-------- C:\WINDOWS\system32\en-US
    2006-11-28 04:05 <REP> d--h-c--- C:\WINDOWS\ie7
    2006-11-28 04:04 61,440 --------- C:\WINDOWS\system32\icardie.dll
    2006-11-28 04:04 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-28 04:04 5,906,432 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-28 04:04 457,728 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-28 04:04 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-11-28 04:04 262,656 --------- C:\WINDOWS\system32\iertutil.dll
    2006-11-28 04:04 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-11-28 04:04 175,616 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-28 04:04 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-11-28 04:04 11,776 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-28 02:04 42,516 --a------ C:\WINDOWS\system32\lgojhxor.dll
    2006-11-28 01:33 <REP> d-------- C:\ATI
    2006-11-27 23:52 42,516 --a------ C:\WINDOWS\system32\rvyhlcli.dll
    2006-11-27 23:35 42,516 --a------ C:\WINDOWS\system32\hsaeygfb.dll
    2006-11-27 20:42 <REP> d-------- C:\Documents and Settings\pop\Application Data\SearchToolbarCorp
    2006-11-27 20:41 88,340 --a------ C:\WINDOWS\system32\rmeneveo.exe
    2006-11-27 20:41 <REP> d-------- C:\Program Files\VSAdd-in
    2006-11-27 20:33 61,072 --a------ C:\WINDOWS\system32\drivers\klick.sys
    2006-11-27 20:33 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys
    2006-11-27 20:32 <REP> d-------- C:\Program Files\Kaspersky Lab
    2006-11-27 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2006-11-27 20:25 <REP> d--hs---- C:\Config.Msi
    2006-11-27 19:31 <REP> d-------- C:\Documents and Settings\pop\Application Data\InstallShield
    2006-11-27 18:49 <REP> d-------- C:\!KillBox
    2006-11-27 17:13 71,168 --a------ C:\WINDOWS\system32\drvpah.dll
    2006-11-27 17:11 40,973 ---hs---- C:\WINDOWS\system32\khfdcde.dll
    2006-11-26 20:51 71,168 --a------ C:\WINDOWS\system32\drvgit.dll
    2006-11-26 20:26 <REP> d-------- C:\Documents and Settings\pop\Application Data\FileMaker
    2006-11-26 18:12 <REP> d-------- C:\Documents and Settings\pop\Application Data\BitDefender
    2006-11-26 18:07 <REP> d-------- C:\Program Files\Softwin
    2006-11-24 01:15 <REP> d-------- C:\Program Files\THQ
    2006-11-24 01:11 <REP> d-------- C:\Documents and Settings\pop\Application Data\dvdcss
    2006-11-23 19:35 <REP> d-------- C:\Program Files\SpywareBlaster
    2006-11-18 20:10 <REP> d-------- C:\Program Files\SEGA
    2006-11-18 18:43 <REP> d-------- C:\Program Files\QuickTime
    2006-11-17 12:55 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2006-11-17 12:54 <REP> d-------- C:\Program Files\TuneUp Utilities 2006
    2006-11-17 12:54 <REP> d-------- C:\Documents and Settings\pop\Application Data\TuneUp Software
    2006-11-17 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2006-11-17 12:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2006-11-17 12:51 <REP> d-------- C:\Program Files\MozBackup
    2006-11-15 16:45 <REP> d-------- C:\Program Files\Folder Security
    2006-11-15 15:44 18,273 --a------ C:\WINDOWS\system32\drivers\klop.sys
    2006-11-13 00:37 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-11-12 23:27 1,854 --a------ C:\WINDOWS\system32\tmp.reg
    2006-11-10 20:08 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
    2006-11-10 20:08 <REP> d-------- C:\Program Files\Kit ADSL
    2006-11-10 19:35 737,280 --a------ C:\WINDOWS\iun6002.exe
    2006-11-10 19:35 <REP> d-------- C:\Program Files\Comm'9
    2006-11-09 19:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\POP3Profiles
    2006-11-09 17:19 <REP> d-------- C:\Program Files\Valve
    2006-11-08 20:59 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
    2006-11-05 23:47 <REP> d-------- C:\Documents and Settings\pop\Application Data\atitray
    2006-11-05 23:40 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2006-11-03 17:56 <REP> d-------- C:\WINDOWS\Prefetch
    2006-11-03 17:48 9,728 --------- C:\WINDOWS\system32\rwnh.dll
    2006-11-03 17:48 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
    2006-11-03 17:48 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
    2006-11-03 17:48 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
    2006-11-03 17:47 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
    2006-11-03 17:47 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
    2006-11-03 17:47 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
    2006-11-03 17:47 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
    2006-11-03 17:47 73,796 --------- C:\WINDOWS\system32\slserv.exe
    2006-11-03 17:47 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
    2006-11-03 17:47 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2006-11-03 17:47 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
    2006-11-03 17:47 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
    2006-11-03 17:47 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
    2006-11-03 17:47 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
    2006-11-03 17:47 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
    2006-11-03 17:47 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
    2006-11-03 17:47 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
    2006-11-03 17:47 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
    2006-11-03 17:47 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
    2006-11-03 17:47 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
    2006-11-03 17:47 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
    2006-11-03 17:47 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
    2006-11-03 17:47 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
    2006-11-03 17:47 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
    2006-11-03 17:47 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
    2006-11-03 17:47 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
