Help Controle suite Trojan Downloader

Logiciel & apps Logiciel Général
1

Bonjour

y avait longtemps, à chaque fois que je ramasse un truc c’est lorsque je file un coup de main à une personne de la famille…
et chaque fois sa clef usb est pourrie de virus ou troyen, 3 cette fois ci!!!

Donc j’ai kaspersky et mba mais vu que je suis parano si vous pouvez le faire un check list du résultat ce serait super sympa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:09, on 06/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\explorer.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\officexp-KB953405-FullFile-ENU.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\ohotfix.exe
C:\Program Files\Trend Micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM…\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\windows\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP”
O4 - HKCU…\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE…
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe


End of file - 5832 bytes

Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 2915
Windows 5.1.2600 Service Pack 3 (Safe Mode)

06/10/2009 13:13:23
mbam-log-2009-10-06 (13-13-23).txt

Type de recherche: Examen complet (C:|D:|E:|)
Eléments examinés: 414364
Temps écoulé: 2 hour(s), 9 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
E:\DIVERS\Logiciels\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.

je suis de l autre côté de l’atlantique donc je ne posterais pas avant 14heure30

 merci d'avance.
2

petit up à mon message :wink:

4

Merci Jean

alors tout s’est bien passé.
et je n’ai pas eu de soucis au redémarrage avec la conexion internet.

premier rapport

ComboFix 09-10-07.05 - Administrateur 08/10/2009 13:04.1.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2569 [GMT -5:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\dyazy.exe
AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Mes documents\cc_20090911_172913.reg
c:\documents and settings\Administrateur\Mes documents\registre 080809.reg
c:\documents and settings\Administrateur\Mes documents\registre 250709.reg
c:\recycler\S-1-5-21-1343024091-1935655697-725345543-500
c:\windows\Installer\12b2f4.msi
c:\windows\Installer\1b803.msi
c:\windows\Installer\2329c9.msi
c:\windows\Installer\24b32.msi
c:\windows\Installer\24b3a.msi
c:\windows\Installer\24b46.msi
c:\windows\Installer\35e27.msp
c:\windows\Installer\35e2f.msi
c:\windows\Installer\3e815.msi
c:\windows\Installer\4154c2.msp
c:\windows\Installer\501357.msi
c:\windows\Installer\feb91.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-08 au 2009-10-08 ))))))))))))))))))))))))))))))))))))
.

