infecter par plusieurs virus et trojans(ex:vundo ela). - Sécurité, virus et assimilés::Trojan et spywares

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

Darck

Posté le 09/05/2008 19:49:08

Bonjours,
Je suis infecte par de nbrx trojans et virus.
J ai des message d alerte et page qui s affiche toutes seul et des demandes de travait hors connection qui s affiche aussi.
Mon pc est tres lent depuis l infection.
Pouvez vous m aider svp,je suis novice en la matiere!
Merci d avance.

Elfen Lied

Posté le 09/05/2008 19:50:39

B'soir,

Télécharge Deckard's System Scanner (ou DSS) sur le bureau.

~~ Ferme toutes les applications en cours antivirus y compris ~~

* Double-clique sur DSS pour lancer le soft
* S'il ne trouve pas HijackThis, clique sur Oui
* Clique sur OK à chaque fois que cela sera demandé
* L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta prochaine réponse
* Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt

@tte

Darck

Posté le 09/05/2008 20:55:24

voici le rappoert:
Deckard's System Scanner v20071014.68
Run by wil on 2008-05-09 20:50:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-05-09 18:50:30 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as wil.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:12, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\aswUpdSv.exe
D:\Program Files\ashServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\ashDisp.exe
C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
D:\Program Files\ashMaiSv.exe
D:\Program Files\ashWebSv.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wil.WIL-C12E8FF035D\Local Settings\Temporary Internet Files\Content.IE5\2JJZY99C\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\wil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\efcCrSiJ.dll (file missing)
O2 - BHO: {f9e743ed-db39-4f3b-85f4-b5cc0a49b075} - {570b94a0-cc5b-4f58-b3f4-93bdde347e9f} - C:\WINDOWS\system32\affmbxnt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {8EA35637-BC22-405B-9409-E6BC7153ACFF} - C:\WINDOWS\system32\tuvWqPgf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ashDisp.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe
O4 - HKLM\..\Run: [BMa3e7656b] Rundll32.exe "C:\WINDOWS\system32\rqreawgv.dll",s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BFB363-11AD-42DE-9D31-26BA57D80231}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: efcCrSiJ - efcCrSiJ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5537 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur PCI de communications simplifiées
Device ID: PCI\VEN_14F1&DEV_2F01&SUBSYS_900616EF&REV_01\3&61AAA01&0&58
Manufacturer:
Name: Contrôleur PCI de communications simplifiées
PNP Device ID: PCI\VEN_14F1&DEV_2F01&SUBSYS_900616EF&REV_01\3&61AAA01&0&58
Service:

-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 20:50:58 0 d-------- C:\Program Files\Trend Micro
2008-05-09 19:39:23 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-09 19:28:00 0 d-------- C:\WINDOWS\LastGood
2008-05-09 19:08:56 0 dr-h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Recent
2008-05-09 18:03:00 2112 --a------ C:\WINDOWS\system32\ktxigxlg.exe
2008-05-09 18:02:29 93248 --a------ C:\WINDOWS\system32\mpgxuyur.dll
2008-05-09 17:57:04 102976 --a------ C:\WINDOWS\system32\affmbxnt.dll
2008-05-09 17:56:57 98368 --a------ C:\WINDOWS\system32\rqreawgv.dll
2008-05-09 16:26:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-09 14:50:20 0 d-------- C:\Program Files\Panda Security
2008-05-09 13:38:24 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Macromedia
2008-05-09 13:38:22 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Adobe
2008-05-08 22:21:57 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 21:42:53 202160 --ahs---- C:\WINDOWS\system32\fgPqWvut.ini2
2008-05-08 21:42:47 274944 --a------ C:\WINDOWS\system32\tuvWqPgf.dll
2008-05-08 21:41:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-05-08 13:49:32 0 d-------- C:\Program Files\dbar
2008-05-07 22:19:22 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-07 22:19:16 200779 --a------ C:\WINDOWS\system32\ncntlkdm.exe
2008-05-07 22:19:12 401968 --a------ C:\WINDOWS\system32\g94.exe
2008-05-07 22:19:10 86016 ---hs---- C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe
2008-05-07 22:19:07 0 d-------- C:\Program Files\winvi
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\sX1
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\ob3
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\mBL
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\20467
2008-05-07 22:19:00 0 d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 22:13:05 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\LimeWire
2008-05-07 21:34:27 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\vlc
2008-05-07 21:24:32 0 d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\UserData
2008-05-07 20:50:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-05-07 20:45:47 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-07 20:45:47 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-07 20:45:47 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-05-07 20:45:47 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-05-07 20:45:47 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-05-07 20:45:47 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-05-07 20:45:45 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-07 20:44:10 17505 -----n--- C:\WINDOWS\hpomdl07.dat
2008-05-07 20:44:10 102877 --a------ C:\WINDOWS\hpoins05.dat
2008-05-07 20:41:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-07 20:37:36 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Nero
2008-05-07 20:35:30 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-05-07 20:35:29 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:29 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:29 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-07 20:33:22 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Google
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-05-07 20:09:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-05-07 20:09:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-05-07 20:09:03 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-05-07 20:08:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-05-07 20:08:43 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-05-07 20:08:42 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-05-07 20:08:42 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\Provisioning
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\PeerNet
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\ehome
2008-05-07 18:45:08 32768 --a------ C:\WINDOWS\system32\WooDial2000.dll <Not Verified; France Télécom R&D; Kit de Connexion et de Services>
2008-05-07 18:43:52 0 --a------ C:\WINDOWS\system32\rnaph.dll
2008-05-07 18:39:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-07 18:37:42 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\WinRAR
2008-05-07 18:33:17 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Identities
2008-05-07 18:33:08 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Favoris
2008-05-07 18:33:08 0 d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\Cookies
2008-05-07 18:33:08 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau
2008-05-07 18:33:08 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage réseau
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage d'impression
2008-05-07 18:33:07 0 dr-h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\SendTo
2008-05-07 18:33:07 2359296 --ah----- C:\Documents and Settings\wil.WIL-C12E8FF035D\NTUSER.DAT
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Modèles
2008-05-07 18:33:07 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Mes documents
2008-05-07 18:33:07 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Menu Démarrer
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Local Settings
2008-05-07 18:29:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 18:29:48 262144 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.009\NTUSER.DAT
2008-05-07 18:29:48 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.009\Local Settings
2008-05-07 18:29:48 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.009\Cookies
2008-05-07 18:29:48 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.009\Application Data
2008-05-07 18:29:48 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.009\Application Data\Microsoft
2008-05-07 18:29:36 229376 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\NTUSER.DAT
2008-05-07 18:29:36 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Local Settings
2008-05-07 18:29:36 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Cookies
2008-05-07 18:29:36 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Application Data
2008-05-07 18:29:36 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Application Data\Microsoft
2008-05-07 18:25:02 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-05-07 18:23:19 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-07 18:20:59 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-07 16:23:59 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-29 20:12:14 0 d-------- C:\Documents and Settings\wil\Application Data\Nero
2008-04-28 12:24:44 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-04-26 14:59:31 0 dr-h----- C:\Documents and Settings\wil\Recent
2008-04-17 21:29:45 0 d-------- C:\Documents and Settings\wil\Application Data\Sun
2008-04-16 13:45:15 0 d-------- C:\Documents and Settings\wil\Application Data\DivX
2008-04-14 18:20:18 0 d-------- C:\Documents and Settings\wil\Application Data\LimeWire
2008-04-14 18:07:30 0 d---s---- C:\Documents and Settings\wil\UserData
2008-04-09 23:03:50 0 d-------- C:\Documents and Settings\wil\Application Data\AdobeUM

-- Find3M Report ---------------------------------------------------------------

2008-05-09 19:38:37 0 d-------- C:\Program Files\Wanadoo
2008-05-09 19:28:32 368076 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-09 19:28:32 48856 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-08 22:13:18 0 d-------- C:\Program Files\Google
2008-05-07 22:12:37 0 d-------- C:\Program Files\Java
2008-05-07 20:09:03 62 --ahs---- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\desktop.ini
2008-05-07 18:44:33 0 d-------- C:\Program Files\thomson
2008-05-07 18:20:21 0 d-------- C:\Program Files\Messenger
2008-05-07 17:22:53 0 d-------- C:\Program Files\Movie Maker
2008-05-07 17:20:58 0 d-------- C:\Program Files\Windows NT
2008-05-05 11:35:43 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 12:24:44 0 d-a------ C:\Program Files\fichiers communs
2008-03-29 10:52:16 0 d-------- C:\Program Files\msn gaming zone
2008-03-28 23:35:33 0 d-------- C:\Program Files\Alwil Software
2008-03-28 23:34:34 0 d-------- C:\Program Files\Services en ligne
2008-03-21 08:36:40 0 d-------- C:\Program Files\Fichiers communs\Ahead
2008-03-11 17:23:07 0 d-------- C:\Program Files\iColorFolder

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]
C:\WINDOWS\system32\efcCrSiJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{570b94a0-cc5b-4f58-b3f4-93bdde347e9f}]
09/05/2008 17:57 102976 --a------ C:\WINDOWS\system32\affmbxnt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA35637-BC22-405B-9409-E6BC7153ACFF}]
08/05/2008 21:42 274944 --a------ C:\WINDOWS\system32\tuvWqPgf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 06:59]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28]
"avast!"="D:\PROGRA~1\ashDisp.exe" [29/03/2008 19:37]
"LSA Shellu"="C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe" [07/05/2008 22:19]
"BMa3e7656b"="C:\WINDOWS\system32\rqreawgv.dll" [09/05/2008 17:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/05/2008 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}"= C:\WINDOWS\system32\efcCrSiJ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCrSiJ]
efcCrSiJ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvWqPgf

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8373 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-09 20:52:41 ------------

Elfen Lied

Posté le 09/05/2008 20:56:36

Re,

Télécharge Combofix (by sUbs)

NOTE : Sauvegarde-le sur le bureau - pas ailleurs / Désactive tes protections résidentes durant son utilisation.

Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
~~ Privilège la méthode avec F8 ~~

Double Clic sur Combofix. Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
...Laisse toi guider...
Lorsque l'analyse est terminée, un rapport sera créé. Redémarre en mode normal et poste-le (C:\Combofix.txt).

@+

Darck

Posté le 09/05/2008 21:40:39

rapport combo fix:

ComboFix 08-05-08.1 - wil 2008-05-09 21:28:07.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.847 [GMT 2:00]
Endroit: G:\logiciel\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\affmbxnt.dll
C:\WINDOWS\system32\fgPqWvut.ini
C:\WINDOWS\system32\fgPqWvut.ini2
C:\WINDOWS\system32\mpgxuyur.dll
C:\WINDOWS\system32\rqreawgv.dll
C:\WINDOWS\system32\ruyuxgpm.ini
C:\WINDOWS\system32\tuvWqPgf.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.

2008-05-09 21:27 . 2008-05-09 21:27 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- C:\Program Files\Trend Micro
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- C:\Deckard
2008-05-09 19:39 . 2008-05-09 19:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-09 18:03 . 2008-05-09 18:03 2,112 --a------ C:\WINDOWS\system32\ktxigxlg.exe
2008-05-09 17:56 . 2008-05-09 17:56 0 --a------ C:\WINDOWS\BMa3e7656b.xml
2008-05-09 16:26 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-09 14:50 . 2008-05-09 19:10 <REP> d-------- C:\Program Files\Panda Security
2008-05-08 22:21 . 2008-05-09 13:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 21:41 . 2008-05-08 21:41 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-05-08 21:41 . 2008-05-08 21:41 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-05-08 13:49 . 2008-05-08 16:55 <REP> d-------- C:\Program Files\dbar
2008-05-07 22:19 . 2008-05-08 21:01 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-07 22:19 . 2008-05-08 20:59 <REP> d-------- C:\WINDOWS\system32\ob3
2008-05-07 22:19 . 2008-05-08 20:59 <REP> d-------- C:\WINDOWS\system32\mBL
2008-05-07 22:19 . 2008-05-07 22:21 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 22:19 . 2008-05-08 20:47 <REP> d-------- C:\WINDOWS\system32\20467
2008-05-07 22:19 . 2008-05-07 22:19 <REP> d-------- C:\temp\maxsv15
2008-05-07 22:19 . 2008-05-08 19:30 <REP> d-------- C:\Program Files\winvi
2008-05-07 22:19 . 2008-05-07 22:19 401,968 --a------ C:\WINDOWS\system32\g94.exe
2008-05-07 22:19 . 2008-05-07 22:19 200,779 --a------ C:\WINDOWS\system32\ncntlkdm.exe
2008-05-07 22:19 . 2008-05-07 22:19 86,016 ---hs---- C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe
2008-05-07 22:19 . 2008-05-09 16:20 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-07 22:13 . 2008-05-07 22:25 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\LimeWire
2008-05-07 22:12 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-07 21:34 . 2008-05-07 21:34 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\vlc
2008-05-07 21:33 . 2008-05-07 22:54 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-07 21:24 . 2008-05-07 21:24 <REP> d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\UserData
2008-05-07 21:20 . 2008-05-07 21:21 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-07 21:19 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 21:19 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-07 21:19 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-07 21:13 . 2008-05-09 16:26 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-07 20:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-07 20:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-07 20:44 . 2008-05-07 20:47 102,877 --a------ C:\WINDOWS\hpoins05.dat
2008-05-07 20:44 . 2005-06-22 08:27 17,505 --------- C:\WINDOWS\hpomdl07.dat
2008-05-07 20:41 . 2008-05-07 22:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-07 20:37 . 2008-05-07 20:37 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Nero
2008-05-07 20:35 . 2008-05-07 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-07 20:35 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-05-07 20:35 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-05-07 20:35 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-05-07 20:35 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-07 20:35 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-05-07 20:29 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-05-07 20:12 . 2007-12-05 01:41 7,435,392 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-07 20:12 . 2007-12-05 01:41 7,435,392 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-05-07 20:12 . 2007-12-05 01:41 5,773,568 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-07 20:12 . 2004-08-19 17:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-05-07 20:11 . 2004-08-04 01:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-05-07 20:11 . 2004-08-19 18:10 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-05-07 20:11 . 2004-08-19 18:09 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-07 20:11 . 2004-08-04 01:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-05-07 20:11 . 2004-08-04 01:07 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-05-07 20:11 . 2001-08-17 22:19 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2008-05-07 20:11 . 2004-08-04 01:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-05-07 20:11 . 2004-08-19 18:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-05-07 20:11 . 2001-08-18 00:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage r‚seau
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-05-07 20:09 . 2008-05-07 18:20 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\ModŠles
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-05-07 20:09 . 2008-05-07 20:09 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu D‚marrer
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\ModŠles
2008-05-07 20:09 . 2008-05-09 17:54 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-05-07 20:09 . 2008-05-07 18:21 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-07 20:09 . 2008-05-09 15:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-05-07 20:08 . 2008-05-09 21:27 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-05-07 20:08 . 2008-05-07 18:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-05-07 20:08 . 2006-03-02 14:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-05-07 20:08 . 2006-03-02 14:00 1,013,912 -ra------ C:\WINDOWS\SET3.tmp
2008-05-07 20:08 . 2006-03-02 14:00 14,043 -ra------ C:\WINDOWS\SET8.tmp
2008-05-07 18:54 . 2008-05-07 18:54 <REP> d-------- C:\WINDOWS\Provisioning
2008-05-07 18:54 . 2008-05-07 20:06 <REP> d-------- C:\WINDOWS\PeerNet
2008-05-07 18:54 . 2008-05-07 20:06 <REP> d-------- C:\WINDOWS\ehome
2008-05-07 18:45 . 2004-05-13 09:28 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-05-07 18:44 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-05-07 18:44 . 2003-09-05 06:58 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-05-07 18:44 . 2003-09-05 06:58 5,607 --a------ C:\WINDOWS\system32\stci.dll
2008-05-07 18:44 . 2003-09-05 06:58 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-05-07 18:44 . 2003-09-05 06:58 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-05-07 18:43 . 2008-05-07 18:43 0 --a------ C:\WINDOWS\system32\rnaph.dll
2008-05-07 18:39 . 2008-05-09 15:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-07 18:33 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage r‚seau
2008-05-07 18:33 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage d'impression
2008-05-07 18:33 . 2008-05-07 18:20 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\ModŠles
2008-05-07 18:33 . 2008-05-07 22:13 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Mes documents
2008-05-07 18:33 . 2008-05-07 20:09 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Menu D‚marrer
2008-05-07 18:33 . 2008-05-07 22:19 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Favoris
2008-05-07 18:33 . 2008-05-09 21:33 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau
2008-05-07 18:33 . 2008-05-09 19:08 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D
2008-05-07 18:33 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-07 18:33 . 2008-05-09 21:36 1,024 --ah----- C:\Documents and Settings\wil.WIL-C12E8FF035D\ntuser.dat.LOG
2008-05-07 18:29 . 2008-05-07 18:29 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT.009
2008-05-07 18:29 . 2008-05-07 18:29 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT.009
2008-05-07 18:29 . 2008-05-09 21:35 1,024 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\ntuser.dat.LOG
2008-05-07 18:29 . 2008-05-09 21:35 1,024 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.009\ntuser.dat.LOG
2008-05-07 18:27 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-07 18:26 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-07 18:25 . 2006-03-02 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-05-07 18:24 . 2008-05-07 18:24 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-07 18:24 . 2008-05-07 18:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-07 18:24 . 2008-05-07 18:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-07 18:24 . 2008-05-09 15:58 3,105 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-05-07 18:24 . 2008-05-07 18:24 0 --a------ C:\WINDOWS\control.ini
2008-05-07 18:23 . 2008-05-07 18:24 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-07 18:23 . 2008-05-07 18:23 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-05-07 18:23 . 2008-05-07 18:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-07 18:21 . 2006-03-02 14:00 3,166,208 --a--c--- C:\WINDOWS\system32\dllcache\msgr3en.dll
2008-05-07 18:20 . 2006-03-02 14:00 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-07 18:19 . 2006-03-02 14:00 1,352,704 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-05-07 17:22 . 2006-03-02 14:00 4,290,048 --a--c--- C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-05-07 17:22 . 2006-03-02 14:00 786,432 --a--c--- C:\WINDOWS\system32\dllcache\migrate.exe
2008-05-07 17:22 . 2006-03-02 14:00 368,640 --a--c--- C:\WINDOWS\system32\dllcache\mpvis.dll
2008-05-07 17:22 . 2006-03-02 14:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-07 17:22 . 2006-03-02 14:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\wmpband.dll
2008-05-07 17:22 . 2006-03-02 14:00 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado27.tlb
2008-05-07 17:22 . 2006-03-02 14:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-07 17:22 . 2006-03-02 14:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-05-07 17:22 . 2006-03-02 14:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\wmm2res2.dll
2008-05-07 17:22 . 2006-03-02 14:00 4,096 --a--c--- C:\WINDOWS\system32\dllcache\wmm2eres.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 18:56 --------- d-----w C:\Program Files\Wanadoo
2008-05-08 20:13 --------- d-----w C:\Program Files\Google
2008-05-07 20:12 --------- d-----w C:\Program Files\Java
2008-05-07 16:44 --------- d-----w C:\Program Files\thomson
2008-05-05 09:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-24 15:39 --------- d-----w C:\Documents and Settings\wil\Application Data\Lavasoft
2008-03-31 18:09 --------- d-----w C:\Documents and Settings\wil\Application Data\Ahead
2008-03-31 14:47 --------- d-----w C:\Documents and Settings\wil\Application Data\.ABC
2008-03-31 12:56 --------- d-----w C:\Documents and Settings\wil\Application Data\vlc
2008-03-31 11:59 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\Lavasoft
2008-03-28 21:35 --------- d-----w C:\Program Files\Alwil Software
2008-03-28 21:34 --------- d-----w C:\Program Files\Services en ligne
2008-03-21 10:52 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\Ahead
2008-03-21 06:36 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-20 22:03 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\vlc
2008-03-17 13:00 --------- d-----w C:\Program Files\Softwin
2008-03-17 13:00 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-03-11 15:23 --------- d-----w C:\Program Files\iColorFolder
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]
C:\WINDOWS\system32\efcCrSiJ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-08 21:41 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28 24576]
"avast!"="D:\PROGRA~1\ashDisp.exe" [2008-03-29 19:37 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}"= C:\WINDOWS\system32\efcCrSiJ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCrSiJ]
efcCrSiJ.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:35:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\aswUpdSv.exe
D:\Program Files\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wanadoo\CnxMon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 21:38:18 - machine was rebooted [wil]
ComboFix-quarantined-files.txt 2008-05-09 19:38:15

Pre-Run: 4,064,563,200 octets libres
Post-Run: 4,862,640,128 octets libres

224 --- E O F --- 2008-05-09 14:26:55

Elfen Lied

Posté le 09/05/2008 21:46:04

Re,

Je veux que tu utilise Combofix sur le bureau. C'était pourtant indiqué.

Copie le texte se situant dans le cadre ci-dessous (CTRL + C)

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCrSiJ]

File::
C:\WINDOWS\system32\efcCrSiJ.dll
C:\WINDOWS\system32\ktxigxlg.exe
C:\WINDOWS\BMa3e7656b.xml
C:\WINDOWS\system32\ncntlkdm.exe
C:\WINDOWS\system32\g94.exe

NOTE : Désactive tes protections résidentes durant la procédure.

=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

< inclued picture >

* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
* Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

@+

-->Message édité par Elfen Lied le 09/05/2008 21:51:49<--

Darck

Posté le 09/05/2008 21:55:46

eComboFix 08-05-08.1 - wil 2008-05-09 21:51:46.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.703 [GMT 2:00]
Endroit: G:\logiciel\ComboFix.exe
Command switches used :: C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\efcCrSiJ.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.

2008-05-09 21:39 . 2008-05-09 21:39 <REP> d-------- C:\WINDOWS\LastGood
2008-05-09 21:27 . 2008-05-09 21:27 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- C:\Program Files\Trend Micro
2008-05-09 20:50 . 2008-05-09 20:50 <REP> d-------- C:\Deckard
2008-05-09 19:39 . 2008-05-09 19:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-09 18:03 . 2008-05-09 18:03 2,112 --a------ C:\WINDOWS\system32\ktxigxlg.exe
2008-05-09 17:56 . 2008-05-09 17:56 0 --a------ C:\WINDOWS\BMa3e7656b.xml
2008-05-09 16:26 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-09 14:50 . 2008-05-09 19:10 <REP> d-------- C:\Program Files\Panda Security
2008-05-08 22:21 . 2008-05-09 13:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 21:41 . 2008-05-08 21:41 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-05-08 21:41 . 2008-05-08 21:41 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-05-08 13:49 . 2008-05-08 16:55 <REP> d-------- C:\Program Files\dbar
2008-05-07 22:19 . 2008-05-08 21:01 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-07 22:19 . 2008-05-08 20:59 <REP> d-------- C:\WINDOWS\system32\ob3
2008-05-07 22:19 . 2008-05-08 20:59 <REP> d-------- C:\WINDOWS\system32\mBL
2008-05-07 22:19 . 2008-05-07 22:21 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 22:19 . 2008-05-08 20:47 <REP> d-------- C:\WINDOWS\system32\20467
2008-05-07 22:19 . 2008-05-07 22:19 <REP> d-------- C:\temp\maxsv15
2008-05-07 22:19 . 2008-05-08 19:30 <REP> d-------- C:\Program Files\winvi
2008-05-07 22:19 . 2008-05-07 22:19 401,968 --a------ C:\WINDOWS\system32\g94.exe
2008-05-07 22:19 . 2008-05-07 22:19 200,779 --a------ C:\WINDOWS\system32\ncntlkdm.exe
2008-05-07 22:19 . 2008-05-07 22:19 86,016 ---hs---- C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe
2008-05-07 22:19 . 2008-05-09 16:20 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-07 22:13 . 2008-05-07 22:25 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\LimeWire
2008-05-07 22:12 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-07 21:34 . 2008-05-07 21:34 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\vlc
2008-05-07 21:33 . 2008-05-07 22:54 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-07 21:24 . 2008-05-07 21:24 <REP> d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\UserData
2008-05-07 21:20 . 2008-05-07 21:21 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-07 21:19 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 21:19 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-07 21:19 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-07 21:13 . 2008-05-09 16:26 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-07 20:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-07 20:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-07 20:44 . 2008-05-07 20:47 102,877 --a------ C:\WINDOWS\hpoins05.dat
2008-05-07 20:44 . 2005-06-22 08:27 17,505 --------- C:\WINDOWS\hpomdl07.dat
2008-05-07 20:41 . 2008-05-07 22:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-07 20:37 . 2008-05-07 20:37 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Nero
2008-05-07 20:35 . 2008-05-07 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-07 20:35 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-05-07 20:35 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-05-07 20:35 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-05-07 20:35 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-07 20:35 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-05-07 20:29 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-05-07 20:12 . 2007-12-05 01:41 7,435,392 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-07 20:12 . 2007-12-05 01:41 7,435,392 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-05-07 20:12 . 2007-12-05 01:41 5,773,568 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-07 20:12 . 2004-08-19 17:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-05-07 20:11 . 2004-08-04 01:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-05-07 20:11 . 2004-08-19 18:10 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-05-07 20:11 . 2004-08-19 18:09 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-07 20:11 . 2004-08-04 01:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-05-07 20:11 . 2004-08-04 01:07 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-05-07 20:11 . 2001-08-17 22:19 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2008-05-07 20:11 . 2004-08-04 01:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-05-07 20:11 . 2004-08-19 18:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-05-07 20:11 . 2001-08-18 00:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-05-07 20:09 . 2008-05-07 18:20 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-05-07 20:09 . 2008-05-07 20:09 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-05-07 20:09 . 2008-05-09 17:54 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-05-07 20:09 . 2008-05-07 20:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-05-07 20:09 . 2008-05-07 18:21 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-07 20:09 . 2008-05-09 15:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-05-07 20:08 . 2008-05-09 21:27 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-05-07 20:08 . 2008-05-07 18:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-05-07 20:08 . 2006-03-02 14:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-05-07 20:08 . 2006-03-02 14:00 1,013,912 -ra------ C:\WINDOWS\SET3.tmp
2008-05-07 20:08 . 2006-03-02 14:00 14,043 -ra------ C:\WINDOWS\SET8.tmp
2008-05-07 18:54 . 2008-05-07 18:54 <REP> d-------- C:\WINDOWS\Provisioning
2008-05-07 18:54 . 2008-05-07 20:06 <REP> d-------- C:\WINDOWS\PeerNet
2008-05-07 18:54 . 2008-05-07 20:06 <REP> d-------- C:\WINDOWS\ehome
2008-05-07 18:45 . 2004-05-13 09:28 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-05-07 18:44 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-05-07 18:44 . 2003-09-05 06:58 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-05-07 18:44 . 2003-09-05 06:58 5,607 --a------ C:\WINDOWS\system32\stci.dll
2008-05-07 18:44 . 2003-09-05 06:58 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-05-07 18:44 . 2003-09-05 06:58 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-05-07 18:43 . 2008-05-07 18:43 0 --a------ C:\WINDOWS\system32\rnaph.dll
2008-05-07 18:39 . 2008-05-09 15:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-07 18:33 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage réseau
2008-05-07 18:33 . 2008-05-07 20:09 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage d'impression
2008-05-07 18:33 . 2008-05-07 18:20 <REP> d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Modèles
2008-05-07 18:33 . 2008-05-07 22:13 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Mes documents
2008-05-07 18:33 . 2008-05-07 20:09 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Menu Démarrer
2008-05-07 18:33 . 2008-05-07 22:19 <REP> dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Favoris
2008-05-07 18:33 . 2008-05-09 21:51 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau
2008-05-07 18:33 . 2008-05-09 19:08 <REP> d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D
2008-05-07 18:33 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-07 18:33 . 2008-05-09 21:53 1,024 --ah----- C:\Documents and Settings\wil.WIL-C12E8FF035D\ntuser.dat.LOG
2008-05-07 18:29 . 2008-05-07 18:29 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT.009
2008-05-07 18:29 . 2008-05-07 18:29 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT.009
2008-05-07 18:29 . 2008-05-09 21:35 1,024 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\ntuser.dat.LOG
2008-05-07 18:29 . 2008-05-09 21:35 1,024 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.009\ntuser.dat.LOG
2008-05-07 18:27 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-07 18:26 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-07 18:25 . 2006-03-02 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-05-07 18:24 . 2008-05-07 18:24 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-07 18:24 . 2008-05-07 18:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-07 18:24 . 2008-05-07 18:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-07 18:24 . 2008-05-09 15:58 3,105 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-05-07 18:24 . 2008-05-07 18:24 0 --a------ C:\WINDOWS\control.ini
2008-05-07 18:23 . 2008-05-07 18:24 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-07 18:23 . 2008-05-07 18:23 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-05-07 18:23 . 2008-05-07 18:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-07 18:21 . 2006-03-02 14:00 3,166,208 --a--c--- C:\WINDOWS\system32\dllcache\msgr3en.dll
2008-05-07 18:20 . 2006-03-02 14:00 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-07 18:19 . 2006-03-02 14:00 1,352,704 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-05-07 17:22 . 2006-03-02 14:00 4,290,048 --a--c--- C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-05-07 17:22 . 2006-03-02 14:00 786,432 --a--c--- C:\WINDOWS\system32\dllcache\migrate.exe
2008-05-07 17:22 . 2006-03-02 14:00 368,640 --a--c--- C:\WINDOWS\system32\dllcache\mpvis.dll
2008-05-07 17:22 . 2006-03-02 14:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-07 17:22 . 2006-03-02 14:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\wmpband.dll
2008-05-07 17:22 . 2006-03-02 14:00 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado27.tlb
2008-05-07 17:22 . 2006-03-02 14:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-07 17:22 . 2006-03-02 14:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-05-07 17:22 . 2006-03-02 14:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\wmm2res2.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 19:50 --------- d-----w C:\Program Files\Wanadoo
2008-05-08 20:13 --------- d-----w C:\Program Files\Google
2008-05-07 20:12 --------- d-----w C:\Program Files\Java
2008-05-07 16:44 --------- d-----w C:\Program Files\thomson
2008-05-05 09:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-24 15:39 --------- d-----w C:\Documents and Settings\wil\Application Data\Lavasoft
2008-03-31 18:09 --------- d-----w C:\Documents and Settings\wil\Application Data\Ahead
2008-03-31 14:47 --------- d-----w C:\Documents and Settings\wil\Application Data\.ABC
2008-03-31 12:56 --------- d-----w C:\Documents and Settings\wil\Application Data\vlc
2008-03-31 11:59 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\Lavasoft
2008-03-28 21:35 --------- d-----w C:\Program Files\Alwil Software
2008-03-28 21:34 --------- d-----w C:\Program Files\Services en ligne
2008-03-21 10:52 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\Ahead
2008-03-21 06:36 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-20 22:03 --------- d-----w C:\Documents and Settings\wil.WIL-F7G0XZGKH75\Application Data\vlc
2008-03-17 13:00 --------- d-----w C:\Program Files\Softwin
2008-03-17 13:00 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-03-11 15:23 --------- d-----w C:\Program Files\iColorFolder
.

((((((((((((((((((((((((((((( snapshot@2008-05-09_21.38.04.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 17:28:32 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-09 19:39:44 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-09 17:28:32 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-09 19:39:44 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-09 17:28:32 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-09 19:39:44 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-09 17:28:32 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-09 19:39:44 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-08 21:41 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28 24576]
"avast!"="D:\PROGRA~1\ashDisp.exe" [2008-03-29 19:37 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:52:55
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-09 21:53:47
ComboFix-quarantined-files.txt 2008-05-09 19:53:42
ComboFix2.txt 2008-05-09 19:38:19

Pre-Run: 4,985,303,040 octets libres
Post-Run: 4,986,957,824 octets libres

207 --- E O F --- 2008-05-09 14:26:55
st ce mieux:

Elfen Lied

Posté le 09/05/2008 22:01:09

Re,

J'avais dit d'utiliser Combofix sur le bureau :sarcastic:

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

+ nouveau rapport DSS.

Darck

Posté le 10/05/2008 00:15:34

voici le rapport:
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 737

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 114388
Temps écoulé: 1 hour(s), 48 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Deckard\System Scanner\backup\DOCUME~1\WIL~1.WIL\LOCALS~1\Temp\nsc2.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\DOCUME~1\WIL~1.WIL\LOCALS~1\Temp\~nsu.tmp\Au_.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Softwin\BitDefender Free Edition\Infected\CA5WUTHN (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWqPgf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A5FD3D5-58E8-4427-BF21-C358BB817901}\RP65\A0012681.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88C6C455-485C-4A8E-8264-83B1C4D4EC64}\RP2\A0000310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\g94.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\wil.WIL-C12E8FF035D\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elfen Lied

Posté le 10/05/2008 00:17:18

Nouveau rapport DSS

Darck

Posté le 10/05/2008 10:29:50

Voici,le nv rapport:
Deckard's System Scanner v20071014.68
Run by wil on 2008-05-10 10:27:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as wil.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:45, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\aswUpdSv.exe
D:\Program Files\ashServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\wil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BFB363-11AD-42DE-9D31-26BA57D80231}: NameServer = 81.253.149.1 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 4943 bytes

