G le meme probleme

babaz -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
alors moi aussi j'ai eu ce probleme mais je suis pas sur que le virus baggle est ete detruit alors j'ai utilisé le logicel findykill et apperement je pouvait reinstaller mon antivrus avast et spybot mais mon icone d'avts n'apparait pas dans ma barre d'outils
Configuration: Windows XP
Firefox 3.0.7

15 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    sklt

    pour remettre votre icône a coté de l'horloge il vous suffi juste d'aller a la partition C /Progamme Files/Awil .../Avast et cliqué juste sur l'icone ashDisp

    pour verifier:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
    1. babaz
       
      alors j'ai fait ce qui est dit le symbole est apparut mais apperement avst ne ce lance pas j'ai essayer de faire demarer en allant sur poste de travail => gere=> services d'applications =>sevice=>avst demarrer mais sa ne voulait pas ce me dit :erreure 1068 le service ou le groupe de dependance n'a pas pu demarer et la je suis entrain de faire le scan avec panda
      0
  2. babaz
     
    Résultats : 11 virus ou logiciels espions détectés, 1 désinfecté.
    Eléments suspects: 3 fichiers suspects détectés, non envoyés.
    Vulnérabilités : 59 vulnérabilités détectées.
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-03-05 20:23:53
    PROTECTIONS: 1
    MALWARE: 11
    SUSPECTS: 3
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.8.1335 [VPS 090303-2] 4.8.1335 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@casalemedia[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie f@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@atdmt[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@mediaplex[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CELINE\Cookies\celine@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CELINE\Cookies\celine@bs.serving-sys[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CELINE\Cookies\celine@weborama[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@weborama[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@ads.pointroll[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\marie f\Cookies\marie_f@smartadserver[2].txt
    00288208 Application/HideWindow.S HackTools No 0 Yes No C:\System Volume Information\_restore{05FEF194-3906-429D-8ADA-90956672B4EA}\RP105\A0028065.exe
    00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{05FEF194-3906-429D-8ADA-90956672B4EA}\RP105\A0025656.sys
    00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{05FEF194-3906-429D-8ADA-90956672B4EA}\RP105\A0025482.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Program Files\captcha5.dll
    No C:\Program Files\SuperCopier2\SuperCopier2.exe
    No C:\WINDOWS\nl07.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    184380 MEDIUM MS08-002
    184379 MEDIUM MS08-001
    182048 HIGH MS07-069
    182046 HIGH MS07-067
    182043 HIGH MS07-064
    179553 HIGH MS07-061
    176382 HIGH MS07-057
    176383 HIGH MS07-058
    170907 HIGH MS07-046
    170906 HIGH MS07-045
    170904 HIGH MS07-043
    164915 HIGH MS07-035
    164913 HIGH MS07-033
    164911 HIGH MS07-031
    160623 HIGH MS07-027
    157262 HIGH MS07-022
    157261 HIGH MS07-021
    157260 HIGH MS07-020
    157259 HIGH MS07-019
    156477 HIGH MS07-017
    150253 HIGH MS07-016
    150249 HIGH MS07-013
    150248 HIGH MS07-012
    150247 HIGH MS07-011
    150243 HIGH MS07-008
    150242 HIGH MS07-007
    150241 MEDIUM MS07-006
    141034 HIGH MS06-076
    141033 MEDIUM MS06-075
    137571 HIGH MS06-070
    133387 MEDIUM MS06-065
    133386 MEDIUM MS06-064
    133385 MEDIUM MS06-063
    133379 HIGH MS06-057
    129977 MEDIUM MS06-053
    129976 MEDIUM MS06-052
    126093 HIGH MS06-051
    126092 MEDIUM MS06-050
    126087 HIGH MS06-046
    126086 MEDIUM MS06-045
    126082 HIGH MS06-041
    126081 HIGH MS06-040
    123421 HIGH MS06-036
    123420 HIGH MS06-035
    120825 MEDIUM MS06-032
    120823 MEDIUM MS06-030
    120818 HIGH MS06-025
    120815 HIGH MS06-022
    117384 MEDIUM MS06-018
    114666 HIGH MS06-015
    108744 MEDIUM MS06-008
    108743 MEDIUM MS06-007
    108742 MEDIUM MS06-006
    104567 HIGH MS06-002
    104237 HIGH MS06-001
    96574 HIGH MS05-053
    93395 HIGH MS05-051
    93394 HIGH MS05-050
    93454 MEDIUM MS05-049
    ;===================================================================================================================================================================================
    voici le scan qu'a effectuer panda
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fihciers sur virus total et colle les rapports https://www.virustotal.com/gui/

    C:\Program Files\captcha5.dll
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\nl07.exe

    __________________

    Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
    https://www.informatruc.com

    ____________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  4. babaz
     
    voici l'analyse de virus totale:
    Fichier a.dll reçu le 2009.03.01 14:43:38 (CET)
    Situation actuelle: terminé
    Résultat: 12/38 (31.58%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.01 -
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.98 2009.02.28 Worm/Koobface.AL
    Authentium 5.1.0.4 2009.02.28 -
    Avast 4.8.1335.0 2009.02.28 -
    AVG 8.0.0.237 2009.03.01 -
    BitDefender 7.2 2009.03.01 Win32.Worm.Koobface.AL
    CAT-QuickHeal 10.00 2009.02.28 -
    ClamAV 0.94.1 2009.03.01 -
    Comodo 986 2009.02.20 -
    DrWeb 4.44.0.09170 2009.03.01 -
    eSafe 7.0.17.0 2009.02.26 Suspicious File
    eTrust-Vet 31.6.6378 2009.03.01 -
    F-Prot 4.4.4.56 2009.02.28 -
    F-Secure 8.0.14470.0 2009.03.01 -
    Fortinet 3.117.0.0 2009.03.01 W32/Agent.RX!tr
    GData 19 2009.03.01 Win32.Worm.Koobface.AL
    Ikarus T3.1.1.45.0 2009.03.01 -
    K7AntiVirus 7.10.649 2009.02.27 Trojan.Win32.Malware.1
    Kaspersky 7.0.0.125 2009.03.01 -
    McAfee 5539 2009.02.28 Generic.dx
    McAfee+Artemis 5539 2009.02.28 Generic.dx
    Microsoft 1.4306 2009.03.01 Trojan:Win32/Koobface.gen!C
    NOD32 3897 2009.02.28 -
    Norman 6.00.06 2009.02.27 -
    nProtect 2009.1.8.0 2009.03.01 -
    Panda 10.0.0.10 2009.03.01 Suspicious file
    PCTools 4.4.2.0 2009.03.01 -
    Prevx1 V2 2009.03.01 -
    Rising 21.18.62.00 2009.03.01 -
    SecureWeb-Gateway 6.0.0 2009.03.01 Worm.Koobface.AL
    Sophos 4.39.0 2009.03.01 -
    Sunbelt 3.2.1858.2 2009.02.28 -
    Symantec 10 2009.03.01 -
    TheHacker 6.3.2.6.268 2009.03.01 -
    TrendMicro 8.700.0.1004 2009.02.27 TROJ_DLOAD.MX
    ViRobot 2009.2.28.1628 2009.02.28 -
    VirusBuster 4.5.11.0 2009.02.28 -
    Information additionnelle
    File size: 16896 bytes
    MD5...: 65880388a2530633c34bf06da0daede2
    SHA1..: 9c95116a7c550818309017d42be876f223ae28a1
    SHA256: a49d2883665dd6d8b977b7fbccfeff51582d9874c89eb6b2cb8db8157742506a
    SHA512: 39ed9b07d417cd7c201178c91017e8ea5e70e4b19f1e52be3644f23182135348
    3d713b02672fb415e7bf479a2afc21bde3300e8ceb4886884872435d88a69cd9
    ssdeep: 384:5ZKUksxS002TqGbU7eQxOKO5HHr6xWQBeBwPc1g:5ZKJEPbS7oKO9Hr6Ikwd
    PEiD..: -
    TrID..: File type identification
    UPX compressed Win32 Executable (39.5%)
    Win32 EXE Yoda's Crypter (34.3%)
    Win32 Executable Generic (11.0%)
    Win32 Dynamic Link Library (generic) (9.8%)
    Generic Win/DOS Executable (2.5%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xd740
    timedatestamp.....: 0x49789a24 (Thu Jan 22 16:09:08 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0xa000 0x4000 0x3a00 7.82 009e7c2eca0f8b74e95d964edeeb3ec3
    .rsrc 0xe000 0x1000 0x400 3.20 c23b8695d5eefa9f9819d8693f8d3337

