Vundo et fenêtres intempestives

Helmut Perchut Messages postés 7 Statut Membre -  
eZula Messages postés 3509 Statut Contributeur -
Bonjour,

Voilà, depuis plusieurs jours maintenant, mon ordinateur rame sous le coup de fenêtres qui s'ouvrent et le ralentissent de manière générale.
Au départ, je pouvais entendre des "clics" de fenêtres s'ouvrant mais sans s'ouvrir en visuel (et de fait ma page internet était "dessélectionnée", il fallait que je clic dessus pour la sélectionner à nouveau), puis ensuite des fenêtres internet explorer s'ouvraient inopinément, alors même que j'utilise toujours mozilla. Depuis, même sur mozilla, des fenêtres s'ouvrent.

J'ai utilisé malwarebytes et combofix dans la foulée, puis cleaner, puis AVG. Pour le scan bitdefender en ligne, rien n'y fait, la fenêtre se ferme en moins de 10 minutes de scan. (et les "clics" reprennent déjà...)

Merci par avance pour vos lumières.

Cordialement.

Je poste le HiJackThis que je viens de faire :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43, on 01/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\8oToW7Vw.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\5qVqY4Xy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7055 bytes
Configuration: Windows XP
Firefox 2.0.0.20

7 réponses

  1. eZula Messages postés 3509 Statut Contributeur 392
     
    Poste le rapport C:\combofix pour voir
    0
  2. mike
     
    bonjour,

    C:\WINDOWS\system32\8oToW7Vw.exe > joli nom pour un spyware.

    Télécharge Spybot S&D et fait une recherche de spyware.
    0
  3. Helmut Perchut Messages postés 7 Statut Membre
     
    ComboFix 08-12-31.01 - Administrateur 2009-01-01 15:35:45.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.447.107 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\bold.log
    c:\windows\system32\buloreke.dll
    c:\windows\system32\bupodaze.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-28 22:27 . 2008-12-28 22:47 <REP> d-------- c:\program files\Trend Micro
    2008-12-23 16:13 . 2008-12-23 16:13 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Grisoft
    2008-12-23 16:12 . 2008-12-23 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-23 16:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
    2008-12-23 14:15 . 2008-12-23 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-23 14:15 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-23 14:14 . 2008-12-23 14:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-23 14:14 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-23 14:04 . 2008-12-23 14:04 <REP> d-------- c:\windows\report
    2008-12-23 14:04 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\LPT$VPN.727
    2008-12-23 14:03 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Backup
    2008-12-23 14:03 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\VPTNFILE.727
    2008-12-23 14:03 . 2008-12-23 14:03 1,973,163 --a------ c:\windows\tsc.ptn
    2008-12-23 14:03 . 2008-12-23 14:03 1,213,784 --a------ c:\windows\vsapi32.dll
    2008-12-23 14:03 . 2008-12-23 14:03 345,157 --a------ c:\windows\tsc.exe
    2008-12-23 14:03 . 2008-12-23 14:03 91,744 --a------ c:\windows\BPMNT.dll
    2008-12-23 14:03 . 2008-12-23 14:03 71,749 --a------ c:\windows\hcextoutput.dll
    2008-12-23 14:03 . 2008-12-23 14:17 823 --a------ c:\windows\tsc.ini
    2008-12-23 14:00 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Temp
    2008-12-23 14:00 . 2008-12-23 14:00 <REP> d-------- c:\windows\AU_Log
    2008-12-23 14:00 . 2008-12-23 14:00 507,904 --a------ c:\windows\TMUPDATE.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 286,720 --a------ c:\windows\PATCH.EXE
    2008-12-23 14:00 . 2008-12-23 14:00 69,689 --a------ c:\windows\UNZIP.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 170 --a------ c:\windows\GetServer.ini
    2008-12-23 12:59 . 2008-12-23 12:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2008-12-23 12:54 . 2008-12-23 12:59 <REP> d-------- c:\documents and settings\Administrateur\.housecall6.6
    2008-12-22 15:00 . 2008-12-22 15:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2008-12-20 23:01 . 2008-12-20 23:00 31,744 --a------ c:\windows\system32\tLL7Jm76.exe
    2008-12-05 17:26 . 2008-12-05 17:26 <REP> d-------- C:\RioCarbonCe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 14:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
    2008-12-30 17:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2008-12-23 11:49 --------- d-----w c:\program files\BitComet
    2008-12-23 11:49 --------- d-----w c:\program files\Azureus
    2008-12-22 22:56 --------- d-----w c:\program files\Google
    2008-12-05 16:26 --------- d-----w c:\program files\Java
    2008-11-19 17:20 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
    2008-11-19 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2008-11-10 19:52 --------- d-----w c:\program files\uTorrent
    2008-12-20 15:56 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-20 15:56 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-20 15:56 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-20 15:56 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-20 15:56 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 68856]
    "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-11 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= ,

