Application valide win 32

Résolu
fredy83 Messages postés 48 Statut Membre -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
Je constate qu'il se passe qque chose avec des virus sous win32 !
je n y est pas echappé !moi mon virus est apparu a la desinstallation d'avast et provoque une charge cpu a 100% toute les 5 sec. de plus apres plusieur examen sur le net du style trend secure, 24h plut tard j'ai une multitude d'infection plus ou moin importante.le pc fonctionne a merveille quand même, mais voila aillant désinstallé mon anti virus,ce petit malin m'empeche toute installation aillant rapport avec la securité system! il me dit a chaque fois ce n'est pas une application valide win 32...
Si par hazard qquun a une idée , elle sera la bien venu !

Fredy
Configuration: Windows XP
Internet Explorer 7.0

30 réponses

  • 1
  • 2
  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Ce message est très certainement dû à une infection Bagle...

    Cette infection s'attrape par le téléchargement de cracks, qui sont de vrais dangers au niveau de la sécurité : https://forum.malekal.com/viewtopic.php?f=33&t=893
    Supprime tous tes cracks et keygens pourris !

    Bagle se propage ensuite par disques amovibles (clés USB, disques durs externes, lecteurs mp3) ==> isole ton PC

    • Ensuite, rends toi sur ce site

    • Tout en bas de cette page tu trouveras un outil à télécharger, clique sur "Descargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour) : choisis le Bureau comme destination, tape un nom différent de Elibagla.exe (par exemple, CCM.exe)

    • Lance Elibagla.exe (qui, je le rappelle, doit avoir été renommé), puis double-clique dessus pour le lancer. Laisse la case "eliminar ficheros automaticamente" cochée, puis clique sur"explorar" et laisse-le travailler

    • Poste le rapport final qui sera dans c:\infosat.txt

    0
  2. fredy83 Messages postés 48 Statut Membre
     
    Bonjour,
    D'abord merci pour ta réponse!
    ensuite , je crois avoir bien fait ce que tu ma dit,renomer le fichier avant de le mettre sur le bureau puis je lais lancé .Mais la rien ?pas de suite .....ça me dit l'editeur n'a pas été verifier .....
    donc j'execute quand même et rien ! est-ce normale ? je rentre ce soir vers 19h30 si tu a une idée se cera avec plaisir !

    Merci

    Fred
    0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Réessaye en téléchargeant le programme renommé directement depuis les liens suivants.

    Elibagla : http://sd-1.archive-host.com/membres/up/7739387536519291/lepremier.EXE

    Redémarre ton ordinateur, puis essaye de l'exécuter dès que ton ordinateur a redémarré.

    Si ça fonctionne, laisse le terminer et poste le rapport.
    Que ça fonctionne ou non, télécharge ensuite Combofix renommé ici :

    Combofix : http://sd-1.archive-host.com/membres/up/7739387536519291/ledeuxieme.exe

    Désactive les éventuels programmes de sécurité qui fonctionnent encore, puis lance le.
    /!\ Ne touche à rien pendant le scan (c'est un programme puissant, une erreur pourrait faire des dégâts...)

    0
  4. fredy83 Messages postés 48 Statut Membre
     
    Salut ,
    j'arrive tout juste merci pour tout ,j"essais et te tient au courrant .

    fred
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fredy83 Messages postés 48 Statut Membre
     
    Re salut
    bah suis un peut dépité j'ai éssayé t-on nouveau lien et rien je fait executé et rien ne se passe !
    suis largué !!!
    suis a l'écoute ....

    Fred
    0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Le programme spécialisé sur cette infection n'était plus disponible, il l'est à nouveau :)
    Avec ça, on devrait s'en sortir :

    • Télécharge FindyKill (de Chiquitine29)

    • Fais un clic droit sur le lien --> enregistrer sous --> Bureau ---> FindyKill

    • Lance l'installation avec les paramètres par défaut

    • Double clique sur le raccourci FindyKill sur ton Bureau

    • Au menu principal, choisis l'option 1 (Recherche)

    • Poste le rapport C:/FindyKill.txt (il est sauvegardé à la racine du disque dur)

    0
  8. fredy83 Messages postés 48 Statut Membre
     
    Salut,
    Merci et te tient au jus pour la suite des évenements

    Fred
    0
  9. fredy83 Messages postés 48 Statut Membre
     
    Bien voila ,
    Mais si possible aurrait tu l'ammabilité de m'expliqué comment fonctionne se rapport et de savoir comment trouvé le probleme s'il y en a un ?

    Merci

    Fred
    ###################### [ FindyKill V4.714 ]

    # User : Titi - FRED
    # Emplacement : C:\Program Files\FindyKill
    # Outils Mis a jours le 19/01/09 par Chiquitine29
    # Recherche effectuée à 11:19:11 le 28/01/2009
    # Windows XP - Internet Explorer 7.0.5730.11

    # [ FindyKill V4.714 - Scan ] ##############

    \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Titi\Application Data\m\flec006.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\IncrediMail\bin\ImApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wintems.exe
    C:\Program Files\eChanblard\emule.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    \\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////

    "C:\Documents and Settings\Titi\Application Data\m\flec006.exe" (1144)
    "C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe" (880)
    "C:\WINDOWS\system32\wintems.exe" (2908)

    \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

    ################## [ C:\ ]

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Found ! - C:\WINDOWS\prefetch\15458328.EXE-030DE173.pf
    Found ! - C:\WINDOWS\prefetch\15458890.EXE-02C33EC2.pf
    Found ! - C:\WINDOWS\prefetch\15668203.EXE-32E987E0.pf
    Found ! - C:\WINDOWS\prefetch\15681375.EXE-0EA64C4F.pf
    Found ! - C:\WINDOWS\prefetch\15707343.EXE-35F4A1D9.pf
    Found ! - C:\WINDOWS\prefetch\15746828.EXE-16AF8C2E.pf
    Found ! - C:\WINDOWS\prefetch\15827375.EXE-345A7951.pf
    Found ! - C:\WINDOWS\prefetch\15835171.EXE-06F87D69.pf
    Found ! - C:\WINDOWS\prefetch\15895171.EXE-0431F7D3.pf
    Found ! - C:\WINDOWS\prefetch\15897750.EXE-0B9EB2BD.pf
    Found ! - C:\WINDOWS\prefetch\15902421.EXE-0BA1FA12.pf
    Found ! - C:\WINDOWS\prefetch\16241953.EXE-3656C2E7.pf
    Found ! - C:\WINDOWS\prefetch\16244328.EXE-00A33569.pf
    Found ! - C:\WINDOWS\prefetch\16369156.EXE-37262C92.pf
    Found ! - C:\WINDOWS\prefetch\16378625.EXE-1D1B5FD9.pf
    Found ! - C:\WINDOWS\prefetch\16408062.EXE-2D804CF4.pf
    Found ! - C:\WINDOWS\prefetch\16415328.EXE-18951868.pf
    Found ! - C:\WINDOWS\prefetch\275015.EXE-194648EB.pf
    Found ! - C:\WINDOWS\prefetch\31144078.EXE-1CF93E87.pf
    Found ! - C:\WINDOWS\prefetch\31157140.EXE-15C256A1.pf
    Found ! - C:\WINDOWS\prefetch\31247343.EXE-1BCFB593.pf
    Found ! - C:\WINDOWS\prefetch\31565078.EXE-22233134.pf
    Found ! - C:\WINDOWS\prefetch\31661593.EXE-0862D8B6.pf
    Found ! - C:\WINDOWS\prefetch\31724015.EXE-35B4456A.pf
    Found ! - C:\WINDOWS\prefetch\31732296.EXE-307720E5.pf
    Found ! - C:\WINDOWS\prefetch\31816140.EXE-2A61D0EF.pf
    Found ! - C:\WINDOWS\prefetch\31824656.EXE-399AF964.pf
    Found ! - C:\WINDOWS\prefetch\327531.EXE-2B297A48.pf
    Found ! - C:\WINDOWS\prefetch\330968.EXE-051B43C0.pf
    Found ! - C:\WINDOWS\prefetch\337968.EXE-05990072.pf
    Found ! - C:\WINDOWS\prefetch\636250.EXE-18BF48A8.pf
    Found ! - C:\WINDOWS\prefetch\702546.EXE-01AA9983.pf
    Found ! - C:\WINDOWS\prefetch\709812.EXE-2D495EEE.pf
    Found ! - C:\WINDOWS\prefetch\769984.EXE-22CBCEA3.pf
    Found ! - C:\WINDOWS\prefetch\770328.EXE-120930B5.pf
    Found ! - C:\WINDOWS\prefetch\907203.EXE-2C3A16B2.pf
    Found ! - C:\WINDOWS\prefetch\918734.EXE-22BD6F93.pf
    Found ! - C:\WINDOWS\prefetch\918781.EXE-176055F5.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-236CC115.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf

    ################## [ C:\WINDOWS\system32 ]

    Found ! [28/01/2009 10:36] - C:\WINDOWS\system32\mdelk.exe
    Found ! [28/01/2009 10:36] - C:\WINDOWS\system32\wintems.exe
    Found ! [28/01/2009 10:37] - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\Titi\Application Data ]

    Found ! [27/01/2009 19:47] - "C:\Documents and Settings\Titi\Application Data\m\flec006.exe"
    Found ! [28/01/2009 10:28] - "C:\Documents and Settings\Titi\Application Data\m\list.oct"
    Found ! [28/01/2009 10:28] - "C:\Documents and Settings\Titi\Application Data\m\data.oct"
    Found ! [28/01/2009 10:28] - "C:\Documents and Settings\Titi\Application Data\m\srvlist.oct"
    Found ! [28/01/2009 10:29] - "C:\Documents and Settings\Titi\Application Data\m\shared"
    Found ! [24/01/2009 19:58] - "C:\Documents and Settings\Titi\Application Data\m"
    Found ! [24/01/2009 14:53] - "C:\Documents and Settings\Titi\Application Data\drivers"
    Found ! [28/01/2009 10:26] - "C:\Documents and Settings\Titi\Application Data\drivers\srosa2.sys"
    Found ! [28/01/2009 10:26] - "C:\Documents and Settings\Titi\Application Data\drivers\wfsintwq.sys"
    Found ! [14/09/2006 10:04] - "C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe"
    Found ! [28/01/2009 10:36] - "C:\Documents and Settings\Titi\Application Data\drivers\downld"

    ################## [ C:\DOCUME~1\Titi\LOCALS~1\Temp ]

    \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    LightScribe Control Panel=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    a-squared="C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    Installed=1
    NoChange=1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqptc08]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\looksingle]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\MsgPlus]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\MuleAppData
    Found ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Ubisoft
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    \\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    /!\ Mode sans echec non fonctionnel !!

    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - # Type de démarrage = 4

    /!\ Ip6Fw - # Type de démarrage = 4

    SharedAccess - # Type de démarrage = "Start"

    /!\ wuauserv - # Type de démarrage = 4

    /!\ wscsvc - # Type de démarrage = 4

    \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

    # Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    F: - Lecteur fixe

    # presence des fichiers :

    \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

    -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.714 ! ]
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Le problème, je te l'ai expliqué au premier message.
    C'est une infection Bagle, qui se propage surtout via des cracks et keygens pourris sur les réseaux P2P ! (eMule, Torrent...)

    # Bagle endommage les logiciels de sécurité et empêche d'en installer d'autres, en affichant « XXX n'est pas une application win32 valide ».
    # Bagle empêche de redémarrer en mode sans échec
    # Bagle endommage parfois les connections Wi-Fi (erreur 1068)
    # Bagle ralentit fortement l'ordinateur

    Pour désinfecter :

    • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir

    • Relance FindyKill

    • Cette fois, choisis l'option 2 (Suppression) au menu principal

    • Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" !

    • Ensuite poste le rapport C:/FindyKill.txt (il est sauvegardé à la racine du disque dur)

    0
  11. fredy83 Messages postés 48 Statut Membre
     
    Ok merci !
    ferait tout ca ce soir ,je part au boulot......
    Je te tient au courrant

    Fred
    0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, à ce soir :)

    0
  13. fredy83 Messages postés 48 Statut Membre
     
    Bonsoir,
    Je viens de faire la deuxieme phase voici le rapport , mes que doit t-on comprendre a tout ca ?
    peut on s'avoir qui faisait des menaces a mon pc , et puis-je etre sur que tout est bien deleté ?
    en tout cas je viens de d'installer un anti virus donc qque chose a belle et bien reussi !

    Conclusion pour moi c'est que Findykill que tu ma recommandé d'executer aurrais fonctionné !!!

    Peut tu s'en vouloir abuser m'expliqué tout ceci pour que cela puisse servir a d'autre !

    Merci encore !!!!

    ###################### [ FindyKill V4.714 ]

    # User : Titi - FRED
    # Executed from : C:\Program Files\FindyKill
    # Update on 19/01/09 by Chiquitine29
    # Start at 19:28:47 the 28/01/2009
    # Windows XP - Internet Explorer 7.0.5730.11

    # [ FindyKill V4.714 - Deleting ] ###############

    \\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe

    \\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

    ################## [ C:\ ]

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Deleted ! - C:\WINDOWS\prefetch\15458328.EXE-030DE173.pf
    Deleted ! - C:\WINDOWS\prefetch\15458890.EXE-02C33EC2.pf
    Deleted ! - C:\WINDOWS\prefetch\15668203.EXE-32E987E0.pf
    Deleted ! - C:\WINDOWS\prefetch\15681375.EXE-0EA64C4F.pf
    Deleted ! - C:\WINDOWS\prefetch\15707343.EXE-35F4A1D9.pf
    Deleted ! - C:\WINDOWS\prefetch\15746828.EXE-16AF8C2E.pf
    Deleted ! - C:\WINDOWS\prefetch\15827375.EXE-345A7951.pf
    Deleted ! - C:\WINDOWS\prefetch\15835171.EXE-06F87D69.pf
    Deleted ! - C:\WINDOWS\prefetch\15895171.EXE-0431F7D3.pf
    Deleted ! - C:\WINDOWS\prefetch\15897750.EXE-0B9EB2BD.pf
    Deleted ! - C:\WINDOWS\prefetch\15902421.EXE-0BA1FA12.pf
    Deleted ! - C:\WINDOWS\prefetch\16241953.EXE-3656C2E7.pf
    Deleted ! - C:\WINDOWS\prefetch\16244328.EXE-00A33569.pf
    Deleted ! - C:\WINDOWS\prefetch\16369156.EXE-37262C92.pf
    Deleted ! - C:\WINDOWS\prefetch\16378625.EXE-1D1B5FD9.pf
    Deleted ! - C:\WINDOWS\prefetch\16408062.EXE-2D804CF4.pf
    Deleted ! - C:\WINDOWS\prefetch\16415328.EXE-18951868.pf
    Deleted ! - C:\WINDOWS\prefetch\275015.EXE-194648EB.pf
    Deleted ! - C:\WINDOWS\prefetch\31144078.EXE-1CF93E87.pf
    Deleted ! - C:\WINDOWS\prefetch\31157140.EXE-15C256A1.pf
    Deleted ! - C:\WINDOWS\prefetch\31247343.EXE-1BCFB593.pf
    Deleted ! - C:\WINDOWS\prefetch\31565078.EXE-22233134.pf
    Deleted ! - C:\WINDOWS\prefetch\31661593.EXE-0862D8B6.pf
    Deleted ! - C:\WINDOWS\prefetch\31724015.EXE-35B4456A.pf
    Deleted ! - C:\WINDOWS\prefetch\31732296.EXE-307720E5.pf
    Deleted ! - C:\WINDOWS\prefetch\31816140.EXE-2A61D0EF.pf
    Deleted ! - C:\WINDOWS\prefetch\31824656.EXE-399AF964.pf
    Deleted ! - C:\WINDOWS\prefetch\327531.EXE-2B297A48.pf
    Deleted ! - C:\WINDOWS\prefetch\330968.EXE-051B43C0.pf
    Deleted ! - C:\WINDOWS\prefetch\337968.EXE-05990072.pf
    Deleted ! - C:\WINDOWS\prefetch\636250.EXE-18BF48A8.pf
    Deleted ! - C:\WINDOWS\prefetch\702546.EXE-01AA9983.pf
    Deleted ! - C:\WINDOWS\prefetch\709812.EXE-2D495EEE.pf
    Deleted ! - C:\WINDOWS\prefetch\769984.EXE-22CBCEA3.pf
    Deleted ! - C:\WINDOWS\prefetch\770328.EXE-120930B5.pf
    Deleted ! - C:\WINDOWS\prefetch\907203.EXE-2C3A16B2.pf
    Deleted ! - C:\WINDOWS\prefetch\918734.EXE-22BD6F93.pf
    Deleted ! - C:\WINDOWS\prefetch\918781.EXE-176055F5.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-236CC115.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-28EE3AC4.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf

    ################## [ C:\WINDOWS\system32 ]

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\Titi\Application Data ]

    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m\data.oct"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m\srvlist.oct"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\m"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\drivers\srosa2.sys"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\drivers\wfsintwq.sys"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\Titi\Application Data\drivers"

    ################## [ C:\DOCUME~1\Titi\LOCALS~1\Temp ]

    ################## [ C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5 ]

    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\071DO2AL\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\071DO2AL\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\071DO2AL\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\071DO2AL\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\071DO2AL\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08E54322\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08E54322\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08E54322\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08E54322\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08UCB9LW\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\08UCB9LW\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\309XEYEW\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\309XEYEW\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\309XEYEW\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\309XEYEW\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9F1HJOI9\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9F1HJOI9\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9F1HJOI9\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9F1HJOI9\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9F1HJOI9\b64_1[4].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9OUP3SYB\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\9OUP3SYB\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\C5L99XIH\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\C5L99XIH\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\C5L99XIH\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\C5L99XIH\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\GWUWGWQM\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\GWUWGWQM\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\GWUWGWQM\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\I9JKFZKN\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\I9JKFZKN\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\I9JKFZKN\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\I9JKFZKN\file[1].txt
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\J662ASZD\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\J662ASZD\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\JNTB3QN6\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\JNTB3QN6\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\JNTB3QN6\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\JNTB3QN6\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\JNTB3QN6\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\MP9XM4WQ\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\MP9XM4WQ\file[1].txt
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\MP9XM4WQ\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OFZIK6TA\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OFZIK6TA\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OFZIK6TA\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OFZIK6TA\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\OILNP410\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\USRLTLZE\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\USRLTLZE\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\USRLTLZE\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\USRLTLZE\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\WUWZHWYQ\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Titi\Local Settings\Temporary Internet Files\Content.IE5\WUWZHWYQ\b64_2[1].jpg

    \\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Local AppWizard-Generated Applications\patch
    Deleted ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\FFC
    Deleted ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\MuleAppData
    Deleted ! - HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Ubisoft

    \\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

    # Safe boot mode restored !

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - # Type of startup = 3

    Ip6Fw - # Type of startup = 2

    SharedAccess - # Type of startup = "Start"

    wuauserv - # Type of startup = 2

    wscsvc - # Type of startup = 2

    \\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

    # Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    F: - Lecteur fixe

    # deleting files :

    \\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

    -> Not found !

    \\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

    Références de comparaison Bagle MD5 :

    2a47bdb6 C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe
    1e8dcee42629aacc87cb0e61ec03b88d C:\Documents and Settings\Titi\Application Data\drivers\winupgro.exe

    Suspect ! - 1e8dcee42629aacc87cb0e61ec03b88d C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    \\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

    C:\Documents and Settings\Titi\Application Data\Macromedia\Flash Player\#SharedObjects\NJJP2ES2\crackle.com
    C:\Documents and Settings\Titi\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com
    C:\Documents and Settings\Titi\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\liesmich.txt
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\nfsuclient.exe
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\nfsuserver.0.9.9.exe
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\nfsuserver.0.9.9.service.exe
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\readme.txt
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\server.log
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\servers.dat
    C:\Documents and Settings\Titi\Mes documents\Mes images\A trier\NFS 1 - crack reseau\Crack\Service.log
    C:\Documents and Settings\Titi\Recent\Avast.Antivirus.Pro.v4.8.1201.FR.Incl-Keygen.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\Jeu Pc Age Of Mythologie Fr Titans Expansion Cracks.rar.lnk
    C:\Documents and Settings\Titi\Recent\Malwarebytes.Anti-Malware.v1.33.Multilangages.Incl-Keygen.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\Mastersoft SuDoku for Pocket Pc Pocketpc ppc ppc2002 Wm2003 Cracked (Repack & Distribution by Mundel (C) 2005).lnk
    C:\Documents and Settings\Titi\Recent\Microsoft.Windows.Vista.RTM.Ultimate.32-64Bit.+.MUI-FRENCH.+.Crack.Activation.&.Evaluation.+.Tuto.SHARED.BY.KUIKI.lnk
    C:\Documents and Settings\Titi\Recent\NOD32.ESET.Smart.Security.v3.0.672.FR.Incl-Crack.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\TomTom.With.Internal.GPS.Support.v6.02.S60v3.SymbianOS9.1.Cracked-BiNPDA.part1.rar.lnk
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw

    ################## [ ! End of report # FindyKill V4.714 ! ]

    0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Arrête d'utiliser des cracks maintenant, sinon ton ordinateur sera réinfecté !!!

    C:\Documents and Settings\Titi\Recent\Avast.Antivirus.Pro.v4.8.1201.FR.Incl-Keygen.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\Jeu Pc Age Of Mythologie Fr Titans Expansion Cracks.rar.lnk
    C:\Documents and Settings\Titi\Recent\Malwarebytes.Anti-Malware.v1.33.Multilangages.Incl-Keygen.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\Mastersoft SuDoku for Pocket Pc Pocketpc ppc ppc2002 Wm2003 Cracked (Repack & Distribution by Mundel (C) 2005).lnk
    C:\Documents and Settings\Titi\Recent\Microsoft.Windows.Vista.RTM.Ultimate.32-64Bit.+.MUI-FRENCH.+.Crack.Activation.&.Evaluation.+.Tuto.SHARED.BY.KUIKI.lnk
    C:\Documents and Settings\Titi\Recent\NOD32.ESET.Smart.Security.v3.0.672.FR.Incl-Crack.[emule-island.com].rar.lnk
    C:\Documents and Settings\Titi\Recent\TomTom.With.Internal.GPS.Support.v6.02.S60v3.SymbianOS9.1.Cracked-BiNPDA.part1.rar.lnk


    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  15. fredy83 Messages postés 48 Statut Membre
     
    Et me revoila !
    j'ai fait le scan et voila le resultat .
    Est-ce normale ?

    Merci encore

    Fred

    ComboFix 09-01-21.04 - Titi 2009-01-28 21:47:40.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2489 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Titi\Bureau\C-Fix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Titi\Application Data\drivers\downld
    c:\program files\MessengerPlus! 3\MsgPlus.exe
    c:\windows\emMON.exe
    c:\windows\system32\_004922_.tmp.dll
    c:\windows\system32\_004923_.tmp.dll
    c:\windows\system32\_004924_.tmp.dll
    c:\windows\system32\_004925_.tmp.dll
    c:\windows\system32\_004932_.tmp.dll
    c:\windows\system32\_004933_.tmp.dll
    c:\windows\system32\_004934_.tmp.dll
    c:\windows\system32\_004935_.tmp.dll
    c:\windows\system32\_004936_.tmp.dll
    c:\windows\system32\_004937_.tmp.dll
    c:\windows\system32\_004938_.tmp.dll
    c:\windows\system32\_004939_.tmp.dll
    c:\windows\system32\_004940_.tmp.dll
    c:\windows\system32\_004941_.tmp.dll
    c:\windows\system32\_004942_.tmp.dll
    c:\windows\system32\_004943_.tmp.dll
    c:\windows\system32\_004944_.tmp.dll
    c:\windows\system32\_004945_.tmp.dll
    c:\windows\system32\_004946_.tmp.dll
    c:\windows\system32\_004947_.tmp.dll
    c:\windows\system32\_004948_.tmp.dll
    c:\windows\system32\_004949_.tmp.dll
    c:\windows\system32\_004950_.tmp.dll
    c:\windows\system32\_004951_.tmp.dll
    c:\windows\system32\_004952_.tmp.dll
    c:\windows\system32\_004953_.tmp.dll
    c:\windows\system32\_004956_.tmp.dll
    c:\windows\system32\_004957_.tmp.dll
    c:\windows\system32\_004958_.tmp.dll
    c:\windows\system32\_004959_.tmp.dll
    c:\windows\system32\_004960_.tmp.dll
    c:\windows\system32\_004961_.tmp.dll
    c:\windows\system32\_004962_.tmp.dll
    c:\windows\system32\_004963_.tmp.dll
    c:\windows\system32\_004964_.tmp.dll
    c:\windows\system32\_004965_.tmp.dll
    c:\windows\system32\_004966_.tmp.dll
    c:\windows\system32\_004967_.tmp.dll
    c:\windows\system32\_004968_.tmp.dll
    c:\windows\system32\_004970_.tmp.dll
    c:\windows\system32\_004971_.tmp.dll
    c:\windows\system32\_004972_.tmp.dll
    c:\windows\system32\_004973_.tmp.dll
    c:\windows\system32\_004974_.tmp.dll
    c:\windows\system32\_004975_.tmp.dll
    c:\windows\system32\_004976_.tmp.dll
    c:\windows\system32\_004979_.tmp.dll
    c:\windows\system32\_004980_.tmp.dll
    c:\windows\system32\_004981_.tmp.dll
    c:\windows\system32\_004983_.tmp.dll
    c:\windows\system32\_004984_.tmp.dll
    c:\windows\system32\_004985_.tmp.dll
    c:\windows\system32\_004986_.tmp.dll
    c:\windows\system32\_004987_.tmp.dll
    c:\windows\system32\_004988_.tmp.dll
    c:\windows\system32\_004989_.tmp.dll
    c:\windows\system32\_004990_.tmp.dll
    c:\windows\system32\_004991_.tmp.dll
    c:\windows\system32\_004993_.tmp.dll
    c:\windows\system32\_004994_.tmp.dll
    c:\windows\system32\_004995_.tmp.dll
    c:\windows\system32\_004996_.tmp.dll
    c:\windows\system32\_004998_.tmp.dll
    c:\windows\system32\_005000_.tmp.dll
    c:\windows\system32\_005001_.tmp.dll
    c:\windows\system32\_005002_.tmp.dll
    c:\windows\system32\_005003_.tmp.dll
    c:\windows\system32\_005004_.tmp.dll
    c:\windows\system32\_005005_.tmp.dll
    c:\windows\system32\_005006_.tmp.dll
    c:\windows\system32\_005007_.tmp.dll
    c:\windows\system32\_005009_.tmp.dll
    c:\windows\system32\_005010_.tmp.dll
    c:\windows\system32\_005011_.tmp.dll
    c:\windows\system32\_005012_.tmp.dll
    c:\windows\system32\_005013_.tmp.dll
    c:\windows\system32\_005014_.tmp.dll
    c:\windows\system32\_005015_.tmp.dll
    c:\windows\system32\_005016_.tmp.dll
    c:\windows\system32\_005018_.tmp.dll
    c:\windows\system32\_005019_.tmp.dll
    c:\windows\system32\_005020_.tmp.dll
    c:\windows\system32\_005021_.tmp.dll
    c:\windows\system32\_005023_.tmp.dll
    c:\windows\system32\_005024_.tmp.dll
    c:\windows\system32\_005028_.tmp.dll
    c:\windows\system32\_005029_.tmp.dll
    c:\windows\system32\_005031_.tmp.dll
    c:\windows\system32\_005033_.tmp.dll
    c:\windows\system32\_005034_.tmp.dll
    c:\windows\system32\_005036_.tmp.dll
    c:\windows\system32\_005037_.tmp.dll
    c:\windows\system32\_005038_.tmp.dll
    c:\windows\system32\_005039_.tmp.dll
    c:\windows\system32\_005042_.tmp.dll
    c:\windows\system32\_005043_.tmp.dll
    c:\windows\system32\_005044_.tmp.dll
    c:\windows\system32\_005045_.tmp.dll
    c:\windows\system32\_005046_.tmp.dll
    c:\windows\system32\_005051_.tmp.dll
    c:\windows\system32\_005053_.tmp.dll
    c:\windows\system32\autorun.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\program files\ESET
    2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
    2009-01-28 20:27 . 2009-01-28 21:50 <REP> d--h----- c:\documents and settings\Titi\Application Data\drivers
    2009-01-28 11:18 . 2009-01-28 20:13 <REP> d-------- c:\program files\FindyKill
    2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\program files\Trend Micro
    2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\Titi\Application Data\AVGTOOLBAR
    2009-01-26 19:19 . 2009-01-27 09:53 <REP> d-------- c:\program files\NortonInstaller
    2009-01-26 19:11 . 2009-01-26 19:15 46,640 --a------ c:\windows\system32\msln.exe
    2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Norton
    2009-01-26 18:13 . 2009-01-27 09:52 <REP> d-------- c:\program files\a-squared Anti-Malware
    2009-01-25 18:52 . 2009-01-25 18:52 <REP> d-------- c:\program files\Support Tools
    2009-01-25 09:16 . 2009-01-25 09:20 <REP> d-------- c:\documents and settings\Titi\.housecall6.6
    2009-01-24 19:01 . 2007-03-20 10:37 831,048 --a------ c:\windows\system32\WudfUpdate_01005.dll
    2009-01-24 12:08 . 2009-01-24 12:08 <REP> d-------- c:\documents and settings\Titi\Application Data\Malwarebytes
    2009-01-24 12:07 . 2009-01-24 12:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-22 21:28 . 2009-01-24 16:26 <REP> d-------- c:\program files\Spyware Doctor
    2009-01-22 18:32 . 2009-01-22 21:28 <REP> d-------- c:\program files\Spyware Doctor(2)
    2009-01-21 15:53 . 2009-01-22 21:28 <REP> d-------- c:\program files\Anti Trojan Elite
    2009-01-20 19:49 . 2009-01-26 18:46 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-20 19:49 . 2009-01-20 19:49 1,409 --a------ c:\windows\QTFont.for
    2009-01-06 17:13 . 2009-01-06 17:53 <REP> d-------- c:\program files\Microsoft Digital Image 10
    2009-01-04 22:02 . 2009-01-04 22:02 <REP> d-------- c:\program files\Securitoo
    2009-01-04 22:02 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-04 22:02 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-01 20:01 . 2009-01-01 20:01 <REP> d-------- c:\program files\Spykee
    2009-01-01 14:04 . 2009-01-01 14:04 <REP> d-------- c:\program files\Activision Value