2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\windows\system32\AGEIA
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-07 21:54 . 2009-10-07 22:16 -------- d-----w- c:\program files\Ad-Remover
2009-10-06 19:06 . 2009-10-06 19:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 16:04 . 2009-10-02 16:04 -------- d-----w- c:\program files\Panda USB Vaccine
2009-09-30 21:46 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 21:45 . 2009-09-30 22:07 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-09-23 14:28 . 2009-09-23 14:29 -------- d-----w- c:\windows\system32\NtmsData
2009-09-19 08:01 . 2009-09-19 08:01 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-19 08:01 . 2009-09-19 08:01 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-19 08:01 . 2009-09-19 08:01 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-19 08:01 . 2009-09-19 08:01 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcod.dll
2009-09-19 08:01 . 2009-09-19 08:01 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-18 00:33 . 2009-09-19 08:01 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 00:26 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-18 00:26 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-18 00:26 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-18 00:17 . 2009-09-18 00:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\windows\system32\AGEIA(2)
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\program files\AGEIA Technologies(2)
2009-09-17 15:15 . 2009-09-17 15:15 3666293 ----a-w- c:\windows\LEGO Star Wars.SCR
2009-09-17 15:14 . 2009-09-17 15:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iScreensaver
2009-09-13 21:20 . 2009-10-07 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-12 01:40 . 2009-09-12 01:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Lucasarts
2009-09-11 22:28 . 2009-09-11 22:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-09-11 21:57 . 2009-09-11 21:57 -------- d-----w- c:\program files\Glary Utilities
2009-09-11 20:15 . 2009-09-11 20:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Logitech
2009-09-11 20:14 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-09-11 20:13 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-09-11 20:13 . 2009-07-20 17:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-09-11 20:13 . 2009-07-20 17:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-09-11 20:13 . 2009-07-20 17:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-09-11 20:13 . 2009-07-20 17:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-09-11 20:13 . 2009-09-11 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-11 19:57 . 2009-09-22 12:28 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-11 19:57 . 2009-09-22 12:28 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-11 19:57 . 2009-10-08 18:08 704544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-11 19:57 . 2009-10-08 18:08 13902368 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-11 19:57 . 2009-09-11 19:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-11 12:59 . 2009-09-11 12:59 -------- d-----w- c:\program files\LucasArts
2009-09-09 15:56 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 15:51 . 2009-09-13 00:41 -------- d-----w- C:\ToolBar SD
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 18:08 . 2009-09-11 19:57 4536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-08 18:08 . 2009-09-11 19:57 114932 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-08 18:07 . 2009-03-21 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WTablet
2009-10-08 12:28 . 2009-03-18 04:36 -------- d-----w- c:\program files\Steam
2009-10-08 12:26 . 2009-09-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-08 04:01 . 2009-09-06 16:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-10-08 00:03 . 2009-07-18 00:48 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-07 12:57 . 2009-03-19 02:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Delivery
2009-10-06 21:39 . 2009-08-08 20:46 -------- d-----w- c:\program files\Trend Micro
2009-10-06 02:27 . 2009-06-23 15:04 -------- d-----w- c:\program files\Free Music Zilla
2009-09-30 04:39 . 2009-03-19 04:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Corel
2009-09-30 04:26 . 2009-03-19 04:53 1264 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-29 14:08 . 2009-03-21 04:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-09-27 19:40 . 2009-05-22 01:15 -------- d-----w- c:\program files\Electronic Arts
2009-09-19 08:01 . 2009-03-18 02:16 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-19 08:01 . 2009-03-18 02:14 7653824 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-18 00:35 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-16 02:38 . 2009-09-16 02:38 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-09-16 02:38 . 2004-08-04 05:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-09-12 01:40 . 2009-03-18 20:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-11 22:04 . 2009-06-23 14:07 -------- d-----w- c:\program files\Foxit Software
2009-09-11 20:29 . 2009-09-08 15:27 -------- d-----w- c:\program files\CCleaner
2009-09-11 20:13 . 2009-07-25 22:23 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2009-09-11 20:13 . 2009-03-18 01:36 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-09-11 20:13 . 2009-03-18 05:01 -------- d-----w- c:\program files\Logitech
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 12:40 . 2001-08-24 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-11 12:40 . 2001-08-24 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-08 15:44 . 2009-03-18 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-08 15:36 . 2009-03-18 02:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 22:44 . 2009-07-24 03:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-02 19:03 . 2009-09-02 19:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-08-25 14:25 . 2009-08-25 14:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LEGO Company
2009-08-25 14:23 . 2009-08-25 14:23 -------- d-----w- c:\program files\LEGO Company
2009-08-25 14:10 . 2009-08-25 14:10 -------- d-----w- c:\program files\Unity
2009-08-22 18:11 . 2009-03-19 04:53 91928 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Microsoft
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Windows Live
2009-08-22 18:00 . 2009-08-22 18:00 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-22 17:58 . 2009-04-01 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 17:58 . 2009-08-22 17:58 -------- d-----w- c:\program files\Java
2009-08-22 17:42 . 2009-08-22 17:42 -------- d-----w- c:\program files\FileHippo.com
2009-08-22 00:57 . 2009-08-22 00:56 -------- d-----w- c:\program files\Analog Devices
2009-08-21 03:23 . 2009-03-18 04:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-21 03:23 . 2009-03-18 04:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-16 22:52 . 2009-08-16 22:52 -------- d-----w- c:\program files\directx
2009-08-14 22:27 . 2009-08-09 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-14 18:36 . 2009-08-14 18:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-07 00:24 . 2009-03-18 01:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-03-18 01:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-03-18 01:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-10-16 20:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-03-18 01:20 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-19 22:09 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-03-18 01:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-18 20:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-18 01:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2008-10-16 20:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:00 . 2004-08-19 22:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:11 . 2009-07-25 19:42 1724416 ----a-w- c:\documents and settings\cpuz_152\cpuz.exe
2009-07-17 19:03 . 2004-08-19 22:09 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:29 . 2009-07-25 02:54 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2009-07-14 04:43 . 2004-08-19 22:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[-] 2009-09-16 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-09-16 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“D-Link AirPlus XtremeG DWL-G520”=“c:\program files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe” [2007-06-21 1327104]
“ANIWZCS2Service”=“c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe” [2007-01-19 49152]
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2007-10-08 1036288]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-09-11 208616]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-09-19 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-09-19 13918208]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-11 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“NeroFilterCheck”=c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\Free Music Zilla\FMZilla.exe”=
“c:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe”=
“c:\Program Files\Steam\steamapps\common\world in conflict\wic.exe”=
“c:\Program Files\Steam\steamapps\common\clutch\Clutch.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Steam\steamapps\common\star wars republic commando\GameData\System\SWRepublicCommando.exe”=
“c:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2sp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2mp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jasp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jamp.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7317:TCP”= 7317:TCP:BitComet 7317 TCP
“7317:UDP”= 7317:UDP:BitComet 7317 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/09/2009 15:14 10384]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [03/01/2006 12:32 241731]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [20/03/2009 19:37 2749224]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [17/03/2009 20:36 547744]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [20/03/2009 19:37 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-10-08 c:\windows\Tasks\GlaryInitialize.job