    2006-11-03 17:47 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
    2006-11-03 17:47 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
    2006-11-03 17:47 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
    2006-11-03 17:47 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
    2006-11-03 17:47 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
    2006-11-03 17:47 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
    2006-11-03 17:47 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
    2006-11-03 17:47 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
    2006-11-03 17:47 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
    2006-11-03 17:47 32,866 --------- C:\WINDOWS\system32\slrundll.exe
    2006-11-03 17:47 32,866 --------- C:\WINDOWS\slrundll.exe
    2006-11-03 17:47 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
    2006-11-03 17:47 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
    2006-11-03 17:47 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
    2006-11-03 17:47 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
    2006-11-03 17:47 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
    2006-11-03 17:47 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
    2006-11-03 17:47 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
    2006-11-03 17:47 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
    2006-11-03 17:47 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
    2006-11-03 17:47 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
    2006-11-03 17:47 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
    2006-11-03 17:47 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
    2006-11-03 17:47 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
    2006-11-03 17:47 286,792 --------- C:\WINDOWS\system32\slextspk.dll
    2006-11-03 17:47 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
    2006-11-03 17:47 274,944 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2006-11-03 17:47 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
    2006-11-03 17:47 25,856 --------- C:\WINDOWS\system32\drivers\hidbth.sys
    2006-11-03 17:47 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
    2006-11-03 17:47 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
    2006-11-03 17:47 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2006-11-03 17:47 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
    2006-11-03 17:47 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
    2006-11-03 17:47 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
    2006-11-03 17:47 188,508 --------- C:\WINDOWS\system32\slgen.dll
    2006-11-03 17:47 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
    2006-11-03 17:47 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
    2006-11-03 17:47 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
    2006-11-03 17:47 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
    2006-11-03 17:47 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
    2006-11-03 17:47 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
    2006-11-03 17:47 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
    2006-11-03 17:47 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
    2006-11-03 17:47 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
    2006-11-03 17:47 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
    2006-11-03 17:47 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
    2006-11-03 17:47 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
    2006-11-03 17:47 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
    2006-11-03 17:47 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
    2006-11-03 17:47 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
    2006-11-03 17:47 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
    2006-11-03 17:47 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
    2006-11-03 17:47 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
    2006-11-03 17:47 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
    2006-11-03 17:47 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
    2006-11-03 17:47 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
    2006-11-03 17:47 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
    2006-11-03 17:47 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
    2006-11-03 17:47 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
    2006-11-03 17:47 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
    2006-11-03 17:47 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
    2006-11-03 17:47 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
    2006-11-03 17:47 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
    2006-11-03 17:47 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
    2006-11-03 17:47 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
    2006-11-03 17:47 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
    2006-11-03 17:47 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
    2006-11-03 17:47 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2006-11-03 17:39 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2006-11-03 01:51 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-11-03 01:43 3,712 --a------ C:\WINDOWS\system32\socketlock.sys
    2006-11-02 20:17 <REP> d-------- C:\Program Files\Lavasoft RegHance
    2006-11-02 20:14 <REP> d-------- C:\Program Files\Lavasoft
    2006-11-02 19:55 <REP> d-------- C:\Documents and Settings\pop\Application Data\DMCache
    2006-11-02 00:38 <REP> d-------- C:\Program Files\Buka
    2006-11-01 17:42 94,314 --a------ C:\WINDOWS\system32\klogon.dll
    2006-10-30 02:42 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
    2006-10-30 01:12 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
    2006-10-29 03:01 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
    2006-10-29 03:01 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