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-28 20:52 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
    2009-01-28 20:52 0 ----a-w c:\windows\system32\drivers\logiflt.iad
    2009-01-28 20:50 --------- d-----w c:\program files\MessengerPlus! 3
    2009-01-28 16:05 --------- d-----w c:\program files\eChanblard
    2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    2009-01-25 17:06 --------- d-----w c:\program files\Ripp-it_AM
    2009-01-24 09:37 --------- d-----w c:\program files\Google
    2009-01-22 20:28 --------- d-----w c:\program files\Logitech
    2009-01-22 20:28 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2009-01-22 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
    2009-01-11 21:33 --------- d-----w c:\program files\Micro Application
    2009-01-05 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-29 22:10 --------- d-----w c:\program files\VirtualDJ
    2008-12-17 21:10 222 ----a-w C:\ffmpeg_debug.bat
    2008-12-17 21:10 215 ----a-w C:\ffmpeg.bat
    2008-12-15 10:50 --------- d-----w c:\documents and settings\Titi\Application Data\Snapfish
    2008-12-08 17:44 601,088 ----a-w c:\windows\Christmas Tree Screensaver.scr
    2008-11-28 19:04 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2008-11-28 19:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-11-28 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
    2008-11-28 18:56 --------- d-----w c:\program files\Nokia
    2008-11-28 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2008-11-28 18:55 --------- d-----w c:\program files\Fichiers communs\Nokia
    2008-11-03 16:23 22,328 ----a-w c:\documents and settings\Titi\Application Data\PnkBstrK.sys
    2008-02-09 22:09 5,422 ----a-w c:\program files\UnInstall_jetAudio.txt
    2006-11-19 17:11 251 ----a-w c:\program files\wt3d.ini
    2004-04-26 22:30 81,920 ------w c:\program files\JFRMPl.FRC
    2004-04-26 22:30 487,424 ------w c:\program files\JetAudio.FRC
    2004-04-26 22:30 462,848 ------w c:\program files\JetCast.FRC
    2004-04-26 22:30 45,056 ------w c:\program files\JetLyric.FRC
    2004-04-26 22:30 32,768 ------w c:\program files\JFMPCRd.FRC
    2004-04-26 22:30 151,552 ------w c:\program files\JetChat.FRC
    2004-04-26 22:29 53,248 ------w c:\program files\JFDVDPl.FRC
    2004-04-26 22:29 32,768 ------w c:\program files\JFACDRd.FRC
    2004-04-26 21:54 106,496 ------w c:\program files\JetRecorder.FRC
    2004-04-23 13:08 49,152 ------w c:\program files\JFDSPl.FRC
    2004-04-23 01:13 77,824 ------w c:\program files\JetTrim.FRC
    2004-04-23 01:13 49,152 ------w c:\program files\JXCddb.FRC
    2004-04-23 01:13 36,864 ------w c:\program files\JetFlExt.FRC
    2004-04-23 01:13 36,864 ------w c:\program files\JetCrash.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXVisual.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXTag.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXCDMan.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JSWMAWt.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JFWavWt.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JFWavRd.FRC
    2004-02-06 17:42 322,048 ------w c:\program files\UnInstall_jetAudio.exe
    2008-04-21 19:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-04-21 19:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-04-21 19:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-04-21 19:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-04-21 19:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2004-08-10 20:00 94,864 --sh--w c:\windows\twain.dll
    2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_16.dll
    2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_32.dll
    2007-12-04 18:41 550,912 --sh--w c:\windows\system32\oleaut32.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-25 243072]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-01-28 2782352]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    c:\documents and settings\Titi\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-15 344064]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-28 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-28 8320]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKCU-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    Notify-dimsntfy - (no file)
    Notify-nnnoPHwu - nnnoPHwu.dll

    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://www.ustart.org
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-28 21:54:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\SecuROM\License information*]
    "datasecu"=hex:5f,a0,80,f6,03,13,1e,ba,46,b0,a1,77,20,a8,1f,56,53,79,b0,02,fe,
    08,f0,f4,d7,96,a5,ac,d2,9b,88,52,8a,ee,2d,e0,6a,ff,4e,d8,30,8c,27,53,85,af,\
    "rkeysecu"=hex:39,cc,8a,da,7f,44,84,09,da,b7,e2,0c,b8,a9,a5,33

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe
    c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\progra~1\MICROS~2\rapimgr.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\IncrediMail\bin\ImApp.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-28 21:58:38 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-28 20:58:35

    Avant-CF: 40 199 192 576 octets libres
    Après-CF: 40,127,770,624 octets libres

    332 --- E O F --- 2008-12-18 02:01:05
    0
  16. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Je m'excuse pour le délai de réponse, et j'espère que tu reviendras pour terminer la désinfection :(

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour fredy83, il n'est pas transposable sur un autre ordinateur !

    Toujours avec toutes les protections désactivées, fais ceci :

    • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    • Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    c:\windows\system32\msln.exe
    c:\windows\system32\drivers\lvuvc.hs
    c:\program files\wt3d.ini

    ------------------------------------------------------------------

    • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    • Quitte le Bloc Notes

    • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
    1. fredy83 Messages postés 48 Statut Membre
       
      Salut,
      Il est vrai que j'ai creu que je ne te lirais plus !
      Mon pc allait mieux alors jme suis dit bon on fera avec s'en s'avoir vraiment la finalité.
      Mais comme quoi des personnes comme toi, son bonne a sité comme des gens serviable et efficace !
      quoi qu'il en soit je 'texprime ma reconnaissance pour avoir suivi mon cas et avoir pris de t-on temp !
      Un grand MERCI !!!!!!!


      Voici le resultat de mon scan ,j'espere que tout va bien !!

      Fred


      ComboFix 09-02-04.01 - Titi 2009-02-04 19:40:52.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2411 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Titi\Bureau\C-Fix.exe
      Commutateurs utilisés :: c:\documents and settings\Titi\Bureau\CFScript.txt
      AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\_004948_.tmp.dll
      c:\windows\system32\_004949_.tmp.dll
      c:\windows\system32\_004950_.tmp.dll
      c:\windows\system32\_004951_.tmp.dll
      c:\windows\system32\_004958_.tmp.dll
      c:\windows\system32\_004959_.tmp.dll
      c:\windows\system32\_004960_.tmp.dll
      c:\windows\system32\_004962_.tmp.dll
      c:\windows\system32\_004963_.tmp.dll
      c:\windows\system32\_004966_.tmp.dll
      c:\windows\system32\_004967_.tmp.dll
      c:\windows\system32\_004969_.tmp.dll
      c:\windows\system32\_004970_.tmp.dll
      c:\windows\system32\_004971_.tmp.dll
      c:\windows\system32\_004973_.tmp.dll
      c:\windows\system32\_004976_.tmp.dll
      c:\windows\system32\_004977_.tmp.dll
      c:\windows\system32\_004981_.tmp.dll
      c:\windows\system32\_004982_.tmp.dll
      c:\windows\system32\_004984_.tmp.dll
      c:\windows\system32\_004986_.tmp.dll
      c:\windows\system32\_004987_.tmp.dll
      c:\windows\system32\_004989_.tmp.dll
      c:\windows\system32\_004990_.tmp.dll
      c:\windows\system32\_004991_.tmp.dll
      c:\windows\system32\_004992_.tmp.dll
      c:\windows\system32\_004995_.tmp.dll
      c:\windows\system32\_004996_.tmp.dll
      c:\windows\system32\_004997_.tmp.dll
      c:\windows\system32\_004998_.tmp.dll
      c:\windows\system32\_004999_.tmp.dll
      c:\windows\system32\_005004_.tmp.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
      .