  • c:\program files\Glary Utilities\initialize.exe [2009-09-11 22:02]

2009-10-08 c:\windows\Tasks\OGALogon.job

  • c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-08 c:\windows\Tasks\PandaUSBVaccine.job

  • c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-02 22:13]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = www.yahoo.fr…
    mWindow Title =
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l76ovl05.default
    FF - prefs.js: browser.startup.homepage - m.fr.yahoo.com…
    .
        • ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-08 13:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,15,77,d0,c2,26,cb,4c,af,53,b1,
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,15,77,d0,c2,26,cb,4c,af,53,b1,\

[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:45,44,3a,f5,b1,20,14,2e,8c,3c,59,e5,64,5e,73,8d,22,1e,62,a8,1d,c3,45,
48,da,fb,c7,79,7c,de,d8,ea,54,14,5b,df,9a,da,5a,e7,2c,bf,a6,11,54,64,c9,46,
“??”=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM\License information*]
“datasecu”=hex:28,9b,89,0e,19,bb,98,5e,85,a0,09,19,b1,1c,15,78,f6,03,b4,68,a5,
29,e8,06,8b,cc,76,8c,22,0c,ec,08,54,48,c9,51,9f,d6,25,9f,c8,25,83,23,66,ee,
“rkeysecu”=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@=“c:\windows\system32\Macromed\Flash\FlashUtil10c.exe”

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘winlogon.exe’(1632)
                c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
                c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
                c:\windows\system32\COMRes.dll

              • ‘explorer.exe’(2748)
                c:\program files\Logitech\SetPoint\GameHook.dll
                c:\program files\Logitech\SetPoint\lgscroll.dll
                c:\windows\system32\eappprxy.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                .
                ------------------------ Autres processus actifs ------------------------
                .
                c:\windows\system32\nvsvc32.exe
                c:\program files\Panda USB Vaccine\USBVaccine.exe
                c:\windows\system32\rundll32.exe
                c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
                c:\windows\system32\PnkBstrA.exe
                c:\windows\system32\WTablet\Wacom_TabletUser.exe
                c:\windows\system32\wscntfy.exe
                .

