J ai attrapé le virus bagle
Fermé
laupatmaxest
Messages postés
4
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
3 février 2009
-
3 févr. 2009 à 20:38
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 3 févr. 2009 à 21:44
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 3 févr. 2009 à 21:44
A voir également:
- J ai attrapé le virus bagle
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Virus mcafee - Accueil - Piratage
- Tinyurl.com virus - Forum Virus
5 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 févr. 2009 à 20:47
3 févr. 2009 à 20:47
Réinstalle les applications qui ont été infectées (Antivirus...).
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 févr. 2009 à 20:41
3 févr. 2009 à 20:41
Salut,
Poste les rapports ;)
Poste les rapports ;)
laupatmaxest
Messages postés
4
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
3 février 2009
3 févr. 2009 à 20:42
3 févr. 2009 à 20:42
comment je fais pour poste les fichier textes que j ai recuperé avec les programme
explique moi merc
explique moi merc
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 févr. 2009 à 20:43
3 févr. 2009 à 20:43
Tu les copies/colles tout simplement.
laupatmaxest
Messages postés
4
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
3 février 2009
3 févr. 2009 à 20:46
3 févr. 2009 à 20:46
###################### [ FindyKill V4.715 ]
# User : LAURENT - PC_LAURENT
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 18:28:19 the 03/02/2009
# Windows XP - Internet Explorer 6.0.2900.2180
# [ FindyKill V4.715 - Deleting ] ###############
\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////
################## [ C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\LAURENT\Application Data ]
################## [ C:\DOCUME~1\LAURENT\LOCALS~1\Temp ]
################## [ C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5 ]
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[7].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[8].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[7].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\servernames[1].htm
\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - # Type of startup = 3
Ip6Fw - # Type of startup = 2
SharedAccess - # Type of startup = 2
wuauserv - # Type of startup = 2
wscsvc - # Type of startup = 2
\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
H: - Lecteur fixe
# deleting files :
\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////
-> Not found !
\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////
C:\Documents and Settings\LAURENT\Mes documents\fichier telecharger\dvd x player\Keygen
C:\Program Files\Enjoy 6e\lexicon\datas\sounds\crack.mp3
################## [ ! End of report # ! ]
ComboFix 09-02-02.04 - LAURENT 2009-02-03 16:40:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.315 [GMT 1:00]
Lancé depuis: c:\documents and settings\LAURENT\Bureau\CCM.exe.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:19 . 2009-02-03 16:27 <REP> d-------- c:\program files\FindyKill
2009-01-31 18:00 . 2009-02-02 18:24 <REP> d-------- c:\program files\Metin2_France
2009-01-29 19:56 . 2009-02-02 18:24 <REP> d-------- c:\documents and settings\LAURENT\Application Data\vlc
2009-01-29 19:53 . 2009-01-29 19:53 <REP> d-------- c:\program files\VideoLAN
2009-01-26 17:12 . 2009-02-02 18:24 <REP> d-------- c:\program files\DVDFab Platinum 3