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
    "c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13625:TCP"= 13625:TCP:BitComet 13625 TCP
    "13625:UDP"= 13625:UDP:BitComet 13625 UDP

    R3 wlask48d;802.11b WLAN PC Card Service;c:\windows\system32\DRIVERS\wlask48d.sys [2004-01-06 171520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f499f6c6-3b8c-11dd-b02f-009096f5f9bf}]
    \Shell\AutoRun\command - E:\rxub.bat
    \Shell\explore\Command - E:\rxub.bat
    \Shell\open\Command - E:\rxub.bat
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-12-31 c:\windows\Tasks\At1.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At10.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At11.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At12.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At13.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At14.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At15.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At16.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At17.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At18.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At19.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At2.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At20.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At21.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At22.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At23.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At24.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At25.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At26.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At27.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At28.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At29.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At3.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-24 c:\windows\Tasks\At30.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-21 c:\windows\Tasks\At31.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At32.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At33.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At34.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At35.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At36.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At37.job
    - c:\windows\system32\8oToW7Vw.exe []

    2009-01-01 c:\windows\Tasks\At38.job
    - c:\windows\system32\8oToW7Vw.exe []

    2009-01-01 c:\windows\Tasks\At39.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At4.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At40.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At41.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At42.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At43.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At44.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At45.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At46.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At47.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At48.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At5.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-24 c:\windows\Tasks\At6.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-21 c:\windows\Tasks\At7.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At8.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At9.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: rhum.forumactif.net

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
    c:\windows\Downloaded Program Files\hardwaredetection.inf
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\uuils489.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 15:39:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-01-01 15:40:59
    ComboFix-quarantined-files.txt 2009-01-01 14:40:37
    ComboFix2.txt 2008-12-28 22:02:26

    Avant-CF: 1 627 394 048 octets libres
    Après-CF: 1,717,559,296 octets libres

    253
    0
  4. Helmut Perchut Messages postés 7 Statut Membre
     
    Voilà pour le rapport de combofix.
    Spybot, je l'ai. Je lance une recherche.

    ComboFix 08-12-31.01 - Administrateur 2009-01-01 15:35:45.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.447.107 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\bold.log
    c:\windows\system32\buloreke.dll
    c:\windows\system32\bupodaze.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-28 22:27 . 2008-12-28 22:47 <REP> d-------- c:\program files\Trend Micro
    2008-12-23 16:13 . 2008-12-23 16:13 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Grisoft
    2008-12-23 16:12 . 2008-12-23 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-23 16:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
    2008-12-23 14:15 . 2008-12-23 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-23 14:15 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-23 14:14 . 2008-12-23 14:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-23 14:14 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-23 14:04 . 2008-12-23 14:04 <REP> d-------- c:\windows\report
    2008-12-23 14:04 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\LPT$VPN.727
    2008-12-23 14:03 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Backup
    2008-12-23 14:03 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\VPTNFILE.727
    2008-12-23 14:03 . 2008-12-23 14:03 1,973,163 --a------ c:\windows\tsc.ptn
    2008-12-23 14:03 . 2008-12-23 14:03 1,213,784 --a------ c:\windows\vsapi32.dll
    2008-12-23 14:03 . 2008-12-23 14:03 345,157 --a------ c:\windows\tsc.exe
    2008-12-23 14:03 . 2008-12-23 14:03 91,744 --a------ c:\windows\BPMNT.dll
    2008-12-23 14:03 . 2008-12-23 14:03 71,749 --a------ c:\windows\hcextoutput.dll
    2008-12-23 14:03 . 2008-12-23 14:17 823 --a------ c:\windows\tsc.ini
    2008-12-23 14:00 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Temp
    2008-12-23 14:00 . 2008-12-23 14:00 <REP> d-------- c:\windows\AU_Log
    2008-12-23 14:00 . 2008-12-23 14:00 507,904 --a------ c:\windows\TMUPDATE.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 286,720 --a------ c:\windows\PATCH.EXE
    2008-12-23 14:00 . 2008-12-23 14:00 69,689 --a------ c:\windows\UNZIP.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 170 --a------ c:\windows\GetServer.ini
    2008-12-23 12:59 . 2008-12-23 12:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2008-12-23 12:54 . 2008-12-23 12:59 <REP> d-------- c:\documents and settings\Administrateur\.housecall6.6
    2008-12-22 15:00 . 2008-12-22 15:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2008-12-20 23:01 . 2008-12-20 23:00 31,744 --a------ c:\windows\system32\tLL7Jm76.exe
    2008-12-05 17:26 . 2008-12-05 17:26 <REP> d-------- C:\RioCarbonCe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 14:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
    2008-12-30 17:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2008-12-23 11:49 --------- d-----w c:\program files\BitComet
    2008-12-23 11:49 --------- d-----w c:\program files\Azureus
    2008-12-22 22:56 --------- d-----w c:\program files\Google
    2008-12-05 16:26 --------- d-----w c:\program files\Java
    2008-11-19 17:20 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
    2008-11-19 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2008-11-10 19:52 --------- d-----w c:\program files\uTorrent
    2008-12-20 15:56 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-20 15:56 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-20 15:56 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-20 15:56 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-20 15:56 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 68856]
    "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-11 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= ,