    2006-10-28 17:54 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
    2006-10-28 15:57 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2006-10-28 15:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-28 15:27 -------- d-a------ C:\Program Files\Fichiers communs
    2006-11-28 15:15 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-28 12:27 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-28 12:26 -------- d-------- C:\Documents and Settings\pop\Application Data\uTorrent
    2006-11-27 20:26 -------- d-------- C:\Program Files\Fichiers communs\Softwin
    2006-11-27 19:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-27 19:29 -------- d---s---- C:\Documents and Settings\pop\Application Data\Microsoft
    2006-11-26 21:06 920 --a------ C:\Program Files\INSTALL.LOG
    2006-11-19 17:34 -------- d-------- C:\Documents and Settings\pop\Application Data\Skype
    2006-11-19 17:31 -------- d-------- C:\Documents and Settings\pop\Application Data\Adobe
    2006-11-12 00:15 -------- d-------- C:\Program Files\Radeon Omega Drivers
    2006-11-12 00:09 -------- d-------- C:\Program Files\CCleaner
    2006-11-09 19:37 -------- d-------- C:\Program Files\Ubisoft
    2006-11-03 20:56 -------- d-------- C:\Program Files\Soulseek
    2006-11-03 17:48 -------- d-------- C:\Program Files\Messenger
    2006-11-03 17:47 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-03 17:47 -------- d-------- C:\Program Files\Movie Maker
    2006-11-03 17:38 -------- d-------- C:\Program Files\Windows NT
    2006-11-03 17:38 -------- d-------- C:\Program Files\Outlook Express
    2006-11-03 17:38 -------- d-------- C:\Program Files\NetMeeting
    2006-11-03 17:38 -------- d-------- C:\Program Files\Fichiers communs\System
    2006-11-03 15:02 -------- d-------- C:\Program Files\Windows Live Safety Center
    2006-11-02 20:14 -------- d-------- C:\Documents and Settings\pop\Application Data\Lavasoft
    2006-10-30 02:57 -------- d-------- C:\Program Files\MultiRes
    2006-10-30 02:56 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.231 Uninstall.exe
    2006-10-30 00:01 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-23 23:40 -------- d-------- C:\Program Files\EA SPORTS
    2006-10-18 02:13 -------- d-------- C:\Program Files\Firefly Studios
    2006-10-18 01:10 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
    2006-10-18 01:01 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
    2006-10-18 00:44 -------- d-------- C:\Program Files\DAEMON Tools
    2006-10-18 00:17 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-10-17 23:50 -------- d-------- C:\Program Files\Buena Vista Games
    2006-10-15 01:40 -------- d-------- C:\Program Files\NEO-GEO + 100 JEUXNEO-GEO + 100 JEUX
    2006-10-13 13:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-10-13 13:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
    2006-10-06 00:16 -------- d-------- C:\Program Files\Activision
    2006-09-28 14:36 104448 --a------ C:\WINDOWS\system32\drivers\kl1.sys
    2006-09-27 02:52 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
    2006-09-27 02:50 260608 --a------ C:\WINDOWS\system32\ati2dvag.dll
    2006-09-27 02:43 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
    2006-09-27 02:43 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
    2006-09-27 02:43 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
    2006-09-27 02:43 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
    2006-09-27 02:43 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2006-09-27 02:41 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
    2006-09-27 02:41 425984 --a------ C:\WINDOWS\system32\ati2evxx.exe
    2006-09-27 02:34 2415648 --a------ C:\WINDOWS\system32\ati3duag.dll
    2006-09-27 02:29 1086144 --a------ C:\WINDOWS\system32\ativvaxx.dll
    2006-09-27 02:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
    2006-09-27 02:21 5144576 --a------ C:\WINDOWS\system32\atioglxx.dll
    2006-09-27 02:18 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
    2006-09-27 02:16 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
    2006-09-27 02:15 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
    2006-09-27 02:10 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
    2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    @=""
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
    "{3CAE0B22-FFB7-417E-8CFF-4465CF632F70}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "ClearRecentDocsOnExit"=hex:01,00,00,00
    "NoRecentDocsMenu"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Comm'9.lnk.disabled]
    "location"="Common Startup"
    "item"="Comm'9.lnk"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pop^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    "location"="Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TrayIcon"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ad-Watch"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Babylon"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccleaner"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RunDll32 cmicnfg"
    "hkey"="HKLM"
    "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033 -noicon"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ngserver"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="OpwareSE2"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="feedback"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TeaTimer"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="swdoctor"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "StarWindService"=dword:00000002
    "NGServer"=dword:00000002
    "ngdbserv"=dword:00000003
    "LicCtrlService"=dword:00000002
    "ewido anti-spyware 4.0 guard"=dword:00000002
    "ose"=dword:00000003
    "MDM"=dword:00000002
    "IDriverT"=dword:00000003
    "ATI Smart"=dword:00000002
    "Ati HotKey Poller"=dword:00000002
    "LmHosts"=dword:00000002

    merci à vous
    28 Novembre 2006 15:45:01

    Reposte un nouveau rapport HijackThis
    28 Novembre 2006 19:45:59

    voila mon dernier rapport hijack

    Logfile of HijackThis v1.99.1
    Scan saved at 19:44:47, on 28/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\pop\Bureau\securite\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\xpdpqbxg.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: (no name) - {EDEB46FF-C640-4682-8517-F5FB01D56E97} - C:\WINDOWS\system32\pmkjk.dll (file missing)
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

    merci de votre perseverance
    a b 8 Sécurité
    28 Novembre 2006 19:49:26

    Re,

  • Double-clique VundoFix.exe afin de le lancer
  • NE clique PAS sur le bouton Scan for Vundo
  • Clique Droit dans la fenêtre blanche, choisis Add more files ?
  • Rajoute dans la première ligne :
    C:\WINDOWS\system32\xpdpqbxg.dll
  • Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo
  • Si l'outil te demande de redémarrer, accepte.
  • Copie/Colle ensuite le rapport C:\vundofix.txt

    13 Janvier 2007 20:23:49

    bonsoir à tous,

    Voilà je suis victime de winantivirus.Je ne comprends pas comme cela peut se transmettre.

    Mon ordinateur est devenu très LENT et j'ai plein de fenetres qui se mettent dans tous les sens.
    Je ne peux plus me servir de mon ordinateur.

    J'ai fait comme indiquée un petit checkup : adaware, spybot, avast...mais rien ne marche.
    j'ai effectué également un scan avec Vundofix mais il ne trouve rien... Pouvez vous m'aider ?

    Mille merci
    Amélie
    13 Janvier 2007 20:33:52

    Voici le SCAN de combo Fix:



    "utilisateur" - 07-01-13 20:26:01 Service Pack 2
    ComboFix 07-01-14 - Running from: "C:\Documents and Settings\utilisateur\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


    2007-01-13 20:16 <REP> d-------- C:\VundoFix Backups
    2007-01-13 13:09 <REP> d-------- C:\Program Files\Lavasoft
    2007-01-13 12:24 <REP> d-------- C:\DOCUME~1\UTILIS~1\Application Data\WinAntiSpyware 2006
    2007-01-13 12:22 <REP> d-------- C:\Program Files\WinAntiSpyware 2006 Free
    2007-01-13 12:19 92,880 --a------ C:\DOCUME~1\UTILIS~1\Application Data\winantispyware2006freeinstall_fr[1].exe
    2007-01-11 18:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-11 18:05 <REP> d--hs---- C:\FOUND.021
    2007-01-10 14:43 <REP> d-------- C:\DOCUME~1\UTILIS~1\Application Data\MessengerSkinner
    2007-01-10 13:37 <REP> d-------- C:\WINDOWS\ie7updates
    2007-01-10 06:56 <REP> d--hs---- C:\FOUND.020
    2007-01-07 14:22 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-01-07 09:25 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-01-07 09:25 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-01-07 09:25 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-01-07 09:25 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-01-07 09:25 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-01-07 09:25 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-01-07 09:25 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-12-22 07:55 <REP> d--hs---- C:\FOUND.019


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-07 22:02 -------- d-------- C:\DOCUME~1\UTILIS~1\Application Data\bull
    2006-12-07 20:18 -------- d-------- C:\DOCUME~1\UTILIS~1\Application Data\3m
    2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-11-02 11:14 48824 --a------ C:\WINDOWS\system32\s32evnt1.dll
    2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
    2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MediaDICO9Ut"="C:\\Program Files\\Micro Application\\9 Dictionnaires Utiles\\LanceMediaDICO9Ut.exe Lancement"
    "Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CamTray.exe\""
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "messengerskinner"="C:\\Documents and Settings\\utilisateur\\Mes documents\\MessengerSkinner\\MessengerSkinner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMan"="SOUNDMAN.EXE"
    "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
    "ATIModeChange"="Ati2mdxx.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Hcontrol"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
    "Device Detector"="DevDetect.exe -autorun"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "NI.UWAS6V_0001_N91M2208"="\"C:\\documents and settings\\utilisateur\\application data\\winantispyware2006freeinstall_fr[1].exe\" -nag "
    "NI.UWAS6V_0001_N91M2208"="\"C:\\documents and settings\\utilisateur\\application data\\winantispyware2006freeinstall_fr[1].exe\" -nag "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa17c1a0-5ea0-11db-b391-000ea6cfc7a2}]
    Shell\AutoRun\command H:\euromed.exe

    Completion time: 07-01-13 20:31:12
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS