pub intempestive

voici le rapport OTMoveIt :

DllUnregisterServer procedure not found in C:\WINDOWS\system32\qnixoufh.dll
C:\WINDOWS\system32\qnixoufh.dll NOT unregistered.
C:\WINDOWS\system32\qnixoufh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fxojsics.dll
C:\WINDOWS\system32\fxojsics.dll NOT unregistered.
C:\WINDOWS\system32\fxojsics.dll moved successfully.
File/Folder C:\WINDOWS\system32\urqOHWml.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xkahxxev.dll
C:\WINDOWS\system32\xkahxxev.dll NOT unregistered.
C:\WINDOWS\system32\xkahxxev.dll moved successfully.
File/Folder C:\WINDOWS\system32\lmWHOqru.ini not found.
File/Folder C:\WINDOWS\system32\lmWHOqru.ini2 not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\frtrsbwa.dll
C:\WINDOWS\system32\frtrsbwa.dll NOT unregistered.
C:\WINDOWS\system32\frtrsbwa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xaqgxbfx.dll
C:\WINDOWS\system32\xaqgxbfx.dll NOT unregistered.
C:\WINDOWS\system32\xaqgxbfx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jpgnebin.dll
C:\WINDOWS\system32\jpgnebin.dll NOT unregistered.
C:\WINDOWS\system32\jpgnebin.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\smryjdwx.dll
C:\WINDOWS\system32\smryjdwx.dll NOT unregistered.
C:\WINDOWS\system32\smryjdwx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yaywxVPG.dll
C:\WINDOWS\system32\yaywxVPG.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yaywxVPG.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\drivers\yinnwuui.dat not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05172008_120722

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yaywxVPG.dll
C:\WINDOWS\system32\yaywxVPG.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yaywxVPG.dll scheduled to be moved on reboot.

rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:08, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrateur\Mes documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F8C2996-381D-4A16-B103-1F78F783C677}: NameServer = 212.30.96.108,213.203.124.146
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8315 bytes

tu n'as pas de rapport Vundofix ?

Non, bizarement sa ne ma rien trouver.

= Copier ce texte qui est en gras


File::
C:\WINDOWS\system32\yaywxVPG.dll



------------------------------

= Ouvrir le Bloc-Notes
= Clic-droit ==> coller
= Faire ==> fichier ==> enregistrer sous ==> choisir Bureau
= Le nommer CFScript.txt
= Fermer le bloc-note
= prendre ce Bloc-note qui est sur le bureau par un clic-gauche continu
= L'amener dans Combofix et relacher le clic
= Combofix se relance seul
= mettre le rapport dans la réponse

Voici le rapport combofix:



ComboFix 08-05-15.3 - Administrateur 2008-05-17 12:52:29.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.465 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Mes documents\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

* Création d'un nouveau point de restauration



[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

.

[color=purple]The following files were disabled during the run:[/color]

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll





(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\GPVxwyay.ini

C:\WINDOWS\system32\GPVxwyay.ini2

C:\WINDOWS\system32\hfuoxinq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\qmwjegop.ini

C:\WINDOWS\system32\wvvpkwyq.exe

C:\WINDOWS\system32\yjxgndvw.exe

C:\WINDOWS\system32\audiosrvt.dll . . . . Echec de suppression



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_vhdjeavl

-------\Service_vhdjeavl





((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))

.



2008-05-17 12:13 . 2008-05-17 12:13 <REP> d-------- C:\VundoFix Backups

2008-05-16 22:27 . 2008-05-16 22:27 135,680 --a------ C:\WINDOWS\system32\ncbqmhtt.dll

2008-05-16 21:28 . 2008-05-16 21:28 135,680 --a------ C:\WINDOWS\system32\geecovcn.dll

2008-05-16 21:26 . 2008-05-16 21:26 <REP> d-------- C:\Documents and Settings\angèle

2008-05-16 21:26 . <REP> C:\Documents and Settings\angÞle\Local Settings

2008-05-16 21:26 . <REP> C:\Documents and Settings\angÞle\Local Settings

2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\WINDOWS\system32\xircom

2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\microsoft frontpage

2008-05-16 21:07 . 2008-05-16 21:07 <REP> d-------- C:\_OTMoveIt

2008-05-16 16:14 . 2008-05-16 21:01 <REP> d-------- C:\Program Files\Navilog1

2008-05-15 17:03 . 2008-05-17 11:30 109,834 --a------ C:\WINDOWS\BM139ea0dc.xml

2008-05-14 22:46 . 2008-05-14 22:46 369,664 --a------ C:\WINDOWS\system32\yaywxVPG.dll

2008-05-14 22:42 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-05-14 22:42 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-05-14 22:41 . 2008-05-14 22:41 58,368 --a------ C:\WINDOWS\system32\nnnoOhIY.dll

2008-05-11 14:07 . 2008-05-16 21:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-05-11 01:13 . 2008-05-11 01:14 <REP> d-------- C:\Program Files\TVAnts

2008-05-10 23:45 . 2008-05-10 23:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-10 23:45 . 2008-05-11 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-09 12:38 . 2008-05-09 12:38 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Real

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Fichiers communs\Real

2008-05-09 12:36 . 2008-05-09 12:36 3,431 --a------ C:\WINDOWS\mozver.dat

2008-05-08 14:07 . 2008-05-08 14:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\twzkjfry

2008-05-04 18:04 . 2004-08-03 23:08 40,832 --a------ C:\WINDOWS\system32\drivers\IrBus.sys

2008-05-04 18:04 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-04 18:04 . 2004-08-03 23:08 15,104 --a------ C:\WINDOWS\system32\drivers\hidir.sys

2008-05-04 13:16 . 2008-05-17 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-04 13:16 . 2008-05-04 13:16 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-04 13:15 . 2008-05-14 22:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

2008-05-04 13:14 . 2008-05-04 13:14 <REP> d-------- C:\Program Files\Bonjour

2008-05-04 13:13 . 2008-05-04 13:14 <REP> d-------- C:\Program Files\QuickTime

2008-05-04 13:13 . 2008-05-04 13:13 <REP> d-------- C:\Program Files\Apple Software Update

2008-05-04 13:13 . 2008-05-04 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-04 13:12 . 2008-05-04 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-05-04 13:12 . 2008-05-04 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-04-29 17:13 . 2008-04-29 17:13 <REP> d-------- C:\Program Files\third idle

2008-04-27 18:57 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL

2008-04-27 18:57 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL

2008-04-27 18:52 . 2008-04-27 18:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON

2008-04-27 18:52 . 2008-04-27 18:52 29 --a------ C:\WINDOWS\DEBUGSM.INI

2008-04-27 18:44 . 2008-04-27 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2008-04-27 18:40 . 2008-04-27 18:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield

2008-04-27 18:34 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll

2008-04-27 18:34 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll

2008-04-27 18:34 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll

2008-04-27 18:33 . 2008-04-27 18:33 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini

2008-04-26 14:19 . 2008-04-26 14:19 <REP> d-------- C:\Documents and Settings\Administrateur\LocalLow

2008-04-25 18:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-19 17:53 . 2008-04-19 17:53 <REP> d-------- C:\Program Files\OneStopSoft.com

2008-04-19 17:53 . 2008-04-19 17:53 <REP> d-------- C:\Downloaded Videos

2008-04-19 17:53 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx

2008-04-19 17:53 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx

2008-04-19 17:53 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx

2008-04-19 17:53 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-04-19 17:53 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-04-19 17:53 . 2001-04-20 01:28 28,672 --a------ C:\WINDOWS\system32\SysTray.ocx

2008-04-17 23:26 . 2008-05-03 00:18 <REP> d-------- C:\Program Files\Acoustica Beatcraft

2008-04-17 22:02 . 2008-04-17 22:02 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS



.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 10:57 --------- d-----w C:\Program Files\TuneUp Utilities 2006

2008-05-17 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus

2008-05-17 09:57 --------- d-----w C:\Program Files\eMule

2008-05-16 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does

2008-05-16 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-05-14 20:42 --------- d-----w C:\Program Files\XviD

2008-05-13 17:43 --------- d-----w C:\Program Files\lphant

2008-05-12 00:15 --------- d-----w C:\Program Files\Alwil Software

2008-05-10 20:24 --------- d-----w C:\Program Files\SopCast

2008-05-09 10:36 --------- d-----w C:\Program Files\Google

2008-05-08 12:07 --------- d-----w C:\Program Files\Fichiers communs\Mozilla Shared

2008-05-02 22:17 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-02 22:15 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-04-29 15:13 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\third idle

2008-04-27 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-27 16:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-04-27 16:43 --------- d-----w C:\Program Files\EPSON

2008-04-25 16:21 --------- d-----w C:\Program Files\Java

2008-04-20 13:36 --------- d-----w C:\Program Files\Azureus

2008-04-10 13:08 --------- d-----w C:\Program Files\VirtualDJ

2008-04-07 17:08 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-04-06 15:35 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-04-06 15:35 52,437 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-04-06 15:29 --------- d-----w C:\Program Files\DesktopEarth

2008-04-06 13:22 --------- d-----w C:\Program Files\TVUPlayer

2008-04-01 21:42 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-03-30 18:17 --------- d-----w C:\Program Files\MSN Messenger

2008-03-30 18:17 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-23 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-21 19:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-21 19:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools

2008-03-20 22:14 --------- d-----w C:\Program Files\REGSHAVE

2008-03-18 22:33 --------- d-----w C:\Program Files\Serato

.



------- Sigcheck -------



2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll

2005-01-27 19:14 660992 b16b02f3c804f057dab099cc15ed0206 C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\system32\DllCache\wininet.dll



2008-03-03 13:44 359040 4b78d9cf627de9d37b06d915fb12c624 C:\WINDOWS\system32\DllCache\TCPIP.SYS

2008-03-03 13:44 359040 4b78d9cf627de9d37b06d915fb12c624 C:\WINDOWS\system32\drivers\TCPIP.SYS



2004-10-13 21:38 978432 30bafa671afca2f5841c3045eedaeb9a C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-16_21.25.05.14 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-16 19:21:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-17 10:56:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2001-08-24 11:00:00 82,432 ----a-w C:\WINDOWS\system32\audiosrvt.dll

+ 2001-08-24 11:00:00 21,632 ----a-w C:\WINDOWS\system32\drivers\yinnwuui.dat

+ 2008-05-17 10:56:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FCF97AF-57AC-4B3E-86AD-29154296B6BF}]

2001-08-24 13:00 82432 --a------ c:\windows\system32\audiosrvt.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40EB6A47-C9B9-4968-AE36-1091BE294610}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f6e905-249b-4d68-ba50-a48e296b97dc}]

2008-05-16 22:27 135680 --a------ C:\WINDOWS\system32\ncbqmhtt.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4062B83-A8A7-4BBF-A714-606985359F46}]

2008-05-14 22:46 369664 --a------ C:\WINDOWS\system32\yaywxVPG.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]

2008-05-14 22:41 58368 --a------ C:\WINDOWS\system32\nnnoOhIY.dll



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]

"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [2006-09-21 05:01 139264]

"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]

"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 08:01 180736]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 14:42 29744]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 12:37 185896]

"combofix"="C:\WINDOWS\system32\CF15010.exe" [2004-08-03 23:54 428032]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearDocsOnExit"= 64 (0x40)

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)



[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ClearDocsOnExit"= 64 (0x40)

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\nnnoOhIY.dll [2008-05-14 22:41 58368]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dxrosamc]

audiosrvt.dll 2001-08-24 13:00 82432 C:\WINDOWS\system32\audiosrvt.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOhIY]

nnnoOhIY.dll 2008-05-14 22:41 58368 C:\WINDOWS\system32\nnnoOhIY.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3radius"= l3codecp.acm

"vidc.xvid"= xvid.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

"Persistence"=C:\WINDOWS\system32\igfxpers.exe



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=

"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"C:\\Program Files\\eChanblard\\emule.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"C:\\Program Files\\lphant\\eLePhantClient.exe"=

"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)



R0 yinnwuui;yinnwuui;C:\WINDOWS\system32\drivers\yinnwuui.dat []

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 14:42]

S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 16:11]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 00:15]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

vhdjeavl



.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-17 11:00:03 C:\WINDOWS\Tasks\A4FFF4D491846E34.job"

- c:\docume~1\admini~1\applic~1\thirdi~1\surf size flag.exe

"2008-05-16 14:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-17 11:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-05-16 20:20:10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{97575D77-4AF5-4EDA-836B-9D8517886320}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-17 12:58:04

Windows 5.1.2600 Service Pack 2 NTFS



Balayage processus cach‚s ...



Balayage cach‚ autostart entries ...



Balayage des fichiers cach‚s ...



Scan termin‚ avec succŠs

Les fichiers cach‚s: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yinnwuui]

"ImagePath"="system32\drivers\yinnwuui.dat"

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------



PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

-> C:\WINDOWS\system32\nnnoOhIY.dll



PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll



PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\RealVNC\VNC4\winvnc4.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\DesktopEarth\DesktopEarth.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Program Files\Neuf\Media Center\httpd\httpd.exe

C:\Program Files\Neuf\Media Center\httpd\httpd.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-17 13:01:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-17 11:01:06

ComboFix2.txt 2008-05-16 19:25:58



Pre-Run: 226,055,421,952 octets libres

Post-Run: 226,235,920,384 octets libres



303



Ajout du 17-05-2008 à 13:19:

Voici le rapport combofix:



ComboFix 08-05-15.3 - Administrateur 2008-05-17 12:52:29.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.465 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Mes documents\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

* Création d'un nouveau point de restauration



[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

.

[color=purple]The following files were disabled during the run:[/color]

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll





(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\GPVxwyay.ini

C:\WINDOWS\system32\GPVxwyay.ini2

C:\WINDOWS\system32\hfuoxinq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\qmwjegop.ini

C:\WINDOWS\system32\wvvpkwyq.exe

C:\WINDOWS\system32\yjxgndvw.exe

C:\WINDOWS\system32\audiosrvt.dll . . . . Echec de suppression



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_vhdjeavl

-------\Service_vhdjeavl





((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))

.



2008-05-17 12:13 . 2008-05-17 12:13 <REP> d-------- C:\VundoFix Backups

2008-05-16 22:27 . 2008-05-16 22:27 135,680 --a------ C:\WINDOWS\system32\ncbqmhtt.dll

2008-05-16 21:28 . 2008-05-16 21:28 135,680 --a------ C:\WINDOWS\system32\geecovcn.dll

2008-05-16 21:26 . 2008-05-16 21:26 <REP> d-------- C:\Documents and Settings\angèle

2008-05-16 21:26 . <REP> C:\Documents and Settings\angÞle\Local Settings

2008-05-16 21:26 . <REP> C:\Documents and Settings\angÞle\Local Settings

2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\WINDOWS\system32\xircom

2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\microsoft frontpage

2008-05-16 21:07 . 2008-05-16 21:07 <REP> d-------- C:\_OTMoveIt

2008-05-16 16:14 . 2008-05-16 21:01 <REP> d-------- C:\Program Files\Navilog1

2008-05-15 17:03 . 2008-05-17 11:30 109,834 --a------ C:\WINDOWS\BM139ea0dc.xml

2008-05-14 22:46 . 2008-05-14 22:46 369,664 --a------ C:\WINDOWS\system32\yaywxVPG.dll

2008-05-14 22:42 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-05-14 22:42 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-05-14 22:41 . 2008-05-14 22:41 58,368 --a------ C:\WINDOWS\system32\nnnoOhIY.dll

2008-05-11 14:07 . 2008-05-16 21:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-05-11 01:13 . 2008-05-11 01:14 <REP> d-------- C:\Program Files\TVAnts

2008-05-10 23:45 . 2008-05-10 23:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-10 23:45 . 2008-05-11 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-09 12:38 . 2008-05-09 12:38 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Real

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-05-09 12:37 . 2008-05-09 12:37 <REP> d-------- C:\Program Files\Fichiers communs\Real

2008-05-09 12:36 . 2008-05-09 12:36 3,431 --a------ C:\WINDOWS\mozver.dat

2008-05-08 14:07 . 2008-05-08 14:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\twzkjfry

2008-05-04 18:04 . 2004-08-03 23:08 40,832 --a------ C:\WINDOWS\system32\drivers\IrBus.sys

2008-05-04 18:04 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-04 18:04 . 2004-08-03 23:08 15,104 --a------ C:\WINDOWS\system32\drivers\hidir.sys

2008-05-04 13:16 . 2008-05-17 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-04 13:16 . 2008-05-04 13:16 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-04 13:15 . 2008-05-14 22:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

2008-05-04 13:14 . 2008-05-04 13:14 <REP> d-------- C:\Program Files\Bonjour

2008-05-04 13:13 . 2008-05-04 13:14 <REP> d-------- C:\Program Files\QuickTime

2008-05-04 13:13 . 2008-05-04 13:13 <REP> d-------- C:\Program Files\Apple Software Update

2008-05-04 13:13 . 2008-05-04 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-04 13:12 . 2008-05-04 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-05-04 13:12 . 2008-05-04 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-04-29 17:13 . 2008-04-29 17:13 <REP> d-------- C:\Program Files\third idle

2008-04-27 18:57 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL

2008-04-27 18:57 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL

2008-04-27 18:52 . 2008-04-27 18:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON

2008-04-27 18:52 . 2008-04-27 18:52 29 --a------ C:\WINDOWS\DEBUGSM.INI

2008-04-27 18:44 . 2008-04-27 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2008-04-27 18:40 . 2008-04-27 18:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield

2008-04-27 18:34 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll

2008-04-27 18:34 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll

2008-04-27 18:34 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll

2008-04-27 18:33 . 2008-04-27 18:33 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini

2008-04-26 14:19 . 2008-04-26 14:19 <REP> d-------- C:\Documents and Settings\Administrateur\LocalLow

2008-04-25 18:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-19 17:53 . 2008-04-19 17:53 <REP> d-------- C:\Program Files\OneStopSoft.com

2008-04-19 17:53 . 2008-04-19 17:53 <REP> d-------- C:\Downloaded Videos

2008-04-19 17:53 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx

2008-04-19 17:53 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx

2008-04-19 17:53 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx

2008-04-19 17:53 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-04-19 17:53 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-04-19 17:53 . 2001-04-20 01:28 28,672 --a------ C:\WINDOWS\system32\SysTray.ocx

2008-04-17 23:26 . 2008-05-03 00:18 <REP> d-------- C:\Program Files\Acoustica Beatcraft

2008-04-17 22:02 . 2008-04-17 22:02 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS



.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 10:57 --------- d-----w C:\Program Files\TuneUp Utilities 2006

2008-05-17 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus

2008-05-17 09:57 --------- d-----w C:\Program Files\eMule

2008-05-16 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does

2008-05-16 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-05-14 20:42 --------- d-----w C:\Program Files\XviD

2008-05-13 17:43 --------- d-----w C:\Program Files\lphant

2008-05-12 00:15 --------- d-----w C:\Program Files\Alwil Software

2008-05-10 20:24 --------- d-----w C:\Program Files\SopCast

2008-05-09 10:36 --------- d-----w C:\Program Files\Google

2008-05-08 12:07 --------- d-----w C:\Program Files\Fichiers communs\Mozilla Shared

2008-05-02 22:17 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-02 22:15 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-04-29 15:13 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\third idle

2008-04-27 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-27 16:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-04-27 16:43 --------- d-----w C:\Program Files\EPSON

2008-04-25 16:21 --------- d-----w C:\Program Files\Java

2008-04-20 13:36 --------- d-----w C:\Program Files\Azureus

2008-04-10 13:08 --------- d-----w C:\Program Files\VirtualDJ

2008-04-07 17:08 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-04-06 15:35 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-04-06 15:35 52,437 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-04-06 15:29 --------- d-----w C:\Program Files\DesktopEarth

2008-04-06 13:22 --------- d-----w C:\Program Files\TVUPlayer

2008-04-01 21:42 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-03-30 18:17 --------- d-----w C:\Program Files\MSN Messenger

2008-03-30 18:17 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-23 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-21 19:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-21 19:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools

2008-03-20 22:14 --------- d-----w C:\Program Files\REGSHAVE

2008-03-18 22:33 --------- d-----w C:\Program Files\Serato

.



------- Sigcheck -------



2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll

2005-01-27 19:14 660992 b16b02f3c804f057dab099cc15ed0206 C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\system32\DllCache\wininet.dll



2008-03-03 13:44 359040 4b78d9cf627de9d37b06d915fb12c624 C:\WINDOWS\system32\DllCache\TCPIP.SYS

2008-03-03 13:44 359040 4b78d9cf627de9d37b06d915fb12c624 C:\WINDOWS\system32\drivers\TCPIP.SYS



2004-10-13 21:38 978432 30bafa671afca2f5841c3045eedaeb9a C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-16_21.25.05.14 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-16 19:21:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-17 10:56:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2001-08-24 11:00:00 82,432 ----a-w C:\WINDOWS\system32\audiosrvt.dll

+ 2001-08-24 11:00:00 21,632 ----a-w C:\WINDOWS\system32\drivers\yinnwuui.dat

+ 2008-05-17 10:56:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FCF97AF-57AC-4B3E-86AD-29154296B6BF}]

2001-08-24 13:00 82432 --a------ c:\windows\system32\audiosrvt.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40EB6A47-C9B9-4968-AE36-1091BE294610}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f6e905-249b-4d68-ba50-a48e296b97dc}]

2008-05-16 22:27 135680 --a------ C:\WINDOWS\system32\ncbqmhtt.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4062B83-A8A7-4BBF-A714-606985359F46}]

2008-05-14 22:46 369664 --a------ C:\WINDOWS\system32\yaywxVPG.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]

2008-05-14 22:41 58368 --a------ C:\WINDOWS\system32\nnnoOhIY.dll



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]

"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [2006-09-21 05:01 139264]

"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]

"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 08:01 180736]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 14:42 29744]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-09 12:37 185896]

"combofix"="C:\WINDOWS\system32\CF15010.exe" [2004-08-03 23:54 428032]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearDocsOnExit"= 64 (0x40)

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)



[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ClearDocsOnExit"= 64 (0x40)

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\nnnoOhIY.dll [2008-05-14 22:41 58368]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dxrosamc]

audiosrvt.dll 2001-08-24 13:00 82432 C:\WINDOWS\system32\audiosrvt.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOhIY]

nnnoOhIY.dll 2008-05-14 22:41 58368 C:\WINDOWS\system32\nnnoOhIY.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3radius"= l3codecp.acm

"vidc.xvid"= xvid.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

"Persistence"=C:\WINDOWS\system32\igfxpers.exe



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=

"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"C:\\Program Files\\eChanblard\\emule.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"C:\\Program Files\\lphant\\eLePhantClient.exe"=

"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)



R0 yinnwuui;yinnwuui;C:\WINDOWS\system32\drivers\yinnwuui.dat []

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 14:42]

S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 16:11]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 00:15]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

vhdjeavl



.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-17 11:00:03 C:\WINDOWS\Tasks\A4FFF4D491846E34.job"

- c:\docume~1\admini~1\applic~1\thirdi~1\surf size flag.exe

"2008-05-16 14:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-17 11:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-05-16 20:20:10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{97575D77-4AF5-4EDA-836B-9D8517886320}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-17 12:58:04

Windows 5.1.2600 Service Pack 2 NTFS



Balayage processus cach‚s ...



Balayage cach‚ autostart entries ...



Balayage des fichiers cach‚s ...



Scan termin‚ avec succŠs

Les fichiers cach‚s: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yinnwuui]

"ImagePath"="system32\drivers\yinnwuui.dat"

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------



PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

-> C:\WINDOWS\system32\nnnoOhIY.dll



PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll



PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\RealVNC\VNC4\winvnc4.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\DesktopEarth\DesktopEarth.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Program Files\Neuf\Media Center\httpd\httpd.exe

C:\Program Files\Neuf\Media Center\httpd\httpd.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-17 13:01:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-17 11:01:06

ComboFix2.txt 2008-05-16 19:25:58



Pre-Run: 226,055,421,952 octets libres

Post-Run: 226,235,920,384 octets libres



303