      2009-02-02 11:03 . 2008-06-24 13:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
      2009-02-02 11:03 . 2008-06-23 17:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
      2009-02-02 11:03 . 2009-02-02 11:03 0 --a------ c:\windows\Irremote.ini
      2009-02-01 19:17 . 2009-02-01 19:17 360,320 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
      2009-01-28 23:40 . 2008-04-13 11:36 2,986,496 --a------ c:\windows\system32\SET17BF.tmp
      2009-01-28 23:40 . 2008-04-13 11:40 445,440 --a------ c:\windows\system32\SET17DB.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 354,304 --a------ c:\windows\system32\SET17B1.tmp
      2009-01-28 23:40 . 2008-04-13 19:31 177,152 --a------ c:\windows\system32\SET17E6.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 80,896 --a------ c:\windows\system32\SET17AC.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 75,776 --a------ c:\windows\system32\SET17BC.tmp
      2009-01-28 23:40 . 2008-04-13 19:34 28,672 --a------ c:\windows\system32\SET17B6.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 24,576 --a------ c:\windows\system32\SET1808.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 15,872 --a------ c:\windows\system32\SET17B5.tmp
      2009-01-28 23:40 . 2008-04-13 19:33 6,656 --a------ c:\windows\system32\SET17A9.tmp
      2009-01-28 23:38 . 2008-04-13 19:33 527,360 --a------ c:\windows\system32\SETB68.tmp
      2009-01-28 23:38 . 2008-04-13 19:33 95,744 --a------ c:\windows\system32\SETB6E.tmp
      2009-01-28 23:36 . 2008-04-13 19:33 8,517,632 --a------ c:\windows\system32\SET74D.tmp
      2009-01-28 23:35 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u03351_.tmp
      2009-01-28 21:46 . 2009-01-28 21:46 0 --a------ c:\windows\LCDMedia.INI
      2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\program files\ESET
      2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
      2009-01-28 20:27 . 2009-01-28 21:50 <REP> d--h----- c:\documents and settings\Titi\Application Data\drivers
      2009-01-28 11:18 . 2009-01-28 20:13 <REP> d-------- c:\program files\FindyKill
      2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\program files\Trend Micro
      2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\Titi\Application Data\AVGTOOLBAR
      2009-01-26 19:19 . 2009-01-27 09:53 <REP> d-------- c:\program files\NortonInstaller
      2009-01-26 19:11 . 2009-01-26 19:15 46,640 --a------ c:\windows\system32\msln.exe
      2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
      2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Norton
      2009-01-26 18:13 . 2009-01-27 09:52 <REP> d-------- c:\program files\a-squared Anti-Malware
      2009-01-25 18:52 . 2009-01-25 18:52 <REP> d-------- c:\program files\Support Tools
      2009-01-25 09:16 . 2009-01-25 09:20 <REP> d-------- c:\documents and settings\Titi\.housecall6.6
      2009-01-24 19:01 . 2007-03-20 10:37 831,048 --a------ c:\windows\system32\WudfUpdate_01005.dll
      2009-01-24 12:08 . 2009-01-24 12:08 <REP> d-------- c:\documents and settings\Titi\Application Data\Malwarebytes
      2009-01-24 12:07 . 2009-01-24 12:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-01-22 21:28 . 2009-01-24 16:26 <REP> d-------- c:\program files\Spyware Doctor
      2009-01-22 18:32 . 2009-01-22 21:28 <REP> d-------- c:\program files\Spyware Doctor(2)
      2009-01-21 15:53 . 2009-01-22 21:28 <REP> d-------- c:\program files\Anti Trojan Elite
      2009-01-20 19:49 . 2009-02-04 17:03 54,156 --ah----- c:\windows\QTFont.qfn
      2009-01-20 19:49 . 2009-01-20 19:49 1,409 --a------ c:\windows\QTFont.for
      2009-01-06 17:13 . 2009-01-06 17:53 <REP> d-------- c:\program files\Microsoft Digital Image 10
      2009-01-04 22:02 . 2009-01-04 22:02 <REP> d-------- c:\program files\Securitoo
      2009-01-04 22:02 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
      2009-01-04 22:02 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-02-04 18:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
      2009-02-04 18:46 0 ----a-w c:\windows\system32\drivers\logiflt.iad
      2009-02-04 16:53 --------- d-----w c:\program files\eChanblard
      2009-02-02 16:33 --------- d-----w c:\program files\Fichiers communs\Ahead
      2009-02-02 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
      2009-02-02 16:25 --------- d-----w c:\program files\Nero
      2009-02-02 10:05 --------- d-----w c:\program files\Fichiers communs\Nero
      2009-02-01 18:17 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS
      2009-01-28 20:50 --------- d-----w c:\program files\MessengerPlus! 3
      2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
      2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
      2009-01-25 17:06 --------- d-----w c:\program files\Ripp-it_AM
      2009-01-24 09:37 --------- d-----w c:\program files\Google
      2009-01-22 20:28 --------- d-----w c:\program files\Logitech
      2009-01-22 20:28 --------- d-----w c:\program files\Fichiers communs\LogiShrd
      2009-01-22 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
      2009-01-11 21:33 --------- d-----w c:\program files\Micro Application
      2009-01-05 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-01-01 19:01 --------- d-----w c:\program files\Spykee
      2009-01-01 13:04 --------- d-----w c:\program files\Activision Value
      2008-12-29 22:10 --------- d-----w c:\program files\VirtualDJ
      2008-12-17 21:10 222 ----a-w C:\ffmpeg_debug.bat
      2008-12-17 21:10 215 ----a-w C:\ffmpeg.bat
      2008-12-15 10:50 --------- d-----w c:\documents and settings\Titi\Application Data\Snapfish
      2008-12-08 17:44 601,088 ----a-w c:\windows\Christmas Tree Screensaver.scr
      2008-11-03 16:23 22,328 ----a-w c:\documents and settings\Titi\Application Data\PnkBstrK.sys
      2008-02-09 22:09 5,422 ----a-w c:\program files\UnInstall_jetAudio.txt
      2006-11-19 17:11 251 ----a-w c:\program files\wt3d.ini
      2004-04-26 22:30 81,920 ------w c:\program files\JFRMPl.FRC
      2004-04-26 22:30 487,424 ------w c:\program files\JetAudio.FRC
      2004-04-26 22:30 462,848 ------w c:\program files\JetCast.FRC
      2004-04-26 22:30 45,056 ------w c:\program files\JetLyric.FRC
      2004-04-26 22:30 32,768 ------w c:\program files\JFMPCRd.FRC
      2004-04-26 22:30 151,552 ------w c:\program files\JetChat.FRC
      2004-04-26 22:29 53,248 ------w c:\program files\JFDVDPl.FRC
      2004-04-26 22:29 32,768 ------w c:\program files\JFACDRd.FRC
      2004-04-26 21:54 106,496 ------w c:\program files\JetRecorder.FRC
      2004-04-23 13:08 49,152 ------w c:\program files\JFDSPl.FRC
      2004-04-23 01:13 77,824 ------w c:\program files\JetTrim.FRC
      2004-04-23 01:13 49,152 ------w c:\program files\JXCddb.FRC
      2004-04-23 01:13 36,864 ------w c:\program files\JetFlExt.FRC
      2004-04-23 01:13 36,864 ------w c:\program files\JetCrash.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JXVisual.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JXTag.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JXCDMan.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JSWMAWt.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JFWavWt.FRC
      2004-04-23 01:13 32,768 ------w c:\program files\JFWavRd.FRC
      2004-02-06 17:42 322,048 ------w c:\program files\UnInstall_jetAudio.exe
      2008-04-21 19:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
      2008-04-21 19:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
      2008-04-21 19:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
      2008-04-21 19:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
      2008-04-21 19:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
      2004-08-10 20:00 94,864 --sh--w c:\windows\twain.dll
      2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_16.dll
      2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_32.dll
      2007-12-04 18:41 550,912 --sh--w c:\windows\system32\oleaut32.dll
      .