.
Heure de fin: 2009-10-08 13:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-08 18:12

Avant-CF: 594 244 587 520 octets libres
Après-CF: 594 101 399 552 octets libres

311 — E O F — 2009-09-11 13:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:03, on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\windows\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM…\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU…\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE…
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe


End of file - 5210 bytes

6

oui j’ai le cd windows.

vu ma paranoia je sens bien le formatage.
je déplace pour le moment mes fichiers important si cela s avère necessaire.

cela craint tant que cela???

parce que je crains que le possesseur de la clef ait le même soucis alors…
ainsi que mon portable.

je suis :@:@:@:@

c’est la dernière fois que je met une clef usb qui n’est pas à moi…

sérieusement, c’est un truc juste chiant ou vraiment méchant histoire de juger des dégats.
Edité le 09/10/2009 à 04:14

8

ok merci

10

et voilà le résultat :slight_smile:

sans encombre pour le travail effectué

ComboFix 09-10-08.04 - Administrateur 09/10/2009 9:08.2.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.2776 [GMT -5:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\dyazy.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS
c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-09 au 2009-10-09 ))))))))))))))))))))))))))))))))))))
.

2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\windows\system32\AGEIA
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-08 00:03 . 2009-10-08 00:03 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-07 21:54 . 2009-10-09 03:39 -------- d-----w- c:\program files\Ad-Remover
2009-10-06 19:06 . 2009-10-06 19:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 16:04 . 2009-10-02 16:04 -------- d-----w- c:\program files\Panda USB Vaccine
2009-09-30 21:46 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 21:45 . 2009-09-30 22:07 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-09-23 14:28 . 2009-09-23 14:29 -------- d-----w- c:\windows\system32\NtmsData
2009-09-19 08:01 . 2009-09-19 08:01 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-19 08:01 . 2009-09-19 08:01 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-19 08:01 . 2009-09-19 08:01 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-19 08:01 . 2009-09-19 08:01 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-19 08:01 . 2009-09-19 08:01 163840 ----a-w- c:\windows\system32\nvcod.dll
2009-09-19 08:01 . 2009-09-19 08:01 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-18 00:33 . 2009-09-19 08:01 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-18 00:26 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-18 00:26 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-18 00:26 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-18 00:26 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-18 00:17 . 2009-09-18 00:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\windows\system32\AGEIA(2)
2009-09-18 00:04 . 2009-09-18 00:16 -------- d-----w- c:\program files\AGEIA Technologies(2)
2009-09-17 15:15 . 2009-09-17 15:15 3666293 ----a-w- c:\windows\LEGO Star Wars.SCR
2009-09-17 15:14 . 2009-09-17 15:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iScreensaver
2009-09-13 21:20 . 2009-10-07 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-12 01:40 . 2009-09-12 01:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Lucasarts
2009-09-11 22:28 . 2009-09-11 22:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-09-11 21:57 . 2009-09-11 21:57 -------- d-----w- c:\program files\Glary Utilities
2009-09-11 20:15 . 2009-09-11 20:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Logitech
2009-09-11 20:14 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-09-11 20:13 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-09-11 20:13 . 2009-07-20 17:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-09-11 20:13 . 2009-07-20 17:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-09-11 20:13 . 2009-07-20 17:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-09-11 20:13 . 2009-07-20 17:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-09-11 20:13 . 2009-09-11 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-11 19:57 . 2009-09-22 12:28 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-11 19:57 . 2009-09-22 12:28 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-11 19:57 . 2009-10-09 14:11 704544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-11 19:57 . 2009-10-09 14:11 13913120 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-11 19:57 . 2009-09-11 19:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-11 12:59 . 2009-09-11 12:59 -------- d-----w- c:\program files\LucasArts
2009-09-09 15:56 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 15:51 . 2009-09-13 00:41 -------- d-----w- C:\ToolBar SD

