J ai bien suivi tes instructions et ca a l'air d'avoir bien fonctionné a priori....
Rapport combo fix:
ComboFix 08-10-03.06 - Did 2008-10-04 18:11:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.647 [GMT 2:00]
Lancé depuis: D:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.MS32DLL.dll.vbs
C:\Autorun.inf
D:\.MS32DLL.dll.vbs
D:\autorun.inf
D:\Documents and Settings\Administrateur\Cookies\did@ad.yieldmanager[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@bluestreak[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@ems6[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@linternaute[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@metaffiliation[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@reussissonsensemble[2].txt
D:\Documents and Settings\Aurore\Cookies\aurore@tradedoubler[1].txt
D:\Documents and Settings\Aurore\Cookies\aurore@www.etreenceinte[1].txt
D:\install\install.exe
D:\WINDOWS\.MS32DLL.dll.vbs
D:\WINDOWS\boot.ini
D:\WINDOWS\system32\rtl60.bpl
G:\.MS32DLL.dll.vbs
G:\autorun.inf
I:\Autorun.inf
O:\.MS32DLL.dll.vbs
O:\Autorun.inf
shellexecute=wscript.exe .MS32DLL.dll.vbsI:\.MS32DLL.dll.vbs
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 ))))))))))))))))))))))))))))))))))))
.
2008-10-04 13:51 . 2008-10-04 13:52 <REP> d-------- D:\rsit
2008-10-04 13:29 . 2008-10-04 13:29 <REP> d-------- D:\Program Files\CCleaner
2008-10-04 12:43 . 2008-10-04 13:09 1,944 --a------ D:\Documents and Settings\Orph.egd
2008-10-04 12:41 . 2008-10-04 13:10 <REP> d-------- D:\ToolBar SD
2008-10-04 09:47 . 2008-10-04 09:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 09:47 . 2008-10-04 09:47 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-04 09:16 . 2008-10-04 12:34 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-04 09:03 . 2008-10-04 09:03 <REP> d-------- D:\Program Files\Trend Micro
2008-09-05 15:41 . 2008-09-05 15:41 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 10:26 --------- d-----w D:\Program Files\eMule
2008-10-04 06:40 --------- d-----w D:\Program Files\Avast4
2008-10-03 21:55 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-03 16:22 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Azureus
2008-09-28 16:39 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\GigaTribe
2008-09-25 08:16 --------- d-----w D:\Program Files\MSN Messenger
2008-09-25 08:16 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-09-14 14:53 --------- d-----w D:\Program Files\TuneUp Utilities 2008
2008-08-31 14:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\RoboForm
2008-08-31 14:14 --------- d-----w D:\Program Files\Siber Systems
2008-08-31 08:01 --------- d-----w D:\Program Files\GigaTribe
2008-08-31 07:24 2,290,176 ----a-w D:\WINDOWS\system32\TUKernel.exe
2008-08-29 17:59 --------- d-----w D:\Program Files\La Marmite du Chef
2008-08-29 06:44 --------- d-----w D:\Program Files\SuperCopier2
2008-08-28 14:38 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Winamp
2008-08-26 08:50 --------- d---a-w D:\Documents and Settings\All Users\Application Data\rkfree
2008-08-26 06:33 --------- d-----w D:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-26 06:29 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\HP
2008-08-25 15:22 --------- d-----w D:\Program Files\MappySynchro
2008-08-25 14:50 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-08-24 13:17 --------- d-----w D:\Documents and Settings\Aurore\Application Data\MSN Pictures Displayer
2008-08-24 07:48 --------- d-----w D:\Documents and Settings\Aurore\Application Data\Nero
2008-08-24 07:47 --------- d-----w D:\Documents and Settings\Aurore\Application Data\HP
2008-08-24 07:38 98,304 ----a-w D:\WINDOWS\system32\qttask.exe
2008-08-24 07:38 --------- d-----w D:\Program Files\QuickTime
2008-08-24 07:37 --------- d-----w D:\Program Files\ACE Mega CoDecS Pack
2008-08-24 07:26 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2008-08-24 07:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
2008-08-24 07:01 --------- d-----w D:\Program Files\HP
2008-08-24 07:01 --------- d-----w D:\Program Files\Fichiers communs\HP
2008-08-24 07:00 --------- d-----w D:\Program Files\Hewlett-Packard
2008-08-24 07:00 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
2008-08-23 21:21 --------- d-----w D:\Program Files\MSXML 4.0
2008-08-23 07:34 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-08-23 07:34 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-08-23 07:34 --------- d-----w D:\Program Files\Logitech
2008-08-23 07:34 --------- d-----w D:\Program Files\Fichiers communs\Logitech
2008-08-23 07:24 --------- d-----w D:\Program Files\Azureus
2008-08-23 06:22 --------- d-----w D:\Documents and Settings\Aurore\Application Data\vlc
2008-08-23 06:03 --------- d-----w D:\Program Files\Sony
2008-08-23 06:03 --------- d-----w D:\Program Files\Fichiers communs\Sony Shared
2008-08-23 06:02 --------- d-----w D:\Program Files\Sony Corporation
2008-08-23 06:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-08-23 05:56 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2008-08-23 05:38 --------- d-----w D:\Program Files\MSN Pictures Displayer
2008-08-23 05:36 446,976 ----a-w D:\WINDOWS\system32\ShellMPD.dll
2008-08-23 05:36 --------- d-----w D:\Program Files\Java
2008-08-23 05:36 --------- d-----w D:\Program Files\Fichiers communs\Java
2008-08-22 19:26 --------- d-----w D:\Program Files\Windows Live
2008-08-22 19:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-22 19:24 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\MSN Pictures Displayer
2008-08-22 19:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2008-08-22 17:58 --------- d-----w D:\Program Files\Google
2008-08-22 17:42 --------- d-----w D:\Documents and Settings\Aurore\Application Data\TuneUp Software
2008-08-22 17:31 20,480 ------w D:\WINDOWS\system32\normaliz.dll
2008-08-22 17:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-22 17:02 --------- d-----w D:\Program Files\Microsoft Works
2008-08-22 17:02 --------- d-----w D:\Program Files\Microsoft Office Professional Plus 2007
2008-08-22 16:57 --------- d-----w D:\Program Files\Fichiers communs\Adobe
2008-08-22 16:43 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-08-22 16:33 --------- d-----w D:\Program Files\Apple Software Update
2008-08-22 16:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-22 16:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2008-08-22 16:25 --------- d-----w D:\Program Files\Winamp
2008-08-22 16:21 --------- d-----w D:\Program Files\VideoLAN
2008-08-22 16:21 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\vlc
2008-08-22 16:14 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-08-22 16:14 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Nero
2008-08-22 16:13 --------- d-----w D:\Program Files\Nero
2008-08-22 16:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-08-22 16:07 --------- d-----w D:\Program Files\DAEMON Tools Lite
2008-08-22 16:02 --------- d-----w D:\Program Files\Cool Edit Pro 2.1
2008-08-22 15:59 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Syntrillium
2008-08-22 15:52 --------- d-----w D:\Program Files\Virtual Dj 3.2
2008-08-22 15:43 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-08-22 15:43 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
2008-08-22 15:24 355,584 ----a-w D:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-22 15:23 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-08-22 15:22 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-22 15:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-22 15:05 --------- d-----w D:\Documents and Settings\LocalService\Application Data\X10 Commander
2008-08-22 15:04 --------- d-----w D:\Program Files\X10 Hardware
2008-08-22 15:04 --------- d-----w D:\Program Files\Common Files
2008-08-22 15:03 --------- d-----w D:\Program Files\Intel
2008-08-22 14:33 --------- d-----w D:\Program Files\microsoft frontpage
2008-08-22 14:31 --------- d-----w D:\Program Files\Services en ligne
2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w D:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="D:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-22 39408]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"RoboForm"="D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-28 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"rkfree"="D:\WINDOWS\Winreveal\rkfree.exe" [2008-08-26 66048]
"QuickTime Task"="D:\WINDOWS\system32\qttask.exe" [2008-08-24 98304]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 D:\WINDOWS\RTHDCPL.EXE]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="D:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax
"vidc.avrn"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.advj"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.mszh"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\avimszh.dll
"vidc.zlib"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\avizlib.dll
"msacm.lameacm"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\lameacm.acm
"vidc.asv1"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.div3"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div5"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div4"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.div6"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll
"vidc.divx"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll
"msacm.divxa32"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm
"vidc.i263"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv
"vidc.iv30"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv31"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv32"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv33"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv34"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv35"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv36"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv37"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv38"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv39"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv40"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv41"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv42"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv43"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv44"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv45"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv46"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv47"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv48"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv49"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv50"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"msacm.imc"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM
"vidc.dv25"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm
"msacm.imaadpcm"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm
"msacm.msg711"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm
"msacm.msg723"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm
"msacm.msgsm610"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm
"vidc.m261"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv
"vidc.m263"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.i420"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.mrle"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll
"vidc.uyvy"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yuy2"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yvyu"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.msvc"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.cram"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.mpg4"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp41"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp42"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp43"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4s"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4v"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.wmv3"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll
"msacm.msaudio1"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm
"msacm.vorbis"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm
"vidc.pdvc"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.ipdv"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.miro"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.dcap"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.mjpa"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.gpjm"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.pim1"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll
"vidc.xvid"= D:\PROGRA~1\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\GigaTribe\\gigatribe.exe"=
"D:\\Program Files\\Microsoft Office Professional Plus 2007\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Extension de thème;D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 3xHybrid;3xHybrid service;D:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-03 710144]
R3 X10Hid;X10 Hid Device;D:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-22 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'
2008-10-04 D:\WINDOWS\Tasks\Maintenance en 1 clic.job
- D:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: E&xporter vers Microsoft Excel - D:\PROGRA~1\Microsoft Office Professional Plus 2007\Office12\EXCEL.EXE/3000
O8 -: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 -: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O17 -: HKLM\CCS\Interface\{95C6242A-DEB9-4592-8A28-E08E44FC4411}: NameServer = 80.10.246.2,80.10.246.129
O17 -: HKLM\CCS\Interface\{AA47A746-1915-40DA-B7A5-3D56B0C9A5C6}: NameServer = 80.10.246.2,80.10.246.129
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 18:14:59
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp"
.
------------------------ Autres processus actifs ------------------------
.
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\Common Files\X10\Common\X10nets.exe
D:\Program Files\Avast4\ashMaiSv.exe
D:\Program Files\Avast4\ashWebSv.exe
D:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-10-04 18:16:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-04 16:15:58
Avant-CF: 32 334 778 368 octets libres
Après-CF: 32,442,576,896 octets libres
352 --- E O F --- 2008-09-13 20:54:16
rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast4\aswUpdSv.exe
D:\Program Files\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\Common Files\X10\Common\x10nets.exe
D:\Program Files\Avast4\ashMaiSv.exe
D:\Program Files\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\Winreveal\rkfree.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [rkfree] D:\WINDOWS\Winreveal\rkfree.exe /b
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\Microsoft Office Professional Plus 2007\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office Professional Plus 2007\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95C6242A-DEB9-4592-8A28-E08E44FC4411}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA47A746-1915-40DA-B7A5-3D56B0C9A5C6}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - D:\PROGRA~1\Common Files\X10\Common\x10nets.exe
End of file - 8777 bytes
NB: je me suis aperçu avant d utiliser combo... que mes icones avast (presde l horloge) avait disparues...j ai pu quand meme desactiver l'AV...
Anti malware en ligne