2009-01-26 17:05 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-01-26 17:05 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-01-26 17:05 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-01-26 17:05 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-01-26 17:05 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-01-26 17:05 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2009-01-26 17:05 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-01-26 15:49 . 2009-02-02 18:24 <REP> d-------- c:\program files\PDFCreator
2009-01-17 18:59 . 2009-01-17 18:59 <REP> d-------- c:\program files\Windows Media Connect 2
2009-01-17 18:56 . 2009-01-17 18:56 <REP> d-------- c:\windows\system32\LogFiles
2009-01-17 18:56 . 2009-01-17 18:57 <REP> d-------- c:\windows\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 17:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-26 18:42 --------- d-----w c:\documents and settings\LAURENT\Application Data\Vso
2009-01-26 16:21 --------- d-----w c:\program files\Windows Live
2009-01-26 16:12 81,920 ----a-w c:\documents and settings\LAURENT\Application Data\ezpinst.exe
2009-01-26 16:12 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-26 16:12 47,360 ----a-w c:\documents and settings\LAURENT\Application Data\pcouffin.sys
2009-01-25 09:01 --------- d-----w c:\program files\eMule
2009-01-18 10:37 --------- d-----w c:\program files\DVD X Player 4.0 Professionnel
2008-12-13 14:14 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-13 14:14 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-11-20 14:44 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2007-11-17 15:09 88 --sh--r c:\windows\system32\BA0FA43D07.sys
2007-11-20 15:34 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07FXLRD_8876875"="c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [BU]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-16 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-16 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"fssui"="c:\program files\Windows Live\Contrôle parental\fssui.exe" [2007-10-17 243240]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-03 108160]
"SiXPack"="SiXPack.exe" [2001-07-06 c:\windows\system32\SiXPack.exe]
"nwiz"="nwiz.exe" [2005-05-16 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin.lnk - c:\program files\Philips\SPC 200NC PC Camera\TrayMin.exe [2008-11-10 282624]
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2008-04-20 721408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Affaires XIIc\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Affaires XIIc\\RpcSandraSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-04-22 43816]
R2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [2007-10-17 523816]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - IP6FW
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aec97ce1-92d2-11dc-a53e-bce8daf83833}]
\Shell\AutoRun\command - H:\start.exe
\Shell\FramaKey\command - H:\start.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\po9fiky2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 16:40:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1767777339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="BA601BC6CDFA437D4A0DB01DCAB017B2679C92F70AFAA2AB8A70373B1D8075C2037535EEEDE7DEA4838AA6AA10EA5597B33094C5A7256C9BE58275DC5744DBD74813BE25C5FB13D134847F14AE51E58009F710CF852D3AA492565476A7CE5777095880329FFB37A598E9851DF88B6D9A78DDF2F69F41A1A29C677C2651F20FCD6C740712A97E21370C4345402699978BB85AE852D364BCE233C65FBEFE55AD75B9ADA0F2F2EE2E91922A8FA8CEC810E7A57EE32967EA2D2CAA98AEC73BF265815E5D63B8720E403050CB7AB773400B3B3E6D9B7B810091B6FA146279779A68F46BF026FA02EE3A07116CDD80F3773B06A4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E667C038D530D6EB3452F0E02565D1C91BDD04D7155C43EAEB260D59F4E79A059BFACB369259377897EEE6E7558011A6D4D9C26C267B43DD1673BC34229BE2CB0BF824269F55A6863D6E8E2483C46120CD65773364BF4BD07D582EA5FD7596AD0E929B58FAA7DB69EC304E0600E54FB0AC235B1E9CE2CC90D8D0123DF3DAADE6893CF8A1C7FC7171D7BF1EC04EF7B95C9257BD634F850C6E547CA9529F1070BB568D9197E3E457F1234E0D4EA474532511EC8079B028A0BF8E9CCD7E53437CF23FC252965D544FC268B2B9E8EF39A6142DF19921A8B2F8DD991AE89F1602C35705BCBD3DF4A2F0BEB4E35A914E070D38E0971358D5ED55A87E7DFAD99EC08D365AFCE5EEA20EA5C7877EB98D1505B79E9AB58C650788CA00B67816115CD67162E8AD745210B5ADBE584533634A3AA85FBC43B6D1C095C14931DA63EFEFFEDEB34C19A4D21D9E1B8C8D9B3ADFAA943A101DE0D8EABC0B77EED19E9CE5305896849330479F5BB0549D070AD19224E516CF05CD4DC066C47BDE6FDC1124A5E72FB24485BFAC903794DF133F94D0DBE4BDBD34F201A95F7EB30A545525200D931222D45308AF39E4EAC8F80B2EB129A8837EDAD7F73D7A5DD865BFE94E1459A77CB733F32B24814DB94FEF62E21295B00F3C9FAA47DAC1E477ECE5221A80AFD2015F3E6649C9CE69B76EA65E0512635D5D229CBE1AA17182EF9B6CA826A4692A058749509724359370A53DBBFE1585F23D6160092EF7F80378F5EFCC268894A242231E795EF8000EC1F948DBCE43A11D542F6CA355077E1997FEFC0161F5F19847A877CC79542EFB5FF2D0C2058A156897C2374C773B59D92C41985D347977CB749285DAD70571E7CE1B5599C7186E45D4D92A648C4597C1E5CA3A1B8B67CD60815FEB57001F31BB6B82452D4EE3720A2AB523F2A49CF72E49AD4B196C5554DBF512441A097987C964BD86EFE6A217EF8D197422E1776FE1B07E2B5CEE9C9AAB313119209FAD42443C63F1"
"OODEFRAG10.00.00.01WORKSTATION"="8429BD879CB1A55572F68530EF6A3058E1B910F646C83FB1A1DD15BDDBF9B21B13222AE249A6C6C1029CA30B1CA10102029693C2816D366963B5C7E487860E0BB6EF665E5D0A2CA45B5A90B2B420D690293C9C5DA9C23A8E18F9577EBFC7B4D50ECE5FD4E9C6B7F92B500B0D2446319CABCF5ADAA0BE8E78DC7704E88167CBAFA14D879424DB0FF1FDF45375F807D6F3C0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E667C038D530D6EB345216335FA644CAA0776E52618D1547D477D916204F7E13AAF377613F1D8CA7C44E4548DD0837949BB8E735235F51A9F0D246A51719C5B598DDED68D14EAB590603CF7A78C126DF382144EB06FC14B169B0E7D46DFD1050953742DD81EAC468CEC6BCD2B261066ADF976D4F1D4F49BEC2A230F0E25EDF02E5D58A9DDA6C8DD3BDDBE85D881961332DE6263C70DFEEF1359AE3C6AC3C482D7E78B0085E6FCE6028E5832AE740D70273BD0395F95C9A3230F01FA8F14170790ABEF4810233659614EE115031CD1ADEB42C6CC0A999712954E04DEECD3816D1E62CE9EF2E9EC3C23EE468E5BC626F172BAA9E26E10E31C5770A3173D2120965A82A76C040BA6EF31499B608D3BD313B42142CB47A54A6B923EEDF9482E02D281685D46188B27F7F3BC0F958B247CD209A25775D3D2A35FA1477C435D5DEFBCFA76D94C74DD8237D8B7587FA8D8849618981BA176974D544BBEE1CBBB9E600D70EF696E9C6A11B498DB306990AAEB7D9172E02D933B99292410579930DF7DA002A9A93C4A2A53D03045E71DDC08CC32B00972FA440250C29FCCCC0AA24B7C04C13B516D78122F18F603A9A7BC1182DBAB40BF577AD04F38D7D3E2BF3466DF98114067CA577F7B6174C6F24268D6AC3B058B9E05A08C9128A82B349663104622DAAB179378E2C1D05218D06169BC1F0FCC63C4A55D30E412D836E7BFB938C699C0BC0939644E7C90A6F050D0953802C4D098C63F5070C72C9288F76B392BA94E3982126D48877771AFA2BD7BE96AB8519E18733CD8DA127F3CFA0C41045E5FBDAF020DF05C04B716DBA39D9FBB3EE9E19C47190F34651F6078A0B4518B78B4C1B6175C3BEC6F99A00D94C5B88F295ADCA5BEE280104440EA11E20A8D569C84584EBB6289E66BAE79238E6F8B30E137CEC000C7B928EC2AB250411F35850633A3B4862374361EBE0296A6DA1CAB1FCEA08C6365F4A9FBDA138EAF702B1D24494A3DF58F04FEC8D260B36AA99A5020E69E2EFC07BCEE647D845344E02FA4D74D06C525CA86DB1C366C5984AF89993A27F8C77604EC80896CB79F3F3724B90A67F8271978246CB596728C05EA986703E47D308B02765180589C674ACAB435F2CC3194394FB0C4E3A03C691"
.
Heure de fin: 2009-02-03 16:42:27
ComboFix-quarantined-files.txt 2009-02-03 15:42:10
Avant-CF: 37,329,973,248 octets libres
Après-CF: 37,317,599,232 octets libres
122
# User : LAURENT - PC_LAURENT
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 18:28:19 the 03/02/2009
# Windows XP - Internet Explorer 6.0.2900.2180
# [ FindyKill V4.715 - Deleting ] ###############
\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////
################## [ C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\Prefetch ]
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
################## [ C:\WINDOWS\system32 ]
################## [ C:\WINDOWS\system32\drivers ]
################## [ C:\Documents and Settings\LAURENT\Application Data ]
################## [ C:\DOCUME~1\LAURENT\LOCALS~1\Temp ]
################## [ C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5 ]
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\89MF45QR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\GT6FKL2F\mxd[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[7].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_1[8].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\O9E3C56R\mxd[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[6].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_1[7].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[1].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[2].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\mxd[4].jpg
Deleted ! - C:\Documents and Settings\LAURENT\Local Settings\Temporary Internet Files\Content.IE5\P56BS96B\servernames[1].htm
\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - # Type of startup = 3
Ip6Fw - # Type of startup = 2
SharedAccess - # Type of startup = 2
wuauserv - # Type of startup = 2
wscsvc - # Type of startup = 2
\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
H: - Lecteur fixe
# deleting files :
\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////
-> Not found !
\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////
C:\Documents and Settings\LAURENT\Mes documents\fichier telecharger\dvd x player\Keygen
C:\Program Files\Enjoy 6e\lexicon\datas\sounds\crack.mp3
################## [ ! End of report # ! ]
ComboFix 09-02-02.04 - LAURENT 2009-02-03 16:40:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.315 [GMT 1:00]
Lancé depuis: c:\documents and settings\LAURENT\Bureau\CCM.exe.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:19 . 2009-02-03 16:27 <REP> d-------- c:\program files\FindyKill
2009-01-31 18:00 . 2009-02-02 18:24 <REP> d-------- c:\program files\Metin2_France
2009-01-29 19:56 . 2009-02-02 18:24 <REP> d-------- c:\documents and settings\LAURENT\Application Data\vlc
2009-01-29 19:53 . 2009-01-29 19:53 <REP> d-------- c:\program files\VideoLAN
2009-01-26 17:12 . 2009-02-02 18:24 <REP> d-------- c:\program files\DVDFab Platinum 3
2009-01-26 17:05 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-01-26 17:05 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-01-26 17:05 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-01-26 17:05 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-01-26 17:05 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-01-26 17:05 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
2009-01-26 17:05 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-01-26 15:49 . 2009-02-02 18:24 <REP> d-------- c:\program files\PDFCreator
2009-01-17 18:59 . 2009-01-17 18:59 <REP> d-------- c:\program files\Windows Media Connect 2
2009-01-17 18:56 . 2009-01-17 18:56 <REP> d-------- c:\windows\system32\LogFiles