      ------- Sigcheck -------

      2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
      2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
      2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
      2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
      2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
      2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
      2004-08-10 21:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB913446$\tcpip.sys
      2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
      2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
      2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
      2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
      2009-02-01 19:17 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS
      2009-02-01 19:17 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS
      .
      ((((((((((((((((((((((((((((( snapshot@2009-01-28_21.57.49.25 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2009-01-25 14:10:50 767,352 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
      + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
      - 2008-10-26 08:35:38 8,704 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
      + 2009-01-28 22:48:30 8,704 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
      - 2008-10-26 10:39:39 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
      + 2009-01-29 07:56:17 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
      - 2008-10-26 08:35:33 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
      + 2009-01-28 22:48:26 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
      - 2008-10-26 08:35:37 34,816 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
      + 2009-01-28 22:48:29 34,816 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
      - 2008-10-26 10:39:37 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
      + 2009-01-29 07:56:17 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
      - 2008-10-26 10:39:39 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
      + 2009-01-29 07:56:17 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
      - 2008-10-26 10:39:39 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
      + 2009-01-29 07:56:17 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
      - 2008-10-26 10:39:38 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
      + 2009-01-29 07:56:17 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
      - 2008-10-26 10:39:37 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
      + 2009-01-29 07:56:17 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
      - 2008-10-26 10:39:40 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
      + 2009-01-29 07:56:18 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
      - 2008-10-26 10:39:37 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
      + 2009-01-29 07:56:17 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
      - 2008-10-26 10:39:37 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
      + 2009-01-29 07:56:17 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
      - 2008-10-26 10:39:38 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
      + 2009-01-29 07:56:17 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
      - 2008-10-26 10:39:38 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
      + 2009-01-29 07:56:17 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
      - 2008-10-26 10:39:38 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
      + 2009-01-29 07:56:17 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
      - 2008-10-26 10:39:38 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
      + 2009-01-29 07:56:17 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
      - 2008-10-26 10:39:38 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
      + 2009-01-29 07:56:17 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
      - 2008-10-26 10:39:37 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
      + 2009-01-29 07:56:16 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
      - 2008-10-26 10:39:39 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
      + 2009-01-29 07:56:17 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
      - 2008-10-26 10:39:37 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
      + 2009-01-29 07:56:17 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
      - 2008-10-26 08:35:44 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
      + 2009-01-28 22:48:35 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
      - 2008-10-26 08:35:44 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
      + 2009-01-28 22:48:35 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
      - 2008-10-26 08:35:44 4,096 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
      + 2009-01-28 22:48:36 4,096 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
      - 2008-10-26 08:35:45 27,136 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
      + 2009-01-28 22:48:36 27,136 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
      - 2008-10-26 08:35:34 712,704 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
      + 2009-01-28 22:48:26 712,704 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
      - 2008-10-26 10:39:39 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
      + 2009-01-29 07:56:17 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
      - 2008-10-26 08:35:33 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
      + 2009-01-28 22:48:26 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
      - 2008-10-26 08:35:36 286,720 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
      + 2009-01-28 22:48:27 286,720 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
      - 2008-10-26 08:35:36 5,632 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
      + 2009-01-28 22:48:28 5,632 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
      - 2008-10-26 08:35:32 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
      + 2009-01-28 22:48:24 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
      - 2008-10-26 08:35:33 18,944 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
      + 2009-01-28 22:48:25 18,944 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
      - 2008-10-26 08:35:33 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
      + 2009-01-28 22:48:25 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
      - 2008-10-26 08:35:45 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
      + 2009-01-28 22:48:36 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
      - 2008-10-26 08:35:36 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
      + 2009-01-28 22:48:28 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
      - 2008-10-26 10:39:39 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\[u]0/u.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
      + 2009-01-29 07:56:17 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\[u]0/u.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
      - 2008-10-26 08:35:38 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
      + 2009-01-28 22:48:30 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
      - 2008-10-26 08:35:42 1,179,648 ----a-w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
      + 2009-01-28 22:48:33 1,179,648 ----a-w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
      - 2008-10-26 08:35:42 1,695,744 ----a-w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
      + 2009-01-28 22:48:33 1,695,744 ----a-w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
      - 2008-10-26 08:35:38 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
      + 2009-01-28 22:48:30 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
      - 2008-10-26 08:35:39 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
      + 2009-01-28 22:48:30 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
      - 2008-10-26 08:35:43 462,848 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
      + 2009-01-28 22:48:34 462,848 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
      - 2008-10-26 08:35:37 212,992 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
      + 2009-01-28 22:48:29 212,992 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
      - 2008-10-26 08:35:37 48,640 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
      + 2009-01-28 22:48:29 48,640 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
      - 2008-10-26 08:35:45 352,256 ----a-w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
      + 2009-01-28 22:48:37 352,256 ----a-w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
      - 2008-10-26 08:35:43 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
      + 2009-01-28 22:48:35 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
      - 2008-10-26 08:35:46 311,296 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
      + 2009-01-28 22:48:37 311,296 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
      - 2008-10-26 08:35:46 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
      + 2009-01-28 22:48:37 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
      - 2008-10-26 08:35:37 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
      + 2009-01-28 22:48:29 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
      - 2008-10-26 08:35:39 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
      + 2009-01-28 22:48:31 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
      - 2008-10-26 08:35:40 61,440 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
      + 2009-01-28 22:48:32 61,440 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
      - 2008-10-26 08:35:40 507,904 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
      + 2009-01-28 22:48:32 507,904 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
      - 2008-10-26 08:35:39 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
      + 2009-01-28 22:48:31 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
      - 2008-10-26 08:35:41 2,002,944 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
      + 2009-01-28 22:48:32 2,002,944 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
      - 2008-10-26 08:35:41 1,302,528 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
      + 2009-01-28 22:48:33 1,302,528 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
      - 2008-10-26 08:35:43 1,179,648 ----a-w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
      + 2009-01-28 22:48:34 1,179,648 ----a-w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
      + 2009-01-29 07:55:55 258,048 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_c3cade0b\BDATunePIA.dll
      + 2009-01-29 07:55:41 159,744 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_43291f6e\ehCIR.dll
      + 2009-01-29 07:55:53 2,326,528 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_4bb0364c\EhCM.dll
      + 2009-01-29 07:55:54 299,008 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_5162562f\ehcommon.dll
      + 2009-01-29 07:55:50 1,306,624 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_0ebe029a\ehepg.dll
      + 2009-01-29 07:55:42 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_82579c04\ehepgdat.dll
      + 2009-01-29 07:56:01 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_7e5306cb\ehExtCOM.dll
      + 2009-01-29 07:56:14 155,648 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_5b0768b9\ehExtHost.exe
      + 2009-01-29 07:55:31 10,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_5eff3401\ehiExtCOM.dll
      + 2009-01-29 07:55:32 102,400 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_f0f284d5\ehiExtens.dll
      + 2009-01-29 07:55:46 266,240 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_5f7e2e80\ehiMsgr.dll
      + 2009-01-29 07:55:42 380,928 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_0a28cde8\ehiPlay.dll
      + 2009-01-29 07:55:44 565,248 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_4d869d34\ehiProxy.dll
      + 2009-01-29 07:55:44 40,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_fe15132d\ehiUserXp.dll
      + 2009-01-29 07:55:45 458,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_0edf4f3f\ehiVidCtl.dll
      + 2009-01-29 07:55:30 180,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_82f3c613\ehiwmp.dll
      + 2009-01-29 07:55:55 69,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_84314b15\ehiWUapi.dll
      + 2009-01-29 07:55:40 684,032 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_10e238a9\ehRecObj.dll
      + 2009-01-29 07:56:13 6,336,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_4d00392a\ehshell.exe
      + 2009-01-29 07:55:55 65,536 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_c9fe33a1\Microsoft.MediaCenter.dll
      + 2006-09-22 05:02:00 28,672 ----a-w c:\windows\ehome\DiscWriter.dll
      + 2006-09-22 05:01:48 24,576 ----a-w c:\windows\ehome\Interop.NeroMCEWrapper.dll
      + 2009-02-02 16:34:06 25,214 ----a-r c:\windows\Installer\{4908C75E-E5E2-43F7-B1DF-023CBA831036}\ARPPRODUCTICON.exe
      + 2004-08-10 20:00:00 71,040 ------w c:\windows\system32\drivers\_004922_.tmp.dll
      - 2008-06-08 08:37:46 11,304 ----a-w c:\windows\system32\drivers\imagedrv.sys
      + 2005-08-15 10:08:26 5,888 ----a-w c:\windows\system32\drivers\imagedrv.sys
      - 2008-06-08 08:37:56 132,904 ----a-w c:\windows\system32\drivers\imagesrv.sys
      + 2005-08-15 10:08:26 127,488 ----a-w c:\windows\system32\drivers\imagesrv.sys
      - 2009-01-07 09:16:47 366,504 ----a-w c:\windows\system32\FNTCACHE.DAT
      + 2009-01-30 07:02:53 366,504 ----a-w c:\windows\system32\FNTCACHE.DAT
      - 2006-03-17 11:45:52 1,757,184 ----a-w c:\windows\system32\imagX7.dll
      + 2004-07-26 15:16:10 1,568,768 ----a-w c:\windows\system32\imagX7.dll
      - 2006-03-17 11:45:54 497,296 ----a-w c:\windows\system32\imagXpr7.dll
      + 2004-07-26 15:16:10 476,320 ----a-w c:\windows\system32\imagXpr7.dll
      - 2006-03-17 11:45:54 258,048 ----a-w c:\windows\system32\imagXR7.dll
      + 2004-07-26 15:16:10 262,144 ----a-w c:\windows\system32\imagXR7.dll
      - 2006-03-17 11:45:54 802,816 ----a-w c:\windows\system32\imagXRA7.dll
      + 2004-07-26 15:16:10 471,040 ----a-w c:\windows\system32\imagXRA7.dll
      - 2008-08-29 19:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
      + 2008-04-13 18:33:36 1,306,624 ----a-w c:\windows\system32\msxml6.dll
      - 2008-06-06 13:54:26 95,600 ----a-w c:\windows\system32\NeroCo.dll
      + 2005-02-16 13:18:04 90,184 ----a-w c:\windows\system32\NeroCo.dll
      - 2009-01-28 18:36:01 65,180 ----a-w c:\windows\system32\perfc009.dat
      + 2009-01-28 20:57:58 65,180 ----a-w c:\windows\system32\perfc009.dat
      - 2009-01-28 18:36:02 79,026 ----a-w c:\windows\system32\perfc00C.dat
      + 2009-01-28 20:57:58 79,026 ----a-w c:\windows\system32\perfc00C.dat
      - 2009-01-28 18:36:02 410,710 ----a-w c:\windows\system32\perfh009.dat
      + 2009-01-28 20:57:58 410,710 ----a-w c:\windows\system32\perfh009.dat
      - 2009-01-28 18:36:02 479,040 ----a-w c:\windows\system32\perfh00C.dat
      + 2009-01-28 20:57:58 479,040 ----a-w c:\windows\system32\perfh00C.dat
      + 2005-01-07 15:07:18 138,752 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u008\DriverFiles\hdaudbus.sys
      - 2008-04-14 02:34:22 7,680 ----a-w c:\windows\system32\spdwnwxp.exe
      + 2008-04-13 18:34:24 7,680 ----a-w c:\windows\system32\spdwnwxp.exe
      - 2007-07-27 08:41:40 16,760 ----a-w c:\windows\system32\spmsg.dll
      + 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
      - 2007-08-10 06:18:14 26,488 ----a-w c:\windows\system32\spupdsvc.exe
      + 2007-08-10 07:18:14 26,488 ----a-w c:\windows\system32\spupdsvc.exe
      - 2006-03-17 14:49:46 368,640 ----a-w c:\windows\system32\TwnLib4.dll
      + 2004-07-09 07:43:56 364,544 ----a-w c:\windows\system32\TwnLib4.dll
      - 2007-03-20 20:22:04 972,336 ----a-w c:\windows\UNNeroBackItUp.exe
      + 2006-07-14 15:29:44 966,656 ----a-w c:\windows\UNNeroBackItUp.exe
      - 2008-06-24 15:06:56 972,072 ----a-w c:\windows\UNNeroMediaHome.exe
      + 2006-07-14 15:29:44 966,656 ----a-w c:\windows\UNNeroMediaHome.exe
      - 2007-02-28 15:41:02 972,336 ----a-w c:\windows\UNNeroShowTime.exe
      + 2006-07-14 15:29:44 966,656 ----a-w c:\windows\UNNeroShowTime.exe
      - 2007-03-21 20:02:12 972,336 ----a-w c:\windows\UNNeroVision.exe
      + 2006-07-14 15:29:44 966,656 ----a-w c:\windows\UNNeroVision.exe
      - 2008-06-06 13:54:16 972,072 ----a-w c:\windows\UNRecode.exe
      + 2006-07-14 15:29:44 966,656 ----a-w c:\windows\UNRecode.exe
      - 2008-04-14 02:30:54 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
      + 2008-04-13 18:30:56 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
      - 2008-04-14 02:30:54 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
      + 2008-04-13 18:30:56 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
      - 2008-04-14 02:30:54 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
      + 2008-04-13 18:30:56 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
      - 2008-04-14 02:30:54 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
      + 2008-04-13 18:30:56 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
      - 2008-04-14 02:30:54 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
      + 2008-04-13 18:30:56 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
      - 2008-04-14 02:30:54 852,992 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
      + 2008-04-13 18:30:56 852,992 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
      - 2008-04-14 02:30:54 994,816 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
      + 2008-04-13 18:30:56 994,816 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
      - 2008-04-14 02:05:53 137,728 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
      + 2008-04-13 18:05:54 137,728 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
      .
      -- Instantané actualisé --
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
      "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
      "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-25 243072]
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
      "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
      "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-01-28 2782352]
      "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
      "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

      c:\documents and settings\Titi\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
      Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-15 344064]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
      [BU]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "vidc.3iv2"= 3ivxVfWCodec.dll
      "msacm.divxa32"= divxa32.acm
      "VIDC.VP31"= vp31vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
      "c:\\Program Files\\eChanblard\\emule.exe"=
      "c:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=

      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
      R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
      S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-28 138112]
      S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-28 8320]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


      .
      ------- Examen supplémentaire -------
      .
      uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
      uStart Page = hxxp://www.google.fr/
      mStart Page = hxxp://www.ustart.org
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
      FF - ProfilePath -
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-02-04 19:47:58
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Microsoft\SystemCertificates\AddressBook*]
      @Allowed: (Read) (RestrictedCode)
      @Allowed: (Read) (RestrictedCode)

      [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\SecuROM\License information*]
      "datasecu"=hex:5f,a0,80,f6,03,13,1e,ba,46,b0,a1,77,20,a8,1f,56,53,79,b0,02,fe,
      08,f0,f4,d7,96,a5,ac,d2,9b,88,52,8a,ee,2d,e0,6a,ff,4e,d8,30,8c,27,53,85,af,\
      "rkeysecu"=hex:39,cc,8a,da,7f,44,84,09,da,b7,e2,0c,b8,a9,a5,33

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(796)
      c:\windows\system32\Ati2evxx.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\ehome\ehrecvr.exe
      c:\windows\ehome\ehSched.exe
      c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
      c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      c:\windows\system32\msiexec.exe
      c:\windows\system32\HPZipm12.exe
      c:\windows\system32\PnkBstrA.exe
      c:\windows\system32\PnkBstrB.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      c:\windows\ehome\mcrdsvc.exe
      c:\progra~1\MICROS~2\rapimgr.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      c:\program files\IncrediMail\bin\ImApp.exe
      c:\windows\system32\dllhost.exe
      c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
      c:\program files\Logitech\QuickCam\LU\LULnchr.exe
      c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-02-04 19:52:34 - La machine a redémarré [Titi]
      ComboFix-quarantined-files.txt 2009-02-04 18:52:32
      ComboFix2.txt 2009-01-28 20:58:39

      Avant-CF: 29,136,822,272 octets libres
      Après-CF: 30,388,183,040 octets libres

      497 --- E O F --- 2009-02-04 08:00:21
      0
  17. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Combofix a bien été lancé à partir du script, mais il ne semble pas avoir pris en compte son contenu...
    Peut-être une erreur dans le script ?

    Télécharge le script sur ton Bureau (c'est impératif)

    Puis désactive tes protections et recommence la manipulation stp

    0
  18. fredy83 Messages postés 48 Statut Membre
     
    Salut ,
    Voici mon rapport ,je pige pas tout mais a chaque fois que je fais ce test mon icone usb en bas a droite reapparait sa doit lui remuer les tripes!
    Oui parceque depuis que tu m'a aider pour mes virus les icones essentiels avait disparut! et ces dernier, tel le son, lui etait revenu mes pas l'usb .par contre au prochain demarrage pas sur qu'il soit encore la !
    Si cela fait parti du processus ?

    En tout cas merci encore !

    Fred

    ComboFix 09-02-04.01 - Titi 2009-02-07 17:15:56.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2461 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Titi\Bureau\C-Fix.exe
    Commutateurs utilisés :: c:\documents and settings\Titi\Bureau\CFScript.txt
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\cvirt.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-07 au 2009-02-07 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-07 16:37 . 2009-02-07 16:37 <REP> d-------- c:\windows\system32\cvirte
    2009-02-07 16:37 . 2009-02-07 16:37 <REP> d-------- c:\program files\Heavy Weather
    2009-02-07 16:37 . 2009-02-07 17:14 <REP> d-------- C:\HeavyWeather
    2009-02-07 16:37 . 2001-08-01 09:00 1,826,816 --a------ c:\windows\system32\cvirte.dll
    2009-02-02 11:03 . 2008-06-24 13:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
    2009-02-02 11:03 . 2008-06-23 17:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
    2009-02-02 11:03 . 2009-02-02 11:03 0 --a------ c:\windows\Irremote.ini
    2009-02-01 19:17 . 2009-02-01 19:17 360,320 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
    2009-01-28 23:40 . 2008-04-13 11:36 2,986,496 --a------ c:\windows\system32\SET17BF.tmp
    2009-01-28 23:40 . 2008-04-13 11:40 445,440 --a------ c:\windows\system32\SET17DB.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 354,304 --a------ c:\windows\system32\SET17B1.tmp
    2009-01-28 23:40 . 2008-04-13 19:31 177,152 --a------ c:\windows\system32\SET17E6.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 80,896 --a------ c:\windows\system32\SET17AC.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 75,776 --a------ c:\windows\system32\SET17BC.tmp
    2009-01-28 23:40 . 2008-04-13 19:34 28,672 --a------ c:\windows\system32\SET17B6.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 24,576 --a------ c:\windows\system32\SET1808.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 15,872 --a------ c:\windows\system32\SET17B5.tmp
    2009-01-28 23:40 . 2008-04-13 19:33 6,656 --a------ c:\windows\system32\SET17A9.tmp
    2009-01-28 23:38 . 2008-04-13 19:33 527,360 --a------ c:\windows\system32\SETB68.tmp
    2009-01-28 23:38 . 2008-04-13 19:33 95,744 --a------ c:\windows\system32\SETB6E.tmp
    2009-01-28 23:36 . 2008-04-13 19:33 8,517,632 --a------ c:\windows\system32\SET74D.tmp
    2009-01-28 23:35 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u03351_.tmp
    2009-01-28 21:46 . 2009-01-28 21:46 0 --a------ c:\windows\LCDMedia.INI
    2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\program files\ESET
    2009-01-28 20:38 . 2009-01-28 20:38 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
    2009-01-28 20:27 . 2009-01-28 21:50 <REP> d--h----- c:\documents and settings\Titi\Application Data\drivers
    2009-01-28 11:18 . 2009-01-28 20:13 <REP> d-------- c:\program files\FindyKill
    2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\program files\Trend Micro
    2009-01-27 09:53 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\Titi\Application Data\AVGTOOLBAR
    2009-01-26 19:19 . 2009-01-27 09:53 <REP> d-------- c:\program files\NortonInstaller
    2009-01-26 19:11 . 2009-01-26 19:15 46,640 --a------ c:\windows\system32\msln.exe
    2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-01-26 18:57 . 2009-01-27 09:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Norton
    2009-01-26 18:13 . 2009-01-27 09:52 <REP> d-------- c:\program files\a-squared Anti-Malware
    2009-01-25 18:52 . 2009-01-25 18:52 <REP> d-------- c:\program files\Support Tools
    2009-01-25 09:16 . 2009-01-25 09:20 <REP> d-------- c:\documents and settings\Titi\.housecall6.6
    2009-01-24 19:01 . 2007-03-20 10:37 831,048 --a------ c:\windows\system32\WudfUpdate_01005.dll
    2009-01-24 12:08 . 2009-01-24 12:08 <REP> d-------- c:\documents and settings\Titi\Application Data\Malwarebytes
    2009-01-24 12:07 . 2009-01-24 12:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-22 21:28 . 2009-01-24 16:26 <REP> d-------- c:\program files\Spyware Doctor
    2009-01-22 18:32 . 2009-01-22 21:28 <REP> d-------- c:\program files\Spyware Doctor(2)
    2009-01-21 15:53 . 2009-01-22 21:28 <REP> d-------- c:\program files\Anti Trojan Elite
    2009-01-20 19:49 . 2009-02-04 17:03 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-20 19:49 . 2009-01-20 19:49 1,409 --a------ c:\windows\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-07 12:09 --------- d-----w c:\program files\eChanblard
    2009-02-07 09:31 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
    2009-02-07 09:31 0 ----a-w c:\windows\system32\drivers\logiflt.iad
    2009-02-02 16:33 --------- d-----w c:\program files\Fichiers communs\Ahead
    2009-02-02 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2009-02-02 16:25 --------- d-----w c:\program files\Nero
    2009-02-02 10:05 --------- d-----w c:\program files\Fichiers communs\Nero
    2009-02-01 18:17 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS
    2009-01-28 20:50 --------- d-----w c:\program files\MessengerPlus! 3
    2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-01-26 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    2009-01-25 17:06 --------- d-----w c:\program files\Ripp-it_AM
    2009-01-25 16:22 70,656 ----a-w c:\windows\system32\dllcache\sysinfo.exe
    2009-01-24 09:37 --------- d-----w c:\program files\Google
    2009-01-22 20:28 --------- d-----w c:\program files\Logitech
    2009-01-22 20:28 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2009-01-22 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
    2009-01-11 21:33 --------- d-----w c:\program files\Micro Application
    2009-01-06 16:53 --------- d-----w c:\program files\Microsoft Digital Image 10
    2009-01-05 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-04 21:02 --------- d-----w c:\program files\Securitoo
    2009-01-01 19:01 --------- d-----w c:\program files\Spykee
    2009-01-01 13:04 --------- d-----w c:\program files\Activision Value
    2008-12-29 22:10 --------- d-----w c:\program files\VirtualDJ
    2008-12-17 21:10 222 ----a-w C:\ffmpeg_debug.bat
    2008-12-17 21:10 215 ----a-w C:\ffmpeg.bat
    2008-12-15 10:50 --------- d-----w c:\documents and settings\Titi\Application Data\Snapfish
    2008-12-08 17:44 601,088 ----a-w c:\windows\Christmas Tree Screensaver.scr
    2008-11-03 16:23 22,328 ----a-w c:\documents and settings\Titi\Application Data\PnkBstrK.sys
    2008-02-09 22:09 5,422 ----a-w c:\program files\UnInstall_jetAudio.txt
    2006-11-19 17:11 251 ----a-w c:\program files\wt3d.ini
    2004-04-26 22:30 81,920 ------w c:\program files\JFRMPl.FRC
    2004-04-26 22:30 487,424 ------w c:\program files\JetAudio.FRC
    2004-04-26 22:30 462,848 ------w c:\program files\JetCast.FRC
    2004-04-26 22:30 45,056 ------w c:\program files\JetLyric.FRC
    2004-04-26 22:30 32,768 ------w c:\program files\JFMPCRd.FRC
    2004-04-26 22:30 151,552 ------w c:\program files\JetChat.FRC
    2004-04-26 22:29 53,248 ------w c:\program files\JFDVDPl.FRC
    2004-04-26 22:29 32,768 ------w c:\program files\JFACDRd.FRC
    2004-04-26 21:54 106,496 ------w c:\program files\JetRecorder.FRC
    2004-04-23 13:08 49,152 ------w c:\program files\JFDSPl.FRC
    2004-04-23 01:13 77,824 ------w c:\program files\JetTrim.FRC
    2004-04-23 01:13 49,152 ------w c:\program files\JXCddb.FRC
    2004-04-23 01:13 36,864 ------w c:\program files\JetFlExt.FRC
    2004-04-23 01:13 36,864 ------w c:\program files\JetCrash.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXVisual.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXTag.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JXCDMan.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JSWMAWt.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JFWavWt.FRC
    2004-04-23 01:13 32,768 ------w c:\program files\JFWavRd.FRC
    2004-02-06 17:42 322,048 ------w c:\program files\UnInstall_jetAudio.exe
    2008-04-21 19:16 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-04-21 19:16 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-04-21 19:16 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-04-21 19:16 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-04-21 19:16 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2004-08-10 20:00 94,864 --sh--w c:\windows\twain.dll
    2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_16.dll
    2006-02-16 21:33 1,216 --sh--w c:\windows\Twunk_32.dll
    2007-12-04 18:41 550,912 --sh--w c:\windows\system32\oleaut32.dll
    .

    ------- Sigcheck -------

    2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2004-08-10 21:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB913446$\tcpip.sys
    2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
    2009-02-01 19:17 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS
    2009-02-01 19:17 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-25 243072]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-01-28 2782352]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    c:\documents and settings\Titi\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-15 344064]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.VP31"= vp31vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
    "c:\\Program Files\\eChanblard\\emule.exe"=
    "c:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-28 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-28 8320]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-07 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://www.ustart.org
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-07 17:19:37
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-49833181-2739753674-1623966417-1005\Software\SecuROM\License information*]
    "datasecu"=hex:5f,a0,80,f6,03,13,1e,ba,46,b0,a1,77,20,a8,1f,56,53,79,b0,02,fe,
    08,f0,f4,d7,96,a5,ac,d2,9b,88,52,8a,ee,2d,e0,6a,ff,4e,d8,30,8c,27,53,85,af,\
    "rkeysecu"=hex:39,cc,8a,da,7f,44,84,09,da,b7,e2,0c,b8,a9,a5,33

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-02-07 17:20:54
    ComboFix-quarantined-files.txt 2009-02-07 16:20:49
    ComboFix2.txt 2009-02-04 18:52:36
    ComboFix3.txt 2009-01-28 20:58:39

    Avant-CF: 28 585 172 992 octets libres
    Après-CF: 28,715,175,936 octets libres

    242 --- E O F --- 2009-02-06 22:01:51
    0
  19. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Combofix agit très haut dans le système d'exploitation, et peut parfois apporter quelques changements non-voulus en effet. Si tout n'est pas rétabli suite à un redémarrage de l'ordinateur, il faut que tu remettes tout en place manuellement.

    Par contre, je ne comprends pas pourquoi les fichiers indiqués dans le script ne sont pas supprimés et apparaissent encore dans le rapport :(
    On va essayer autrement... Fais ce qui suit dans l'ordre stp :

    • Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe

    • Redémarre le PC en mode sans échec :
    Tu n' auras pas accès à Internet pendant le "mode sans échec". Aussi, copie/colle toute cette procédure dans un fichier texte et mets-la sur le "Bureau" pour l'avoir à ta disposition.
    Ferme toutes les fenêtres et applications.
    Redémarre ton ordinateur, puis tapote sur la touche F8 (F5 sur certains PC) avant l’apparition du logo Windows, un menu va apparaître, tu devra choisir de démarrer en mode sans échec.
    Ouvre ta session habituelle (si nécessaire)

    • Double-clique sur OTMoveIt3.exe afin de le lancer.
    Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :
    :processes 
    explorer.exe 
    
    :files 
    c:\windows\system32\msln.exe
    c:\windows\system32\drivers\lvuvc.hs
    c:\program files\wt3d.ini
    
    :commands 
    [purity] 
    [emptytemp] 
    [start explorer] 
    [reboot] 


    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
    Le nom du rapport correspond au moment de sa création : date_heure.log

    0
  20. fredy83 Messages postés 48 Statut Membre
     
    Salut,
    Et bien encore une fois j'suis pomé !,je pense avoir bien executer cette commande , tu me diras ce que tu en pense !

    Merci

    Fred

    ========== FILES ==========
    c:\windows\system32\msln.exe moved successfully.
    c:\windows\system32\drivers\lvuvc.hs moved successfully.
    c:\program files\wt3d.ini moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02082009_232151
    0
  21. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    "moved successfully"

    ==> Les fichiers ont bien été supprimés ;)

    Si tu as encore des programmes qui ne sont pas "une application valide win 32", désinstalle les puis réinstalle les.

    Et pour finir :

    Télécharge hijackthis (logiciel de diagnostic) sur ton Bureau :
    HijackThis

    Installe le, lance le et clique sur "Do a system scan and save a logfile".
    Fais un copier-coller du rapport entier sur le forum

    0
  • 1
  • 2