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
    "c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13625:TCP"= 13625:TCP:BitComet 13625 TCP
    "13625:UDP"= 13625:UDP:BitComet 13625 UDP

    R3 wlask48d;802.11b WLAN PC Card Service;c:\windows\system32\DRIVERS\wlask48d.sys [2004-01-06 171520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f499f6c6-3b8c-11dd-b02f-009096f5f9bf}]
    \Shell\AutoRun\command - E:\rxub.bat
    \Shell\explore\Command - E:\rxub.bat
    \Shell\open\Command - E:\rxub.bat
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-12-31 c:\windows\Tasks\At1.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At10.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At11.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At12.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At13.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At14.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At15.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At16.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At17.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At18.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At19.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At2.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At20.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At21.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At22.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At23.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-31 c:\windows\Tasks\At24.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-30 c:\windows\Tasks\At25.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At26.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At27.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At28.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At29.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At3.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-24 c:\windows\Tasks\At30.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-21 c:\windows\Tasks\At31.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At32.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At33.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At34.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-20 c:\windows\Tasks\At35.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At36.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At37.job
    - c:\windows\system32\8oToW7Vw.exe []

    2009-01-01 c:\windows\Tasks\At38.job
    - c:\windows\system32\8oToW7Vw.exe []

    2009-01-01 c:\windows\Tasks\At39.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At4.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2009-01-01 c:\windows\Tasks\At40.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At41.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At42.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At43.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At44.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-30 c:\windows\Tasks\At45.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At46.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At47.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-31 c:\windows\Tasks\At48.job
    - c:\windows\system32\8oToW7Vw.exe []

    2008-12-27 c:\windows\Tasks\At5.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-24 c:\windows\Tasks\At6.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-21 c:\windows\Tasks\At7.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At8.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]

    2008-12-20 c:\windows\Tasks\At9.job
    - c:\windows\system32\tLL7Jm76.exe [2008-12-20 23:00]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: rhum.forumactif.net

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
    c:\windows\Downloaded Program Files\hardwaredetection.inf
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\uuils489.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 15:39:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-01-01 15:40:59
    ComboFix-quarantined-files.txt 2009-01-01 14:40:37
    ComboFix2.txt 2008-12-28 22:02:26

    Avant-CF: 1 627 394 048 octets libres
    Après-CF: 1,717,559,296 octets libres

    253
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. eZula Messages postés 3509 Statut Contributeur 392
     
    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en italique :

    File::
    c:\windows\Tasks\At1.job
    c:\windows\system32\tLL7Jm76.exe
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\system32\8oToW7Vw.exe
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000000


    Enregistre ce fichier sous le nom CFScript

    [*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif/img
    [*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
    [*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
    Ne touche à rien tant que le scan n'est pas terminé.
    [*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
    [*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  7. Helmut Perchut Messages postés 7 Statut Membre
     
    ComboFix 08-12-31.01 - Administrateur 2009-01-01 19:38:02.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.447.130 [GMT 1:00]
    Running from: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrateur\Mes documents\Téléchargements\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\windows\system32\8oToW7Vw.exe
    c:\windows\system32\tLL7Jm76.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\bold.log
    c:\windows\system32\5qVqY4Xy.dll
    c:\windows\system32\8oToW7Vw.exe
    c:\windows\system32\8oToW7Vw.exe.a_a
    c:\windows\system32\8oToW7Vw.exe_
    c:\windows\system32\tLL7Jm76.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
    .

    2009-01-01 17:30 . 2009-01-01 17:36 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-01 17:30 . 2009-01-01 17:36 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-01 17:30 . 2009-01-01 17:30 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-01 17:30 . 2009-01-01 17:30 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-01 16:21 . 2009-01-01 16:21 <REP> d-------- c:\windows\LastGood
    2009-01-01 16:21 . 2009-01-01 16:29 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-01 16:16 . 2009-01-01 16:16 31,232 --a------ c:\windows\system32\5qVqY4Xy.dl_
    2008-12-28 22:27 . 2008-12-28 22:47 <REP> d-------- c:\program files\Trend Micro
    2008-12-23 16:13 . 2008-12-23 16:13 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Grisoft
    2008-12-23 16:12 . 2008-12-23 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-23 16:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
    2008-12-23 14:15 . 2008-12-23 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-23 14:15 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-23 14:14 . 2008-12-23 14:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-23 14:14 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-23 14:14 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-23 14:04 . 2008-12-23 14:04 <REP> d-------- c:\windows\report
    2008-12-23 14:04 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\LPT$VPN.727
    2008-12-23 14:03 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Backup
    2008-12-23 14:03 . 2008-12-23 14:03 21,567,085 --a------ c:\windows\VPTNFILE.727
    2008-12-23 14:03 . 2008-12-23 14:03 1,973,163 --a------ c:\windows\tsc.ptn
    2008-12-23 14:03 . 2008-12-23 14:03 1,213,784 --a------ c:\windows\vsapi32.dll
    2008-12-23 14:03 . 2008-12-23 14:03 345,157 --a------ c:\windows\tsc.exe
    2008-12-23 14:03 . 2008-12-23 14:03 91,744 --a------ c:\windows\BPMNT.dll
    2008-12-23 14:03 . 2008-12-23 14:03 71,749 --a------ c:\windows\hcextoutput.dll
    2008-12-23 14:03 . 2008-12-23 14:17 823 --a------ c:\windows\tsc.ini
    2008-12-23 14:00 . 2008-12-23 14:03 <REP> d-------- c:\windows\AU_Temp
    2008-12-23 14:00 . 2008-12-23 14:00 <REP> d-------- c:\windows\AU_Log
    2008-12-23 14:00 . 2008-12-23 14:00 507,904 --a------ c:\windows\TMUPDATE.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 286,720 --a------ c:\windows\PATCH.EXE
    2008-12-23 14:00 . 2008-12-23 14:00 69,689 --a------ c:\windows\UNZIP.DLL
    2008-12-23 14:00 . 2008-12-23 14:00 170 --a------ c:\windows\GetServer.ini
    2008-12-23 12:59 . 2008-12-23 12:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2008-12-23 12:54 . 2008-12-23 12:59 <REP> d-------- c:\documents and settings\Administrateur\.housecall6.6
    2008-12-22 15:00 . 2008-12-22 15:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2008-12-05 17:26 . 2008-12-05 17:26 <REP> d-------- C:\RioCarbonCe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-01 16:33 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-01-01 16:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-01 14:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
    2008-12-30 17:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2008-12-23 11:49 --------- d-----w c:\program files\BitComet
    2008-12-23 11:49 --------- d-----w c:\program files\Azureus
    2008-12-22 22:56 --------- d-----w c:\program files\Google
    2008-12-05 16:26 --------- d-----w c:\program files\Java
    2008-11-19 17:20 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
    2008-11-19 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2008-11-10 19:52 --------- d-----w c:\program files\uTorrent
    2008-12-20 15:56 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-20 15:56 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-20 15:56 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-20 15:56 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-20 15:56 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-28_23.01.25,90 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-01 15:22:17 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
    + 2009-01-01 15:22:17 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
    + 2009-01-01 15:22:17 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
    + 2009-01-01 15:22:18 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
    + 2008-01-09 14:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
    + 2008-01-09 14:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
    + 2009-01-01 15:22:19 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
    + 2009-01-01 15:22:17 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
    + 2008-01-09 14:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
    + 2008-01-09 14:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
    + 2008-01-09 14:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 68856]
    "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-11 c:\windows\AGRSMMSG.exe]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com"=
    "c:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
    "c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13625:TCP"= 13625:TCP:BitComet 13625 TCP
    "13625:UDP"= 13625:UDP:BitComet 13625 UDP

    R3 wlask48d;802.11b WLAN PC Card Service;c:\windows\system32\DRIVERS\wlask48d.sys [2004-01-06 171520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f499f6c6-3b8c-11dd-b02f-009096f5f9bf}]
    \Shell\AutoRun\command - E:\rxub.bat
    \Shell\explore\Command - E:\rxub.bat
    \Shell\open\Command - E:\rxub.bat
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: rhum.forumactif.net

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
    c:\windows\Downloaded Program Files\hardwaredetection.inf
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\uuils489.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-01 19:40:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-01 19:41:52
    ComboFix-quarantined-files.txt 2009-01-01 18:41:29
    ComboFix2.txt 2009-01-01 14:41:01
    ComboFix3.txt 2008-12-28 22:02:26

    Pre-Run: 1 219 715 072 octets libres
    Post-Run: 1,465,769,984 octets libres

    279
    0