2009-01-17 18:56 . 2009-01-17 18:57 <REP> d-------- c:\windows\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 17:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-26 18:42 --------- d-----w c:\documents and settings\LAURENT\Application Data\Vso
2009-01-26 16:21 --------- d-----w c:\program files\Windows Live
2009-01-26 16:12 81,920 ----a-w c:\documents and settings\LAURENT\Application Data\ezpinst.exe
2009-01-26 16:12 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-26 16:12 47,360 ----a-w c:\documents and settings\LAURENT\Application Data\pcouffin.sys
2009-01-25 09:01 --------- d-----w c:\program files\eMule
2009-01-18 10:37 --------- d-----w c:\program files\DVD X Player 4.0 Professionnel
2008-12-13 14:14 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-13 14:14 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-11-20 14:44 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2007-11-17 15:09 88 --sh--r c:\windows\system32\BA0FA43D07.sys
2007-11-20 15:34 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07FXLRD_8876875"="c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [BU]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-16 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-16 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"fssui"="c:\program files\Windows Live\Contrôle parental\fssui.exe" [2007-10-17 243240]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-03 108160]
"SiXPack"="SiXPack.exe" [2001-07-06 c:\windows\system32\SiXPack.exe]
"nwiz"="nwiz.exe" [2005-05-16 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin.lnk - c:\program files\Philips\SPC 200NC PC Camera\TrayMin.exe [2008-11-10 282624]
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2008-04-20 721408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Affaires XIIc\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Affaires XIIc\\RpcSandraSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-04-22 43816]
R2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [2007-10-17 523816]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - IP6FW
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aec97ce1-92d2-11dc-a53e-bce8daf83833}]
\Shell\AutoRun\command - H:\start.exe
\Shell\FramaKey\command - H:\start.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LAURENT\Application Data\Mozilla\Firefox\Profiles\po9fiky2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 16:40:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1767777339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="BA601BC6CDFA437D4A0DB01DCAB017B2679C92F70AFAA2AB8A70373B1D8075C2037535EEEDE7DEA4838AA6AA10EA5597B33094C5A7256C9BE58275DC5744DBD74813BE25C5FB13D134847F14AE51E58009F710CF852D3AA492565476A7CE5777095880329FFB37A598E9851DF88B6D9A78DDF2F69F41A1A29C677C2651F20FCD6C740712A97E21370C4345402699978BB85AE852D364BCE233C65FBEFE55AD75B9ADA0F2F2EE2E91922A8FA8CEC810E7A57EE32967EA2D2CAA98AEC73BF265815E5D63B8720E403050CB7AB773400B3B3E6D9B7B810091B6FA146279779A68F46BF026FA02EE3A07116CDD80F3773B06A4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E667C038D530D6EB3452F0E02565D1C91BDD04D7155C43EAEB260D59F4E79A059BFACB369259377897EEE6E7558011A6D4D9C26C267B43DD1673BC34229BE2CB0BF824269F55A6863D6E8E2483C46120CD65773364BF4BD07D582EA5FD7596AD0E929B58FAA7DB69EC304E0600E54FB0AC235B1E9CE2CC90D8D0123DF3DAADE6893CF8A1C7FC7171D7BF1EC04EF7B95C9257BD634F850C6E547CA9529F1070BB568D9197E3E457F1234E0D4EA474532511EC8079B028A0BF8E9CCD7E53437CF23FC252965D544FC268B2B9E8EF39A6142DF19921A8B2F8DD991AE89F1602C35705BCBD3DF4A2F0BEB4E35A914E070D38E0971358D5ED55A87E7DFAD99EC08D365AFCE5EEA20EA5C7877EB98D1505B79E9AB58C650788CA00B67816115CD67162E8AD745210B5ADBE584533634A3AA85FBC43B6D1C095C14931DA63EFEFFEDEB34C19A4D21D9E1B8C8D9B3ADFAA943A101DE0D8EABC0B77EED19E9CE5305896849330479F5BB0549D070AD19224E516CF05CD4DC066C47BDE6FDC1124A5E72FB24485BFAC903794DF133F94D0DBE4BDBD34F201A95F7EB30A545525200D931222D45308AF39E4EAC8F80B2EB129A8837EDAD7F73D7A5DD865BFE94E1459A77CB733F32B24814DB94FEF62E21295B00F3C9FAA47DAC1E477ECE5221A80AFD2015F3E6649C9CE69B76EA65E0512635D5D229CBE1AA17182EF9B6CA826A4692A058749509724359370A53DBBFE1585F23D6160092EF7F80378F5EFCC268894A242231E795EF8000EC1F948DBCE43A11D542F6CA355077E1997FEFC0161F5F19847A877CC79542EFB5FF2D0C2058A156897C2374C773B59D92C41985D347977CB749285DAD70571E7CE1B5599C7186E45D4D92A648C4597C1E5CA3A1B8B67CD60815FEB57001F31BB6B82452D4EE3720A2AB523F2A49CF72E49AD4B196C5554DBF512441A097987C964BD86EFE6A217EF8D197422E1776FE1B07E2B5CEE9C9AAB313119209FAD42443C63F1"
"OODEFRAG10.00.00.01WORKSTATION"="8429BD879CB1A55572F68530EF6A3058E1B910F646C83FB1A1DD15BDDBF9B21B13222AE249A6C6C1029CA30B1CA10102029693C2816D366963B5C7E487860E0BB6EF665E5D0A2CA45B5A90B2B420D690293C9C5DA9C23A8E18F9577EBFC7B4D50ECE5FD4E9C6B7F92B500B0D2446319CABCF5ADAA0BE8E78DC7704E88167CBAFA14D879424DB0FF1FDF45375F807D6F3C0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E667C038D530D6EB345216335FA644CAA0776E52618D1547D477D916204F7E13AAF377613F1D8CA7C44E4548DD0837949BB8E735235F51A9F0D246A51719C5B598DDED68D14EAB590603CF7A78C126DF382144EB06FC14B169B0E7D46DFD1050953742DD81EAC468CEC6BCD2B261066ADF976D4F1D4F49BEC2A230F0E25EDF02E5D58A9DDA6C8DD3BDDBE85D881961332DE6263C70DFEEF1359AE3C6AC3C482D7E78B0085E6FCE6028E5832AE740D70273BD0395F95C9A3230F01FA8F14170790ABEF4810233659614EE115031CD1ADEB42C6CC0A999712954E04DEECD3816D1E62CE9EF2E9EC3C23EE468E5BC626F172BAA9E26E10E31C5770A3173D2120965A82A76C040BA6EF31499B608D3BD313B42142CB47A54A6B923EEDF9482E02D281685D46188B27F7F3BC0F958B247CD209A25775D3D2A35FA1477C435D5DEFBCFA76D94C74DD8237D8B7587FA8D8849618981BA176974D544BBEE1CBBB9E600D70EF696E9C6A11B498DB306990AAEB7D9172E02D933B99292410579930DF7DA002A9A93C4A2A53D03045E71DDC08CC32B00972FA440250C29FCCCC0AA24B7C04C13B516D78122F18F603A9A7BC1182DBAB40BF577AD04F38D7D3E2BF3466DF98114067CA577F7B6174C6F24268D6AC3B058B9E05A08C9128A82B349663104622DAAB179378E2C1D05218D06169BC1F0FCC63C4A55D30E412D836E7BFB938C699C0BC0939644E7C90A6F050D0953802C4D098C63F5070C72C9288F76B392BA94E3982126D48877771AFA2BD7BE96AB8519E18733CD8DA127F3CFA0C41045E5FBDAF020DF05C04B716DBA39D9FBB3EE9E19C47190F34651F6078A0B4518B78B4C1B6175C3BEC6F99A00D94C5B88F295ADCA5BEE280104440EA11E20A8D569C84584EBB6289E66BAE79238E6F8B30E137CEC000C7B928EC2AB250411F35850633A3B4862374361EBE0296A6DA1CAB1FCEA08C6365F4A9FBDA138EAF702B1D24494A3DF58F04FEC8D260B36AA99A5020E69E2EFC07BCEE647D845344E02FA4D74D06C525CA86DB1C366C5984AF89993A27F8C77604EC80896CB79F3F3724B90A67F8271978246CB596728C05EA986703E47D308B02765180589C674ACAB435F2CC3194394FB0C4E3A03C691"
.
Heure de fin: 2009-02-03 16:42:27
ComboFix-quarantined-files.txt 2009-02-03 15:42:10
Avant-CF: 37,329,973,248 octets libres
Après-CF: 37,317,599,232 octets libres
122
laupatmaxest
Messages postés
4
Date d'inscription
mardi 3 février 2009
Statut
Membre
Dernière intervention
3 février 2009
3 févr. 2009 à 21:27
3 févr. 2009 à 21:27
merci ca fonctionne sinon pour eviter de me faire réinfecté quel est le bon programme a utilise ?
donne moi ton avis
donne moi ton avis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 févr. 2009 à 21:44
3 févr. 2009 à 21:44
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