    ( 10 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
    > COMCTL32.dll: _TrackMouseEvent
    > GDI32.dll: BitBlt
    > MFC42.DLL: -
    > MSVCRT.dll: free
    > ole32.dll: CoInitialize
    > OLEPRO32.DLL: -
    > SHELL32.dll: ShellExecuteExA
    > urlmon.dll: URLDownloadToFileA
    > USER32.dll: SetTimer

    ( 3 exports )
    captcha, kbdprc, mouseprc
    packers (Kaspersky): PE_Patch.UPX, UPX
    packers (F-Prot): UPX
    Fichier key_gen.exe reçu le 2009.03.05 21:18:55 (CET)
    Situation actuelle: terminé
    Résultat: 23/38 (60.53%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.05 Trojan-Downloader.Win32.Bagle!IK
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.100 2009.03.05 TR/Dldr.Bagle.aoi
    Authentium 5.1.0.4 2009.03.05 W32/Heuristic-210!Eldorado
    Avast 4.8.1335.0 2009.03.05 -
    AVG 8.0.0.237 2009.03.05 Win32/Themida
    BitDefender 7.2 2009.03.05 Win32.Worm.Bagle.ZNF
    CAT-QuickHeal 10.00 2009.03.05 (Suspicious) - DNAScan
    ClamAV 0.94.1 2009.03.05 -
    Comodo 1027 2009.03.05 -
    DrWeb 4.44.0.09170 2009.03.05 Trojan.Packed.650
    eSafe 7.0.17.0 2009.03.05 Win32.NewMalware.Jn
    eTrust-Vet 31.6.6382 2009.03.05 -
    F-Prot 4.4.4.56 2009.03.05 W32/Heuristic-210!Eldorado
    F-Secure 8.0.14470.0 2009.03.05 Trojan-Downloader.Win32.Bagle.aoi
    Fortinet 3.117.0.0 2009.03.05 W32/Bagle.73A8!tr.dldr
    GData 19 2009.03.05 Win32.Worm.Bagle.ZNF
    Ikarus T3.1.1.45.0 2009.03.05 Trojan-Downloader.Win32.Bagle
    K7AntiVirus 7.10.659 2009.03.05 -
    Kaspersky 7.0.0.125 2009.03.05 Trojan-Downloader.Win32.Bagle.aoi
    McAfee 5544 2009.03.05 New Malware.jn
    McAfee+Artemis 5544 2009.03.05 New Malware.jn
    Microsoft 1.4405 2009.03.05 Trojan:Win32/Meredrop
    NOD32 3911 2009.03.05 Win32/Bagle.QU
    Norman 6.00.06 2009.03.05 -
    nProtect 2009.1.8.0 2009.03.05 -
    Panda 10.0.0.10 2009.03.05 Suspicious file
    PCTools 4.4.2.0 2009.03.05 -
    Prevx1 V2 2009.03.05 Medium Risk Malware
    Rising 21.19.32.00 2009.03.05 -
    SecureWeb-Gateway 6.7.6 2009.03.05 Trojan.Dldr.Bagle.aoi
    Sophos 4.39.0 2009.03.05 Mal/Generic-A
    Sunbelt 3.2.1858.2 2009.03.05 -
    Symantec 10 2009.03.05 -
    TheHacker 6.3.2.7.272 2009.03.05 W32/Behav-Heuristic-064
    TrendMicro 8.700.0.1004 2009.03.05 -
    ViRobot 2009.3.5.1635 2009.03.05 -
    VirusBuster 4.5.11.0 2009.03.05 -
    Information additionnelle
    File size: 815104 bytes
    MD5...: 160fa0e8069f9ff6e4a2ac4737f074a3
    SHA1..: 850e9d38ce0dc6971a3409345b688fc399bda476
    SHA256: 05219048424524255b20b825a6c9349809f791749cde666b58740d328df10fa9
    SHA512: 9f1c2acdbb9472ae742c46eb347396cdbb9a72e2d8c9c03a469b558e47fe91c1
    fc375d9a2062adde5670a37b37a193918a00ae5e299ae015c84b1e60a969c4ce
    ssdeep: 24576:/R+EqsTvYMuti/1xkiaGaG0PHhnDnDfTBdWIn:/TBRi+1xehLGIn
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x88014
    timedatestamp.....: 0x49ad4990 (Tue Mar 03 15:15:28 2009)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    0x1000 0x7d000 0x39000 7.99 5fdedf0e97c04e61c6a4ff90b30f9845
    .rsrc 0x7e000 0x8608 0x4000 6.67 6ec57740d65c59b7d8373c7066340fa4
    .idata 0x87000 0x1000 0x1000 0.23 9b44e9c681bcee9868b2f2bf47bb9627
    Themida 0x88000 0x13a000 0x88000 7.87 52e543a19023721a47a9ace54c54d928

    ( 2 imports )
    > KERNEL32.dll: CreateFileA, lstrcpy
    > COMCTL32.dll: InitCommonControls

    ( 0 exports )
    ThreatExpert info: https://www.symantec.com?md5=160fa0e8069f9ff6e4a2ac4737f074a3
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9B6F8C41007598D770300CCE85818100A0763784
    packers (Authentium): Themida
    packers (F-Prot): Themida
    Fichier nl07.exe reçu le 2009.03.06 18:21:13 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 13/39 (33.34%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 1.
    L'heure estimée de démarrage est entre 42 et 60 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Formaté
    Impression des résultats Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.06 Trojan-Proxy.Win32.Small!IK
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.105 2009.03.06 TR/REG.Koobface.89
    Authentium 5.1.0.4 2009.03.06 -
    Avast 4.8.1335.0 2009.03.05 -
    AVG 8.0.0.237 2009.03.06 -
    BitDefender 7.2 2009.03.06 -
    CAT-QuickHeal 10.00 2009.03.06 -
    ClamAV 0.94.1 2009.03.06 -
    Comodo 1027 2009.03.05 -
    DrWeb 4.44.0.09170 2009.03.06 -
    eSafe 7.0.17.0 2009.03.05 Suspicious File
    eTrust-Vet 31.6.6385 2009.03.06 Win32/Koobface!generic
    F-Prot 4.4.4.56 2009.03.06 -
    F-Secure 8.0.14470.0 2009.03.06 Net-Worm:W32/Koobface.gen!A
    Fortinet 3.117.0.0 2009.03.06 -
    GData 19 2009.03.06 -
    Ikarus T3.1.1.45.0 2009.03.06 Trojan-Proxy.Win32.Small
    K7AntiVirus 7.10.660 2009.03.06 -
    Kaspersky 7.0.0.125 2009.03.06 -
    McAfee 5544 2009.03.05 -
    McAfee+Artemis 5544 2009.03.05 -
    Microsoft 1.4405 2009.03.06 Worm:Win32/Koobface.I
    NOD32 3914 2009.03.06 a variant of Win32/Koobface.NAO
    Norman 6.00.06 2009.03.06 -
    nProtect 2009.1.8.0 2009.03.06 -
    Panda 10.0.0.10 2009.03.05 Suspicious file
    PCTools 4.4.2.0 2009.03.06 -
    Prevx1 V2 2009.03.06 -
    Rising 21.19.42.00 2009.03.06 -
    SecureWeb-Gateway 6.7.6 2009.03.06 Trojan.REG.Koobface.89
    Sophos 4.39.0 2009.03.06 W32/Koobfa-Gen
    Sunbelt 3.2.1858.2 2009.03.06 Trojan.Win32.Small
    Symantec 1.4.4.12 2009.03.06 -
    TheHacker 6.3.2.7.273 2009.03.06 -
    TrendMicro 8.700.0.1004 2009.03.06 PAK_Generic.001
    VBA32 3.12.10.1 2009.03.05 -
    ViRobot 2009.3.6.1637 2009.03.06 -
    VirusBuster 4.5.11.0 2009.03.05 -
    Information additionnelle
    File size: 22528 bytes
    MD5...: 9274c000599be74d29bbb8c6fc653814
    SHA1..: 264e63dd12abf8f416dc81d13e3fb2b33af6d889
    SHA256: 5c6d9f85d91b84879b1676749a954d44eede875dee139e28d35ca0b6ccef8c6e
    SHA512: 847950f99d53526cb4cdeb2163422baab23cd8ce2af846c84bacb1a080b5026a
    aa357267aba61757e34f63f8929329f7a3d5f96e2725b557cbef670e682aab18
    ssdeep: 384:b8RukJI7nx1uQKyL/hwIFqckg/6wvqA+cI1z57KllabEZMMoT:b8Rq7npzCE
    qckSHvRsbKlloE6Mo
    PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
    TrID..: File type identification
    UPX compressed Win32 Executable (39.5%)
    Win32 EXE Yoda's Crypter (34.3%)
    Win32 Executable Generic (11.0%)
    Win32 Dynamic Link Library (generic) (9.8%)
    Generic Win/DOS Executable (2.5%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xec80
    timedatestamp.....: 0x49940d7f (Thu Feb 12 11:52:31 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0xa000 0x5000 0x5000 7.83 03a86ffb8b666206daa15b71dab787c7
    UPX2 0xf000 0x1000 0x400 2.69 e39422bff5074ad455a7a1458be555f5

    ( 10 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
    > ADVAPI32.dll: RegOpenKeyA
    > MSVCP60.dll: __0_Lockit@std@@QAE@XZ
    > MSVCRT.dll: time
    > ole32.dll: CoInitialize
    > OLEAUT32.dll: -
    > SHELL32.dll: StrStrA
    > SHLWAPI.dll: SHDeleteKeyA
    > USER32.dll: CharToOemA
    > WS2_32.dll: -

    ( 0 exports )
    ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=9274c000599be74d29bbb8c6fc653814' target='_blank'>https://www.symantec.com?md5=9274c000599be74d29bbb8c6fc653814</a>
    packers (Kaspersky): PE_Patch.UPX, UPX
    packers (F-Prot): UPX

    analyse RSIT:
    log.txt
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CELINE at 2009-03-06 13:35:02
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 23 GB (59%) free of 40 GB
    Total RAM: 894 MB (32% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:35:11, on 06/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Documents and Settings\CELINE\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Documents and Settings\CELINE\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\CELINE\Bureau\RSIT.exe
    C:\Program Files\trend micro\CELINE.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: PHPNukeFR Toolbar - {258fe8b8-a13c-4b91-9a0c-c2d3cab8b990} - C:\Program Files\PHPNukeFR\tbPHP0.dll
    R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
    O2 - BHO: PHPNukeFR Toolbar - {258fe8b8-a13c-4b91-9a0c-c2d3cab8b990} - C:\Program Files\PHPNukeFR\tbPHP0.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: PHPNukeFR Toolbar - {258fe8b8-a13c-4b91-9a0c-c2d3cab8b990} - C:\Program Files\PHPNukeFR\tbPHP0.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\CELINE\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E5805E0E-0D5E-47C3-85FF-58E664A5A3E4}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    pour t'aider et aider les autres fais ceci svp:

    telecharge ce fichier : http://sd-1.archive-host.com/membres/up/116615172019703188/Fdc.zip

    sur le bureau , dezippe le et double clic sur FDC.reg , et enfin accepte la fusion avec le registre

    _______________

    Affiche tous les fichiers et dossiers :
    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «appliquer» pour valider les changements.

    Et OK

    ______________

    Telecharge 7 zip

    http://ovh.dl.sourceforge.net/sourceforge/sevenzip/7z465.exe

    et enregistre le sur le bureau , ensuite double clic sur 7z465.exe et instal 7 zip.

    ensuite fais un clic droit sur ces fichiers : "le fichier voulu" (donc avec les 3 fichiers)

    E:\ov.cmd

    choisi 7 z et add to archive (et dans le format change l'archive format 7z et choisi ZIP) et remome l archive exemple en chiki

    ensuite fais moi parvenir cette archive par ce biais : http://www.cijoint.fr/

    (envois le fichier sur ce lien qui te donnera un lien où l'archive est stockée: donne moi ce lien)

    Ceci permettra aux créateurs d outils de faire leurs mises a jours .. blabla ;)

    une fois que tu m'auras donné ce lien on poursuivra

    merci
    0
  7. babaz
     
    donc la je commence a un peu moins bien comprendre donc si j'ai bien suivi g zipé les fichiers :
    C:\Program Files\captcha5.dll
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\nl07.exe
    et aussi voila tu as dit qu'il falait faire : choisi 7 z et add to archive (et dans le format change l'archive format 7z et choisi ZIP) et remome l archive exemple en chiki alors j'ai fait ca mais sa m'a dit que ca ne prenait pas les fichiers zip exe etc..
    donc avec c'est fichier que tu avait dit de faire add to archive j'ai fait aussi add to '' le nom.zip' et la c'est passer donc je sais pas si j'ai bien fait ou pas mes en tout cas gj'ai mit sur le site
    donc voici les lien:
    http://www.cijoint.fr/cjlink.php?file=cj200903/cijtsXQVzp.zip
    http://www.cijoint.fr/cjlink.php?file=cj200903/cijwrD90UR.zip
    http://www.cijoint.fr/cjlink.php?file=cj200903/cijNJJ9Hfu.zip
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'etait pour ce fichier :

    E:\ov.cmd
    0
  9. babaz
     
    mais ca me dit inserer un disque dans le lecteur e: et mon lecteure ne fonctionne plus
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu peux pas avec le disque E essaye avec le disque F

    F:\ov.cmd

    si impossible pas grave fais la suite
    _________________

    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    _________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver::
    ayk8n1lp
    File::
    F:\ov.cmd
    E:\ov.cmd
    C:\Program Files\captcha5.dll
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\nl07.exe
    C:\WINDOWS\system32\drivers\ayk8n1lp.sys
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{099030ba-d9d6-11dd-a107-001d9209838f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{352c3036-90c3-11dd-a09c-001d9209838f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b6addda-d030-11dd-a0ff-001d9209838f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830e0f39-d8c6-11dd-a101-001d9209838f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51d54f0-a027-11dd-a0bc-001d9209838f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85a867c-de42-11dd-a10c-001d9209838f}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________________
    a plus
    0
  11. babaz
     
    voici le rapport
    ComboFix 09-03-06.02 - CELINE 2009-03-08 14:47:30.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.894.496 [GMT -3:00]
    Lancé depuis: c:\documents and settings\CELINE\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\CELINE\Bureau\CFscript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090307-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\program files\captcha5.dll
    c:\program files\SuperCopier2\SuperCopier2.exe
    c:\windows\nl07.exe
    c:\windows\system32\drivers\ayk8n1lp.sys
    E:\ov.cmd
    F:\ov.cmd
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    [COLOR=RED] c:\windows\system32\winlogon.exe . . . est infecté!![/COLOR]

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-06 22:27 . 2009-03-06 22:37 <REP> d-------- c:\program files\Everest Poker
    2009-03-06 20:59 . 2009-03-06 20:59 20,624 --a------ c:\windows\nl.zip
    2009-03-06 20:56 . 2009-03-06 20:56 22 --a------ c:\program files\kill.zip
    2009-03-06 20:50 . 2009-03-06 20:50 <REP> d-------- c:\program files\7-Zip
    2009-03-06 14:10 . 2009-03-06 14:10 <REP> d----c--- C:\rsit
    2009-03-06 14:10 . 2009-03-06 14:35 <REP> d-------- c:\program files\trend micro
    2009-03-05 19:20 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-03-05 19:15 . 2009-03-05 19:15 <REP> d-------- c:\program files\Panda Security
    2009-03-04 16:38 . 2009-03-08 14:41 <REP> d--h----- c:\documents and settings\CELINE\Application Data\drivers
    2009-03-04 15:12 . 2009-03-04 16:30 <REP> d-------- c:\program files\FindyKill
    2009-03-04 10:30 . 2009-03-04 10:35 <REP> d-------- c:\program files\RegCleaner
    2009-03-04 05:03 . 2009-03-05 15:37 <REP> d-------- c:\program files\eMule
    2009-02-15 13:23 . 2006-10-13 09:13 1,622,016 --a------ c:\windows\NVBenchMarks.dll
    2009-02-15 13:23 . 2005-09-23 17:33 1,060,864 --a------ c:\windows\MFC71.dll
    2009-02-15 13:23 . 2005-09-23 17:33 499,712 --a------ c:\windows\msvcp71.dll
    2009-02-15 13:23 . 2006-10-13 09:16 421,888 --a------ c:\windows\nvsulib.dll
    2009-02-15 13:23 . 2006-10-13 09:18 380,928 --a------ c:\windows\ntuneoem.dll
    2009-02-15 13:23 . 2005-09-23 17:33 348,160 --a------ c:\windows\msvcr71.dll
    2009-02-15 13:23 . 2006-09-05 15:59 217,088 --a------ c:\windows\NVGfxOgl.dll
    2009-02-15 13:23 . 2006-06-01 18:22 53,248 --a------ c:\windows\Nvgpio.dll
    2009-02-15 13:23 . 2006-08-21 10:20 45,056 --a------ c:\windows\NTuneGpu.dll
    2009-02-15 13:23 . 2006-10-13 09:12 28,672 --a------ c:\windows\AutoTuneScript.dll
    2009-02-15 13:23 . 2006-10-13 09:18 18,216 --a------ c:\windows\nvoclk64.sys
    2009-02-15 13:23 . 2006-10-13 09:18 6,912 --a------ c:\windows\nvoclock.sys
    2009-02-15 11:47 . 2009-02-15 12:05 1,044 ---h----- c:\windows\nl49f4d98.dat
    2009-02-15 11:45 . 2009-03-05 17:46 <REP> d-------- c:\windows\system32\485594
    2009-02-15 11:45 . 2009-02-15 11:45 22,528 ---h----- c:\windows\nl07.exe
    2009-02-15 11:45 . 2009-02-15 11:45 16,896 -r-hs---- c:\program files\captcha5.dll
    2009-02-15 11:45 . 2009-02-15 11:45 1 ---h----- c:\windows\nlmark2.dat
    2009-02-15 11:44 . 2009-02-15 11:44 1 ---h----- c:\windows\f5667t5.dat
    2009-02-14 17:38 . 2009-03-04 10:58 <REP> d-------- c:\program files\Teamspeak2_RC2
    2009-02-14 17:38 . 2009-02-14 17:38 <REP> d-------- c:\documents and settings\CELINE\Application Data\teamspeak2
    2009-02-14 17:38 . 2009-02-14 17:38 34,064 --a------ c:\windows\system32\lhacm.acm
    2009-02-11 19:27 . 2009-02-13 01:29 <REP> d----c--- C:\Downloads
    2009-02-11 18:45 . 2009-02-11 18:45 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools Pro
    2009-02-11 18:45 . 2009-02-11 18:45 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools
    2009-02-11 18:44 . 2009-02-11 18:44 <REP> d-------- c:\program files\DAEMON Tools Toolbar
    2009-02-11 18:44 . 2009-02-12 08:04 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-02-11 18:44 . 2009-02-11 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-02-11 18:40 . 2009-02-11 18:50 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools Lite
    2009-02-11 18:40 . 2009-02-11 18:40 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2009-02-11 17:22 . 2009-03-04 10:58 <REP> d-------- c:\program files\Pcsx2_0.9.4
    2009-02-10 00:18 . 2009-02-23 19:34 28 --a------ c:\windows\ODBC.INI
    2009-02-09 23:56 . 2009-02-23 19:34 <REP> d-------- c:\program files\RomStation
    2009-02-09 22:44 . 2009-03-04 16:43 <REP> d-------- c:\program files\PHPNukeFR
    2009-02-09 22:44 . 2009-02-09 22:44 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-08 17:41 --------- d-----w c:\program files\SuperCopier2
    2009-03-08 17:25 --------- d-----w c:\program files\Wanadoo
    2009-03-07 04:27 --------- d-----w c:\documents and settings\CELINE\Application Data\LimeWire
    2009-03-04 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-04 18:31 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-04 13:59 --------- d-----w c:\program files\Google
    2009-03-02 16:32 --------- d-----w c:\program files\Yu-Gi-Oh Virtual Battle 5
    2009-03-02 00:03 --------- d-----w c:\program files\MSI
    2009-03-01 23:52 --------- d-----w c:\program files\Setup Files
    2009-02-21 00:17 --------- d-----w c:\program files\Windows Live
    2009-02-15 16:26 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-12 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-07 14:26 --------- d-----w c:\program files\Windows Live SkyDrive
    2009-02-07 14:11 --------- d-----w c:\program files\MSECACHE
    2009-02-07 14:11 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-02-07 14:08 --------- d-----w c:\program files\Windows Installer Clean Up
    2009-02-07 13:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
    2009-02-07 13:57 --------- d-----w c:\program files\AVS4YOU
    2009-02-07 13:32 --------- d-----w c:\documents and settings\CELINE\Application Data\AVS4YOU
    2009-02-07 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
    2009-02-07 13:16 --------- d-----w c:\documents and settings\CELINE\Application Data\MSNInstaller
    2009-02-07 03:24 --------- d-----w c:\documents and settings\marie f\Application Data\Yahoo!
    2009-02-07 00:36 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-06 23:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
    2009-02-06 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-02-06 22:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-02-06 22:33 --------- d-----w c:\program files\CCleaner
    2009-02-06 22:32 --------- d-----w c:\program files\Yahoo!
    2009-02-06 22:32 --------- d-----w c:\documents and settings\CELINE\Application Data\Yahoo!
    2009-02-03 19:42 --------- d-----w c:\program files\Services en ligne
    2009-02-03 19:33 --------- d-----w c:\documents and settings\marie f\Application Data\Windows Live Writer
    2009-02-03 18:49 --------- d-----w c:\program files\Microsoft Silverlight
    2009-02-03 18:48 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2009-02-03 18:48 --------- d-----w c:\program files\Microsoft
    2009-02-03 18:47 --------- d-----w c:\program files\Microsoft Sync Framework
    2009-02-03 18:46 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2009-01-29 21:19 --------- d-----w c:\documents and settings\CELINE\Application Data\Uniblue
    2009-01-27 17:37 --------- d-----w c:\documents and settings\marie f\Application Data\FastStone
    2009-01-25 16:52 --------- d-----w c:\documents and settings\CELINE\Application Data\FastStone
    2009-01-22 00:02 --------- d-----w c:\program files\LimeWire
    2009-01-21 09:19 --------- d-----w c:\documents and settings\marie f\Application Data\MSNInstaller
    2009-01-19 22:08 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-01-19 22:08 --------- d-----w c:\program files\Java
    2009-01-19 16:46 7,617,568 ----a-w c:\program files\firefox setup 3.0.5.exe
    2009-01-11 14:06 --------- d-----w c:\documents and settings\marie f\Application Data\Media Player Classic
    2009-01-10 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-10 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
    2009-01-10 07:47 --------- d-----w c:\program files\Luxor 2
    2009-01-09 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
    2009-01-09 16:51 236,032 -c--a-w C:\OceanExpress.dat
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    .

    ------- Sigcheck -------

    2008-04-13 23:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
    2008-09-30 07:16 506368 8d52aedd07247b743a4d9bd372f69109 c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-02-16 1882136]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
    2009-02-16 16:44 1882136 --a------ c:\program files\PHPNukeFR\tbPHPN.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]
    2008-11-24 00:03 1784856 --a------ c:\program files\PHPNukeFR\tbPHP0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-02-16 1882136]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{258FE8B8-A13C-4B91-9A0C-C2D3CAB8B990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-24 15360]
    "WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-09 59392]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
    "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
    "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
    "S3Trayp"="S3trayp.exe" [2007-05-15 c:\windows\system32\S3Trayp.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-24 15360]

    c:\documents and settings\CELINE\Menu D‚marrer\Programmes\D‚marrage\
    Outil de notification Live Search.lnk - c:\documents and settings\CELINE\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-03 143360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-02-15 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\[u]0[/u]autocheck autochk *

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\RomStation\\Jeux\\Emulateurs\\Gameboy Advance\\VisualBoyAdvance.exe"=
    "c:\\Program Files\\RomStation\\Emulateurs\\Gameboy Advance\\VisualBoyAdvance.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-05 28544]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-04 20560]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-03 55136]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009-02-15 28160]
    R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-10-02 114616]
    R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009-02-15 56320]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-09-30 714240]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-10-02 63555]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102473
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: { - c:\program files\Messenger\msmsgs.exe
    TCP: {E5805E0E-0D5E-47C3-85FF-58E664A5A3E4} = 80.10.246.130 80.10.246.3
    FF - ProfilePath - c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b}\components\FFAlert.dll
    FF - component: c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\extensions\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}\components\FFAlert.dll
    FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-08 14:48:24
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-03-08 14:50:08
    ComboFix-quarantined-files.txt 2009-03-08 17:50:06
    ComboFix2.txt 2009-03-08 17:44:20

    Avant-CF: 24 377 720 832 octets libres
    Après-CF: 24,367,435,776 octets libres

    237 --- E O F --- 2009-03-07 08:54:37
    0
  12. babaz
     
    ComboFix 09-03-06.02 - CELINE 2009-03-08 14:47:30.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.894.496 [GMT -3:00]
    Lancé depuis: c:\documents and settings\CELINE\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\CELINE\Bureau\CFscript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090307-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\program files\captcha5.dll
    c:\program files\SuperCopier2\SuperCopier2.exe
    c:\windows\nl07.exe
    c:\windows\system32\drivers\ayk8n1lp.sys
    E:\ov.cmd
    F:\ov.cmd
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    [COLOR=RED] c:\windows\system32\winlogon.exe . . . est infecté!![/COLOR]

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-06 22:27 . 2009-03-06 22:37 <REP> d-------- c:\program files\Everest Poker
    2009-03-06 20:59 . 2009-03-06 20:59 20,624 --a------ c:\windows\nl.zip
    2009-03-06 20:56 . 2009-03-06 20:56 22 --a------ c:\program files\kill.zip
    2009-03-06 20:50 . 2009-03-06 20:50 <REP> d-------- c:\program files\7-Zip
    2009-03-06 14:10 . 2009-03-06 14:10 <REP> d----c--- C:\rsit
    2009-03-06 14:10 . 2009-03-06 14:35 <REP> d-------- c:\program files\trend micro
    2009-03-05 19:20 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-03-05 19:15 . 2009-03-05 19:15 <REP> d-------- c:\program files\Panda Security
    2009-03-04 16:38 . 2009-03-08 14:41 <REP> d--h----- c:\documents and settings\CELINE\Application Data\drivers
    2009-03-04 15:12 . 2009-03-04 16:30 <REP> d-------- c:\program files\FindyKill
    2009-03-04 10:30 . 2009-03-04 10:35 <REP> d-------- c:\program files\RegCleaner
    2009-03-04 05:03 . 2009-03-05 15:37 <REP> d-------- c:\program files\eMule
    2009-02-15 13:23 . 2006-10-13 09:13 1,622,016 --a------ c:\windows\NVBenchMarks.dll
    2009-02-15 13:23 . 2005-09-23 17:33 1,060,864 --a------ c:\windows\MFC71.dll
    2009-02-15 13:23 . 2005-09-23 17:33 499,712 --a------ c:\windows\msvcp71.dll
    2009-02-15 13:23 . 2006-10-13 09:16 421,888 --a------ c:\windows\nvsulib.dll
    2009-02-15 13:23 . 2006-10-13 09:18 380,928 --a------ c:\windows\ntuneoem.dll
    2009-02-15 13:23 . 2005-09-23 17:33 348,160 --a------ c:\windows\msvcr71.dll
    2009-02-15 13:23 . 2006-09-05 15:59 217,088 --a------ c:\windows\NVGfxOgl.dll
    2009-02-15 13:23 . 2006-06-01 18:22 53,248 --a------ c:\windows\Nvgpio.dll
    2009-02-15 13:23 . 2006-08-21 10:20 45,056 --a------ c:\windows\NTuneGpu.dll
    2009-02-15 13:23 . 2006-10-13 09:12 28,672 --a------ c:\windows\AutoTuneScript.dll
    2009-02-15 13:23 . 2006-10-13 09:18 18,216 --a------ c:\windows\nvoclk64.sys
    2009-02-15 13:23 . 2006-10-13 09:18 6,912 --a------ c:\windows\nvoclock.sys
    2009-02-15 11:47 . 2009-02-15 12:05 1,044 ---h----- c:\windows\nl49f4d98.dat
    2009-02-15 11:45 . 2009-03-05 17:46 <REP> d-------- c:\windows\system32\485594
    2009-02-15 11:45 . 2009-02-15 11:45 22,528 ---h----- c:\windows\nl07.exe
    2009-02-15 11:45 . 2009-02-15 11:45 16,896 -r-hs---- c:\program files\captcha5.dll
    2009-02-15 11:45 . 2009-02-15 11:45 1 ---h----- c:\windows\nlmark2.dat
    2009-02-15 11:44 . 2009-02-15 11:44 1 ---h----- c:\windows\f5667t5.dat
    2009-02-14 17:38 . 2009-03-04 10:58 <REP> d-------- c:\program files\Teamspeak2_RC2
    2009-02-14 17:38 . 2009-02-14 17:38 <REP> d-------- c:\documents and settings\CELINE\Application Data\teamspeak2
    2009-02-14 17:38 . 2009-02-14 17:38 34,064 --a------ c:\windows\system32\lhacm.acm
    2009-02-11 19:27 . 2009-02-13 01:29 <REP> d----c--- C:\Downloads
    2009-02-11 18:45 . 2009-02-11 18:45 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools Pro
    2009-02-11 18:45 . 2009-02-11 18:45 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools
    2009-02-11 18:44 . 2009-02-11 18:44 <REP> d-------- c:\program files\DAEMON Tools Toolbar
    2009-02-11 18:44 . 2009-02-12 08:04 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-02-11 18:44 . 2009-02-11 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-02-11 18:40 . 2009-02-11 18:50 <REP> d-------- c:\documents and settings\CELINE\Application Data\DAEMON Tools Lite
    2009-02-11 18:40 . 2009-02-11 18:40 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2009-02-11 17:22 . 2009-03-04 10:58 <REP> d-------- c:\program files\Pcsx2_0.9.4
    2009-02-10 00:18 . 2009-02-23 19:34 28 --a------ c:\windows\ODBC.INI
    2009-02-09 23:56 . 2009-02-23 19:34 <REP> d-------- c:\program files\RomStation
    2009-02-09 22:44 . 2009-03-04 16:43 <REP> d-------- c:\program files\PHPNukeFR
    2009-02-09 22:44 . 2009-02-09 22:44 <REP> d-------- c:\program files\Conduit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-08 17:41 --------- d-----w c:\program files\SuperCopier2
    2009-03-08 17:25 --------- d-----w c:\program files\Wanadoo
    2009-03-07 04:27 --------- d-----w c:\documents and settings\CELINE\Application Data\LimeWire
    2009-03-04 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-04 18:31 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-04 13:59 --------- d-----w c:\program files\Google
    2009-03-02 16:32 --------- d-----w c:\program files\Yu-Gi-Oh Virtual Battle 5
    2009-03-02 00:03 --------- d-----w c:\program files\MSI
    2009-03-01 23:52 --------- d-----w c:\program files\Setup Files
    2009-02-21 00:17 --------- d-----w c:\program files\Windows Live
    2009-02-15 16:26 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-12 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-07 14:26 --------- d-----w c:\program files\Windows Live SkyDrive
    2009-02-07 14:11 --------- d-----w c:\program files\MSECACHE
    2009-02-07 14:11 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-02-07 14:08 --------- d-----w c:\program files\Windows Installer Clean Up
    2009-02-07 13:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
    2009-02-07 13:57 --------- d-----w c:\program files\AVS4YOU
    2009-02-07 13:32 --------- d-----w c:\documents and settings\CELINE\Application Data\AVS4YOU
    2009-02-07 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
    2009-02-07 13:16 --------- d-----w c:\documents and settings\CELINE\Application Data\MSNInstaller
    2009-02-07 03:24 --------- d-----w c:\documents and settings\marie f\Application Data\Yahoo!
    2009-02-07 00:36 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-06 23:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
    2009-02-06 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-02-06 22:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-02-06 22:33 --------- d-----w c:\program files\CCleaner
    2009-02-06 22:32 --------- d-----w c:\program files\Yahoo!
    2009-02-06 22:32 --------- d-----w c:\documents and settings\CELINE\Application Data\Yahoo!
    2009-02-03 19:42 --------- d-----w c:\program files\Services en ligne
    2009-02-03 19:33 --------- d-----w c:\documents and settings\marie f\Application Data\Windows Live Writer
    2009-02-03 18:49 --------- d-----w c:\program files\Microsoft Silverlight
    2009-02-03 18:48 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2009-02-03 18:48 --------- d-----w c:\program files\Microsoft
    2009-02-03 18:47 --------- d-----w c:\program files\Microsoft Sync Framework
    2009-02-03 18:46 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2009-01-29 21:19 --------- d-----w c:\documents and settings\CELINE\Application Data\Uniblue
    2009-01-27 17:37 --------- d-----w c:\documents and settings\marie f\Application Data\FastStone
    2009-01-25 16:52 --------- d-----w c:\documents and settings\CELINE\Application Data\FastStone
    2009-01-22 00:02 --------- d-----w c:\program files\LimeWire
    2009-01-21 09:19 --------- d-----w c:\documents and settings\marie f\Application Data\MSNInstaller
    2009-01-19 22:08 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-01-19 22:08 --------- d-----w c:\program files\Java
    2009-01-19 16:46 7,617,568 ----a-w c:\program files\firefox setup 3.0.5.exe
    2009-01-11 14:06 --------- d-----w c:\documents and settings\marie f\Application Data\Media Player Classic
    2009-01-10 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-10 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
    2009-01-10 07:47 --------- d-----w c:\program files\Luxor 2
    2009-01-09 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
    2009-01-09 16:51 236,032 -c--a-w C:\OceanExpress.dat
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    .

    ------- Sigcheck -------

    2008-04-13 23:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
    2008-09-30 07:16 506368 8d52aedd07247b743a4d9bd372f69109 c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-02-16 1882136]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
    2009-02-16 16:44 1882136 --a------ c:\program files\PHPNukeFR\tbPHPN.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]
    2008-11-24 00:03 1784856 --a------ c:\program files\PHPNukeFR\tbPHP0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-02-16 1882136]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{258FE8B8-A13C-4B91-9A0C-C2D3CAB8B990}"= "c:\program files\PHPNukeFR\tbPHP0.dll" [2008-11-24 1784856]

    [HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-24 15360]
    "WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-09 59392]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
    "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
    "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
    "S3Trayp"="S3trayp.exe" [2007-05-15 c:\windows\system32\S3Trayp.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-24 15360]

    c:\documents and settings\CELINE\Menu D‚marrer\Programmes\D‚marrage\
    Outil de notification Live Search.lnk - c:\documents and settings\CELINE\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-03 143360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-02-15 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\[u]0[/u]autocheck autochk *

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\RomStation\\Jeux\\Emulateurs\\Gameboy Advance\\VisualBoyAdvance.exe"=
    "c:\\Program Files\\RomStation\\Emulateurs\\Gameboy Advance\\VisualBoyAdvance.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-05 28544]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-04 20560]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-03 55136]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009-02-15 28160]
    R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-10-02 114616]
    R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009-02-15 56320]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-09-30 714240]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-10-02 63555]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102473
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: { - c:\program files\Messenger\msmsgs.exe
    TCP: {E5805E0E-0D5E-47C3-85FF-58E664A5A3E4} = 80.10.246.130 80.10.246.3
    FF - ProfilePath - c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b}\components\FFAlert.dll
    FF - component: c:\documents and settings\CELINE\Application Data\Mozilla\Firefox\Profiles\pltd2bz3.default\extensions\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}\components\FFAlert.dll
    FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-08 14:48:24
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-03-08 14:50:08
    ComboFix-quarantined-files.txt 2009-03-08 17:50:06
    ComboFix2.txt 2009-03-08 17:44:20

    Avant-CF: 24 377 720 832 octets libres
    Après-CF: 24,367,435,776 octets libres

    237 --- E O F --- 2009-03-07 08:54:37
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais le message 15

    analyse ces deux sur virus total et colle le rapport:

    c:\program files\PHPNukeFR\tbPHP0.dll
    c:\program files\PHPNukeFR\tbPHPN.dll

    je mets ceci de coté:

    c:\windows\nl49f4d98.dat
    c:\windows\system32\485594
    c:\windows\nl07.exe
    c:\program files\captcha5.dll
    c:\windows\nlmark2.dat
    c:\windows\f5667t5.dat
    0
  14. babaz
     
    Fichier tbbes1.dll reçu le 2009.03.09 13:37:39 (CET)
    Situation actuelle: terminé
    Résultat: 2/39 (5.13%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.09 -
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.107 2009.03.09 -
    Authentium 5.1.0.4 2009.03.08 W32/OnlineGames.A.gen!Eldorado
    Avast 4.8.1335.0 2009.03.09 -
    AVG 8.0.0.237 2009.03.09 -
    BitDefender 7.2 2009.03.09 -
    CAT-QuickHeal 10.00 2009.03.09 -
    ClamAV 0.94.1 2009.03.06 -
    Comodo 1037 2009.03.08 -
    DrWeb 4.44.0.09170 2009.03.09 -
    eSafe 7.0.17.0 2009.03.08 -
    eTrust-Vet 31.6.6386 2009.03.06 -
    F-Prot 4.4.4.56 2009.03.08 W32/OnlineGames.A.gen!Eldorado
    F-Secure 8.0.14470.0 2009.03.09 -
    Fortinet 3.117.0.0 2009.03.09 -
    GData 19 2009.03.09 -
    Ikarus T3.1.1.45.0 2009.03.09 -
    K7AntiVirus 7.10.664 2009.03.09 -
    Kaspersky 7.0.0.125 2009.03.09 -
    McAfee 5547 2009.03.08 -
    McAfee+Artemis 5547 2009.03.08 -
    Microsoft 1.4405 2009.03.09 -
    NOD32 3919 2009.03.09 -
    Norman 6.00.06 2009.03.06 -
    nProtect 2009.1.8.0 2009.03.09 -
    Panda 10.0.0.10 2009.03.08 -
    PCTools 4.4.2.0 2009.03.09 -
    Prevx1 V2 2009.03.09 -
    Rising 21.20.02.00 2009.03.09 -
    SecureWeb-Gateway 6.7.6 2009.03.09 -
    Sophos 4.39.0 2009.03.09 -
    Sunbelt 3.2.1858.2 2009.03.08 -
    Symantec 1.4.4.12 2009.03.09 -
    TheHacker 6.3.2.7.277 2009.03.09 -
    TrendMicro 8.700.0.1004 2009.03.09 -
    VBA32 3.12.10.1 2009.03.09 -
    ViRobot 2009.3.9.1641 2009.03.09 -
    VirusBuster 4.5.11.0 2009.03.08 -
    Information additionnelle
    File size: 1882136 bytes
    MD5...: 3bcf5dd3eabc3a273aa7e865a9097678
    SHA1..: 36b46d37404016b82e099e4bed942aa8c526e7f5
    SHA256: ae5bed487fa047e3a3116beeb56765a21541e07f1f66c31caab4abfa777ca1ea
    SHA512: 07a46ba1b180669787b9234ccf256242898e47e4389d7bf41237f22ce63170a6
    c92b5e4b28b2eddf992b36743d2955791d6d3658316c809e5294a1b07fb385b5
    ssdeep: 24576:nsDFf5Z798PAKJ0Q0HWwebLTG3/xbokUXRK8PZdfGCzVQodDS:nshn6NKW
    7GdL8PXfHzVQodDS
    PEiD..: -
    TrID..: File type identification
    Windows OCX File (71.0%)
    Win32 Executable MS Visual C++ (generic) (21.6%)
    Win32 Executable Generic (4.9%)
    Generic Win/DOS Executable (1.1%)
    DOS Executable Generic (1.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xde48a
    timedatestamp.....: 0x49996da7 (Mon Feb 16 13:44:07 2009)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x10dd9b 0x10de00 6.57 104744f9b9ad0d8d50e475faad6e5d16
    .rdata 0x10f000 0x55f8f 0x56000 4.51 1468987534fb672165c77a64a041c73a
    .data 0x165000 0x6280 0x4200 4.83 f984d26980c43f7a14a7fe5099a88f42
    .rsrc 0x16c000 0x4c170 0x4c200 5.65 30d933190263878ff96b71aa97c23d80
    .reloc 0x1b9000 0x16480 0x16600 5.91 6df5e6e0a02d88b968956d3f354694b3

    ( 19 imports )
    > COMCTL32.dll: ImageList_ReplaceIcon, CreatePropertySheetPageW, PropertySheetW, CreateToolbarEx, InitCommonControlsEx, _TrackMouseEvent, ImageList_Create
    > WININET.dll: DeleteUrlCacheEntry, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, FindCloseUrlCache, InternetSetOptionExA, InternetConnectA, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, InternetQueryOptionA, HttpOpenRequestA, GetUrlCacheEntryInfoW, InternetCanonicalizeUrlA
    > SHLWAPI.dll: PathFileExistsW
    > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
    > MSIMG32.dll: GradientFill
    > urlmon.dll: URLDownloadToFileW, ObtainUserAgentString
    > CRYPT32.dll: CryptMsgClose, CryptProtectData, CryptUnprotectData, CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CertGetNameStringA
    > WINMM.dll: PlaySoundW, sndPlaySoundW, timeGetTime, PlaySoundA
    > KERNEL32.dll: GetLocalTime, GetVersionExA, GetModuleHandleW, GetLongPathNameW, GetModuleFileNameA, GetCurrentThreadId, lstrcpyA, GetTickCount, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileA, SetStdHandle, GetLocaleInfoA, FlushFileBuffers, SetFilePointer, GetConsoleMode, GetConsoleCP, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, VirtualAlloc, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, RaiseException, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, RtlUnwind, ReleaseSemaphore, CreateSemaphoreW, InterlockedExchange, GetCurrentThread, SetThreadPriority, GetComputerNameW, MoveFileExW, RemoveDirectoryW, GetProcessHeap, HeapFree, TerminateProcess, CreateToolhelp32Snapshot, Thread32First, Thread32Next, OpenProcess, LocalAlloc, InterlockedDecrement, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, WideCharToMultiByte, GetModuleHandleA, GetLastError, GetModuleFileNameW, CloseHandle, ReleaseMutex, CreateMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, LoadLibraryW, GetProcAddress, FreeLibrary, CreateDirectoryW, Beep, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, WaitForSingleObject, SetLastError, CreateThread, GetExitCodeThread, TerminateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, MultiByteToWideChar, CopyFileW, GetCurrentProcessId, lstrlenW, lstrcpyW, LocalFree
    > USER32.dll: CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, InvalidateRect, GetWindow, GetClassInfoExW, RegisterClassExW, CopyRect, UpdateWindow, GetLastInputInfo, LoadImageW, ScreenToClient, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, MoveWindow, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, DrawTextW, IsWindowEnabled, GetDlgItemTextA, FrameRect, DrawFrameControl, MessageBoxA, GetWindowThreadProcessId, AllowSetForegroundWindow, IsWindowUnicode, GetDesktopWindow, MsgWaitForMultipleObjects, EndDialog, GetDlgItemTextW, GetScrollInfo, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, IsIconic, SetForegroundWindow, PostThreadMessageA, SetWindowRgn, SetWindowPos, EnableWindow, IsDlgButtonChecked, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, CheckDlgButton, GetAsyncKeyState, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageA, SetCapture, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, SetDlgItemTextW, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, IsWindowVisible, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetSystemMetrics, KillTimer, GetWindowLongA, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, GetWindowRect, GetDC
    > GDI32.dll: GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, SetTextAlign, TextOutW, ExcludeClipRect, RoundRect, CreateRectRgn, CombineRgn, GetPixel, BitBlt, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, CreateCompatibleDC, CreateCompatibleBitmap, PlgBlt, DeleteDC, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject
    > comdlg32.dll: GetOpenFileNameW
    > ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegQueryValueExW, CryptAcquireContextA, CryptReleaseContext, OpenProcessToken, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegCloseKey
    > SHELL32.dll: SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW, ShellExecuteExW
    > ole32.dll: CoCreateInstance, CoCreateGuid, IIDFromString, StringFromGUID2, CLSIDFromString, CoUninitialize, CreateStreamOnHGlobal, CoInitialize, CoGetMalloc, StringFromIID
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > PSAPI.DLL: EnumProcessModules, GetProcessMemoryInfo, GetModuleFileNameExW
    > DNSAPI.dll: DnsQuery_A

    ( 11 exports )
    DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
    ThreatExpert info: https://www.symantec.com?md5=3bcf5dd3eabc3a273aa7e865a9097678

    Fichier tbEaze.dll reçu le 2009.03.01 11:40:45 (CET)
    Situation actuelle: terminé
    Résultat: 0/39 (0.00%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.01 -
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.98 2009.02.28 -
    Authentium 5.1.0.4 2009.02.28 -
    Avast 4.8.1335.0 2009.02.28 -
    AVG 8.0.0.237 2009.03.01 -
    BitDefender 7.2 2009.03.01 -
    CAT-QuickHeal 10.00 2009.02.28 -
    ClamAV 0.94.1 2009.03.01 -
    Comodo 986 2009.02.20 -
    DrWeb 4.44.0.09170 2009.03.01 -
    eSafe 7.0.17.0 2009.02.26 -
    eTrust-Vet 31.6.6376 2009.02.27 -
    F-Prot 4.4.4.56 2009.02.28 -
    F-Secure 8.0.14470.0 2009.03.01 -
    Fortinet 3.117.0.0 2009.03.01 -
    GData 19 2009.03.01 -
    Ikarus T3.1.1.45.0 2009.03.01 -
    K7AntiVirus 7.10.649 2009.02.27 -
    Kaspersky 7.0.0.125 2009.03.01 -
    McAfee 5539 2009.02.28 -
    McAfee+Artemis 5539 2009.02.28 -
    Microsoft 1.4306 2009.03.01 -
    NOD32 3897 2009.02.28 -
    Norman 6.00.06 2009.02.27 -
    nProtect 2009.1.8.0 2009.02.28 -
    Panda 10.0.0.10 2009.02.28 -
    PCTools 4.4.2.0 2009.02.28 -
    Prevx1 V2 2009.03.01 -
    Rising 21.18.62.00 2009.03.01 -
    SecureWeb-Gateway 6.7.6 2009.03.01 -
    Sophos 4.39.0 2009.03.01 -
    Sunbelt 3.2.1858.2 2009.02.28 -
    Symantec 10 2009.03.01 -
    TheHacker 6.3.2.6.268 2009.03.01 -
    TrendMicro 8.700.0.1004 2009.02.27 -
    VBA32 3.12.10.1 2009.03.01 -
    ViRobot 2009.2.28.1628 2009.02.28 -
    VirusBuster 4.5.11.0 2009.02.28 -
    Information additionnelle
    File size: 1784856 bytes
    MD5...: 0f720360e7ae53db2d95802ff34e301b
    SHA1..: 7a2f8d646b4c62dd322ba79c863386512d78270b
    SHA256: b6f7c14d6e019d84e23f5e65aca1c3f08910ab3be579f83c8c3a32eeae5157b8
    SHA512: 6c6e894d1b6a2ef1a179c265217e91790ab7b524695360342b8952ccb600447b
    ddb187eea8fa37ec7bd439518d66e9516606d11785fafe0fe5c0e92fd1c95017
    ssdeep: 24576:izsJeUiOskE2Yxi6oeJ38iuZb1K/AqPEGtJkfQNcoOqcNPDY8VWRfVCGYz
    VQ6fj:iK3b1K/pPE8kmTyN/WRNCpzVQ4j
    PEiD..: -
    TrID..: File type identification
    Windows OCX File (71.0%)
    Win32 Executable MS Visual C++ (generic) (21.6%)
    Win32 Executable Generic (4.9%)
    Generic Win/DOS Executable (1.1%)
    DOS Executable Generic (1.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xd0d27
    timedatestamp.....: 0x4929c537 (Sun Nov 23 21:03:51 2008)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xfea58 0xfec00 6.55 66140bee4b1c342be7721463a297bd72
    .rdata 0x100000 0x513bf 0x51400 4.52 817d037bd7388084198f1748bc15b8eb
    .data 0x152000 0x5f40 0x4000 4.75 fc9f27b3bd011562bc8319e46d5fbcea
    .rsrc 0x158000 0x49ef0 0x4a000 5.34 b3403c1179d0e6c9f6648371ab9181eb
    .reloc 0x1a2000 0x14b3a 0x14c00 5.94 2d81059c82469744da070bffee4673cb

    ( 18 imports )
    > COMCTL32.dll: InitCommonControlsEx, ImageList_ReplaceIcon, CreatePropertySheetPageW, _TrackMouseEvent, PropertySheetW, CreateToolbarEx, ImageList_Create
    > WININET.dll: FindCloseUrlCache, FindFirstUrlCacheEntryA, GetUrlCacheEntryInfoW, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, InternetCloseHandle, InternetSetOptionA, InternetSetCookieW, HttpQueryInfoA, InternetCrackUrlW, InternetCrackUrlA, InternetSetOptionExA, InternetOpenA, HttpSendRequestA, InternetGetLastResponseInfoA, InternetReadFile, InternetCanonicalizeUrlA, InternetGetConnectedState, InternetOpenUrlW, InternetOpenW, InternetSetOptionW, InternetCanonicalizeUrlW, HttpOpenRequestA, InternetQueryOptionA, InternetConnectA
    > SHLWAPI.dll: PathFileExistsW
    > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
    > MSIMG32.dll: GradientFill
    > urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
    > CRYPT32.dll: CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CryptMsgClose, CryptUnprotectData, CryptProtectData, CertCloseStore, CertFreeCertificateContext, CryptQueryObject
    > WINMM.dll: timeGetTime, PlaySoundA, sndPlaySoundW, PlaySoundW
    > KERNEL32.dll: lstrcpyA, GetTickCount, CopyFileW, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCurrentProcessId, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, TerminateThread, GetExitCodeThread, CreateThread, OutputDebugStringA, CreateProcessW, ExpandEnvironmentStringsW, Sleep, WaitForSingleObject, CreateSemaphoreW, ReleaseSemaphore, GetFileAttributesW, FreeResource, LockResource, LoadResource, FindResourceW, GetTimeFormatW, GetDateFormatW, Beep, CreateDirectoryW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLocaleInfoW, GetACP, GetCurrentThreadId, HeapSize, GetStdHandle, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetProcessHeap, GetCommandLineA, VirtualAlloc, RaiseException, ResumeThread, ExitThread, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, GetCurrentThread, SetThreadPriority, MoveFileExW, RemoveDirectoryW, WriteFile, InterlockedDecrement, OpenProcess, LocalAlloc, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleHandleA, GetLongPathNameW, GetModuleHandleW, LocalFree, GetLocalTime, GetVersionExA, GetModuleFileNameA, lstrcpyW, GetModuleFileNameW, lstrlenW, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, CreateFileA, SetStdHandle, CreateMutexW, ReleaseMutex, CloseHandle, GetLastError, GetOEMCP, LCMapStringA, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo
    > USER32.dll: GetScrollInfo, IsMenu, GetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, LoadBitmapA, SetWindowRgn, MessageBoxA, GetWindow, SetWindowPos, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, GetAsyncKeyState, TranslateMessage, EndDialog, PostThreadMessageA, MsgWaitForMultipleObjects, GetDesktopWindow, GetClassInfoExW, RegisterClassExW, CopyRect, LoadImageW, GetMessageA, GetCapture, ReleaseCapture, SetCapture, IsWindowVisible, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, IsWindowUnicode, DrawFrameControl, SetActiveWindow, DialogBoxParamW, SetForegroundWindow, FrameRect, GetDlgItemTextA, DispatchMessageA, PeekMessageA, MoveWindow, UpdateWindow, GetSysColor, GetDlgItemTextW, MessageBoxW, IsDlgButtonChecked, CheckDlgButton, EnableWindow, DrawTextW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetDC, ReleaseDC, GetWindowRect, GetSystemMetrics, KillTimer, GetWindowLongA, ShowWindow, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, SetWindowLongW, PostMessageA, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ClientToScreen, SendMessageA, GetDlgItem, IsWindow, InvalidateRect, CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetMenuInfo
    > GDI32.dll: LineTo, GetTextExtentPoint32W, GetTextAlign, GetObjectA, SetPixel, GdiFlush, Polygon, BitBlt, GetPixel, CombineRgn, CreateRectRgn, StretchBlt, RoundRect, ExcludeClipRect, TextOutW, SetTextAlign, CreatePen, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, GetStockObject, SetTextColor, SetBkMode, SetWindowOrgEx, GetWindowOrgEx, GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, DeleteDC, DeleteObject, PlgBlt, SelectObject, CreateCompatibleBitmap, MoveToEx, CreateCompatibleDC
    > comdlg32.dll: GetOpenFileNameW
    > ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, CryptReleaseContext, CryptAcquireContextA, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, RegQueryValueExW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegEnumValueW, RegCloseKey
    > SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW
    > ole32.dll: CLSIDFromString, CoUninitialize, StringFromIID, CoCreateInstance, CreateStreamOnHGlobal, CoGetMalloc, CoInitialize, IIDFromString
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > PSAPI.DLL: GetProcessMemoryInfo

    ( 11 exports )
    DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    c:\program files\PHPNukeFR\tbPHP0.dll
    c:\program files\PHPNukeFR\tbPHPN.dll
    c:\windows\nl49f4d98.dat
    c:\windows\system32\485594
    c:\windows\nl07.exe
    c:\program files\captcha5.dll
    c:\windows\nlmark2.dat
    c:\windows\f5667t5.dat
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"=-
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"= -
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"=-
    "{1c491116-c175-45e1-a570-6fb14fea8b7b}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{258FE8B8-A13C-4B91-9A0C-C2D3CAB8B990}"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________________

    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­
    ________________________

    remettre un rapport RSIt et dire les soucis actuels
    0