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-09 22:13:18 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Malwarebytes
2008-05-09 22:13:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 22:13:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-09 21:08:35 68096 --a------ C:\WINDOWS\zip.exe
2008-05-09 21:08:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-09 21:08:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-09 21:08:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-09 21:08:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-09 21:08:35 98816 --a------ C:\WINDOWS\sed.exe
2008-05-09 21:08:35 80412 --a------ C:\WINDOWS\grep.exe
2008-05-09 21:08:35 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-09 20:50:58 0 d-------- C:\Program Files\Trend Micro
2008-05-09 19:39:23 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-09 19:08:56 0 dr-h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Recent
2008-05-09 18:03:00 2112 --a------ C:\WINDOWS\system32\ktxigxlg.exe
2008-05-09 16:26:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-09 14:50:20 0 d-------- C:\Program Files\Panda Security
2008-05-09 13:38:24 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Macromedia
2008-05-09 13:38:22 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Adobe
2008-05-08 22:21:57 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 21:41:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-05-07 22:19:16 200779 --a------ C:\WINDOWS\system32\ncntlkdm.exe
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\sX1
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\ob3
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\mBL
2008-05-07 22:19:06 0 d-------- C:\WINDOWS\system32\20467
2008-05-07 22:19:00 0 d-------- C:\WINDOWS\system32\bkEur18
2008-05-07 22:13:05 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\LimeWire
2008-05-07 21:34:27 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\vlc
2008-05-07 21:24:32 0 d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\UserData
2008-05-07 20:50:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-05-07 20:45:47 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-07 20:45:47 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-07 20:45:47 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-05-07 20:45:47 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-05-07 20:45:47 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-05-07 20:45:47 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-05-07 20:45:45 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-07 20:44:10 17505 -----n--- C:\WINDOWS\hpomdl07.dat
2008-05-07 20:44:10 102877 --a------ C:\WINDOWS\hpoins05.dat
2008-05-07 20:41:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-07 20:37:36 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Nero
2008-05-07 20:35:30 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-05-07 20:35:29 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:29 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:29 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-07 20:35:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-07 20:33:22 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Google
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-05-07 20:09:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-05-07 20:09:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-05-07 20:09:03 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-05-07 20:09:03 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-05-07 20:09:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-07 20:09:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-05-07 20:08:43 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-05-07 20:08:43 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-05-07 20:08:42 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-05-07 20:08:42 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\Provisioning
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\PeerNet
2008-05-07 18:54:10 0 d-------- C:\WINDOWS\ehome
2008-05-07 18:45:08 32768 --a------ C:\WINDOWS\system32\WooDial2000.dll <Not Verified; France Télécom R&D; Kit de Connexion et de Services>
2008-05-07 18:43:52 0 --a------ C:\WINDOWS\system32\rnaph.dll
2008-05-07 18:39:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-07 18:37:42 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\WinRAR
2008-05-07 18:33:17 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\Identities
2008-05-07 18:33:08 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Favoris
2008-05-07 18:33:08 0 d---s---- C:\Documents and Settings\wil.WIL-C12E8FF035D\Cookies
2008-05-07 18:33:08 0 d-------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Bureau
2008-05-07 18:33:08 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage réseau
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Voisinage d'impression
2008-05-07 18:33:07 0 dr-h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\SendTo
2008-05-07 18:33:07 2359296 --ah----- C:\Documents and Settings\wil.WIL-C12E8FF035D\NTUSER.DAT
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Modèles
2008-05-07 18:33:07 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Mes documents
2008-05-07 18:33:07 0 dr------- C:\Documents and Settings\wil.WIL-C12E8FF035D\Menu Démarrer
2008-05-07 18:33:07 0 d--h----- C:\Documents and Settings\wil.WIL-C12E8FF035D\Local Settings
2008-05-07 18:29:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 18:29:48 262144 --ah----- C:\Documents and Settings\LocalService.AUTORITE NT.009\NTUSER.DAT
2008-05-07 18:29:48 0 d--h----- C:\Documents and Settings\LocalService.AUTORITE NT.009\Local Settings
2008-05-07 18:29:48 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.009\Cookies
2008-05-07 18:29:48 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT.009\Application Data
2008-05-07 18:29:48 0 d---s---- C:\Documents and Settings\LocalService.AUTORITE NT.009\Application Data\Microsoft
2008-05-07 18:29:36 229376 --ah----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\NTUSER.DAT
2008-05-07 18:29:36 0 d--h----- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Local Settings
2008-05-07 18:29:36 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Cookies
2008-05-07 18:29:36 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Application Data
2008-05-07 18:29:36 0 d---s---- C:\Documents and Settings\NetworkService.AUTORITE NT.009\Application Data\Microsoft
2008-05-07 18:25:02 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-05-07 18:23:19 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-07 18:20:59 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-07 16:23:59 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-29 20:12:14 0 d-------- C:\Documents and Settings\wil\Application Data\Nero
2008-04-28 12:24:44 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-04-26 14:59:31 0 dr-h----- C:\Documents and Settings\wil\Recent
2008-04-17 21:29:45 0 d-------- C:\Documents and Settings\wil\Application Data\Sun
2008-04-16 13:45:15 0 d-------- C:\Documents and Settings\wil\Application Data\DivX
2008-04-14 18:20:18 0 d-------- C:\Documents and Settings\wil\Application Data\LimeWire
2008-04-14 18:07:30 0 d---s---- C:\Documents and Settings\wil\UserData

-- Find3M Report ---------------------------------------------------------------

2008-05-10 09:34:21 0 d-------- C:\Program Files\Wanadoo
2008-05-10 09:24:19 368076 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-10 09:24:19 48856 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-10 00:23:24 0 d-------- C:\Program Files\Messenger
2008-05-08 22:13:18 0 d-------- C:\Program Files\Google
2008-05-07 22:12:37 0 d-------- C:\Program Files\Java
2008-05-07 20:09:03 62 --ahs---- C:\Documents and Settings\wil.WIL-C12E8FF035D\Application Data\desktop.ini
2008-05-07 18:44:33 0 d-------- C:\Program Files\thomson
2008-05-07 17:22:53 0 d-------- C:\Program Files\Movie Maker
2008-05-07 17:20:58 0 d-------- C:\Program Files\Windows NT
2008-05-05 11:35:43 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 12:24:44 0 d-a------ C:\Program Files\fichiers communs
2008-03-29 10:52:16 0 d-------- C:\Program Files\msn gaming zone
2008-03-28 23:35:33 0 d-------- C:\Program Files\Alwil Software
2008-03-28 23:34:34 0 d-------- C:\Program Files\Services en ligne
2008-03-21 08:36:40 0 d-------- C:\Program Files\Fichiers communs\Ahead
2008-03-11 17:23:07 0 d-------- C:\Program Files\iColorFolder

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 06:59]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28]
"avast!"="D:\PROGRA~1\ashDisp.exe" [29/03/2008 19:37]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/05/2008 21:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

-- End of Deckard's System Scanner: finished at 2008-05-10 10:28:33 ------------