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 14:12 . 2009-09-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-09 14:12 . 2009-03-21 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WTablet
2009-10-09 14:11 . 2009-09-11 19:57 4536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-09 14:11 . 2009-09-11 19:57 115016 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-09 03:34 . 2009-09-06 16:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-10-09 01:41 . 2009-03-18 04:36 -------- d-----w- c:\program files\Steam
2009-10-08 18:54 . 2009-08-08 20:46 -------- d-----w- c:\program files\Trend Micro
2009-10-08 00:03 . 2009-07-18 00:48 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-07 12:57 . 2009-03-19 02:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Delivery
2009-10-06 02:27 . 2009-06-23 15:04 -------- d-----w- c:\program files\Free Music Zilla
2009-09-30 04:39 . 2009-03-19 04:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Corel
2009-09-30 04:26 . 2009-03-19 04:53 1264 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-29 14:08 . 2009-03-21 04:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-09-27 19:40 . 2009-05-22 01:15 -------- d-----w- c:\program files\Electronic Arts
2009-09-19 08:01 . 2009-03-18 02:16 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-19 08:01 . 2009-03-18 02:14 7653824 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-18 00:35 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-16 02:38 . 2009-09-16 02:38 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-09-12 01:40 . 2009-03-18 20:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-11 22:04 . 2009-06-23 14:07 -------- d-----w- c:\program files\Foxit Software
2009-09-11 20:29 . 2009-09-08 15:27 -------- d-----w- c:\program files\CCleaner
2009-09-11 20:13 . 2009-07-25 22:23 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2009-09-11 20:13 . 2009-03-18 01:36 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-09-11 20:13 . 2009-03-18 05:01 -------- d-----w- c:\program files\Logitech
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-09-11 19:17 . 2009-03-22 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-11 12:40 . 2001-08-24 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-11 12:40 . 2001-08-24 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-08 21:50 . 2009-09-08 21:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Office Genuine Advantage
2009-09-08 15:44 . 2009-03-18 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-08 15:36 . 2009-03-18 02:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 22:44 . 2009-07-24 03:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-02 19:03 . 2009-09-02 19:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-08-25 14:25 . 2009-08-25 14:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LEGO Company
2009-08-25 14:23 . 2009-08-25 14:23 -------- d-----w- c:\program files\LEGO Company
2009-08-25 14:10 . 2009-08-25 14:10 -------- d-----w- c:\program files\Unity
2009-08-22 18:11 . 2009-03-19 04:53 91928 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Microsoft
2009-08-22 18:10 . 2009-08-22 18:10 -------- d-----w- c:\program files\Windows Live
2009-08-22 18:00 . 2009-08-22 18:00 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-22 17:58 . 2009-04-01 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 17:58 . 2009-08-22 17:58 -------- d-----w- c:\program files\Java
2009-08-22 17:42 . 2009-08-22 17:42 -------- d-----w- c:\program files\FileHippo.com
2009-08-22 00:57 . 2009-08-22 00:56 -------- d-----w- c:\program files\Analog Devices
2009-08-21 03:23 . 2009-03-18 04:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-21 03:23 . 2009-03-18 04:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-16 22:52 . 2009-08-16 22:52 -------- d-----w- c:\program files\directx
2009-08-14 22:27 . 2009-08-09 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-14 18:36 . 2009-08-14 18:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-07 00:24 . 2009-03-18 01:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-03-18 01:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-03-18 01:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-10-16 20:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-03-18 01:20 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-19 22:09 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-03-18 01:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-18 20:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-18 01:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2008-10-16 20:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:00 . 2004-08-19 22:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:11 . 2009-07-25 19:42 1724416 ----a-w- c:\documents and settings\cpuz_152\cpuz.exe
2009-07-17 19:03 . 2004-08-19 22:09 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:29 . 2009-07-25 02:54 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2009-07-14 04:43 . 2004-08-19 22:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“D-Link AirPlus XtremeG DWL-G520”=“c:\program files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe” [2007-06-21 1327104]
“ANIWZCS2Service”=“c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe” [2007-01-19 49152]
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2007-10-08 1036288]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-09-11 208616]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-09-19 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-09-19 13918208]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-11 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“NeroFilterCheck”=c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\Free Music Zilla\FMZilla.exe”=
“c:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe”=
“c:\Program Files\Steam\steamapps\common\world in conflict\wic.exe”=
“c:\Program Files\Steam\steamapps\common\clutch\Clutch.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Steam\steamapps\common\star wars republic commando\GameData\System\SWRepublicCommando.exe”=
“c:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2sp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi outcast\GameData\jk2mp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jasp.exe”=
“c:\Program Files\Steam\steamapps\common\jedi academy\GameData\jamp.exe”=
“c:\Program Files\Steam\steamapps\common\star wars the clone wars\RepublicHeroesLauncher.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7317:TCP”= 7317:TCP:BitComet 7317 TCP
“7317:UDP”= 7317:UDP:BitComet 7317 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/09/2009 15:14 10384]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [03/01/2006 12:32 241731]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [20/03/2009 19:37 2749224]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [17/03/2009 20:36 547744]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [20/03/2009 19:37 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-10-09 c:\windows\Tasks\GlaryInitialize.job

  • c:\program files\Glary Utilities\initialize.exe [2009-09-11 22:02]

2009-10-09 c:\windows\Tasks\OGALogon.job

  • c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-09 c:\windows\Tasks\PandaUSBVaccine.job

  • c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-02 22:13]
    .
    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l76ovl05.default
    FF - prefs.js: browser.startup.homepage - m.fr.yahoo.com…
    .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-09 09:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:45,44,3a,f5,b1,20,14,2e,8c,3c,59,e5,64,5e,73,8d,22,1e,62,a8,1d,c3,45,
48,da,fb,c7,79,7c,de,d8,ea,54,14,5b,df,9a,da,5a,e7,2c,bf,a6,11,54,64,c9,46,
“??”=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-1085031214-1979792683-839522115-500\Software\SecuROM\License information*]
“datasecu”=hex:28,9b,89,0e,19,bb,98,5e,85,a0,09,19,b1,1c,15,78,f6,03,b4,68,a5,
29,e8,06,8b,cc,76,8c,22,0c,ec,08,54,48,c9,51,9f,d6,25,9f,c8,25,83,23,66,ee,
“rkeysecu”=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘winlogon.exe’(1632)
                c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
                c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

              • ‘explorer.exe’(4032)
                c:\windows\system32\eappprxy.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                .
                ------------------------ Autres processus actifs ------------------------
                .
                c:\windows\system32\nvsvc32.exe
                c:\program files\Panda USB Vaccine\USBVaccine.exe
                c:\windows\system32\rundll32.exe
                c:\windows\system32\PnkBstrA.exe
                c:\windows\system32\WTablet\Wacom_TabletUser.exe
                c:\windows\system32\wscntfy.exe
                .

.
Heure de fin: 2009-10-09 9:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-09 14:14
ComboFix2.txt 2009-10-08 18:12

Avant-CF: 602 599 571 456 octets libres
Après-CF: 602 564 124 672 octets libres

270 — E O F — 2009-09-11 13:02

12

Bien

la connexion internet est ok et le reste aussi.

j’ai désactivé l’ouverture automatique des clefs et autre support usb mais cela n a pas suffit :frowning:
je suis vert chaque fois qu’une plaisanterie passe au travers de l antivirus.
bon je sais que rien n’est parfait…

le soucis vient de ma belle soeur qui bosse et chatte un max par msn et autre… elle avait un travail en retard et je l ai aidé.
voilà le résultat.
le pire c’est que sa machine à 6 mois, après elle va raler que son portable n’avance pas, le dernier était pourrit de virus malware et j’en passe.

En tout cas merci mille fois pour ton aide Jean

14

le rapport de toolscleaner

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Ad-R.exe: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

16

Merci Jean

je m’occupe de tout cela de suite et encore mille fois merci :slight_smile: :wink: