Bonjour, Je viens d'être attaqué par le rootkit Win32:Agent-AABX. Quelqu'un aurait-il une solution efficace, raapide et indolore pour mon odinateur? J'ai effectué plusieurs scans via rootkit detector, rootkitrevealer et gmer. Apparemment, c'est la merde et je ne suis pas du tout sûr de pouvoir gérer ce pronlème seul, mes connaissances en informatique restant limitéés. Je m'apprête à utiliser combofix qui semble un bon chasseurs. Quelqu'un l'a-t-il dèjà essayé? Qulqu'un peut-il m'aider? Merci d'avance

Infection par le rootkit Win32:Agent-AABX

Réponse 1 / 18

outstore Messages postés 225 Statut Membre 26

slt
question quel est ton antivirus?

as tu essayé avec spybot S&D?

eljose

antivirus: avast.
Je n'ai pas essayé spybot. J'ai cherché une bonne partie de la nuit un programme qui semblait efficace mais j' n'ai jamais trouvé celui la

Réponse 2 / 18

le gaulois 14 Messages postés 677 Statut Membre 8

voila le lien
http://www.commentcamarche.net/telecharger/telecharger 122 spybot

eljose

y permet quoi ce logiciel?

Réponse 3 / 18

le gaulois 14 Messages postés 677 Statut Membre 8

il désinfecte une sorte d'infection fait le et suis les conseils de outstore si il n'est pas parti
Question antivirus prend plutôt antivir d'avira conseil gratuit

Réponse 4 / 18

outstore Messages postés 225 Statut Membre 26

question antivirus evite avast .

prends un payant ou ESET NOD 32 qui est tres bien

maintenant faut pas se leurer aucun antivirus n'est perfomant a 100%

Réponse 5 / 18

le gaulois 14 Messages postés 677 Statut Membre 8

si pas trop d'argent vaut mieux en gratuit antivir, n'est ce pas ?

Réponse 6 / 18

eljose

avec des tunes, j'opterai pour la solution mac...

Réponse 7 / 18

noodles

salu,
lance combofix et laisse-le travailler sans toucher à rien.
à la fin du scan envoie le rapport ici.je t'aiderais à depiauter
son contenu.

le gaulois 14 Messages postés 677 Statut Membre 8

ouf là , tu est entre les mains d'un expert, je suis dépassé noodles combofix est super puissant,

Réponse 8 / 18

eljose

ben j'viens de lancer spybot... et il faut que je ferme toutes les applications pour lancer combofix...

le gaulois 14 Messages postés 677 Statut Membre 8

ah oui

Réponse 9 / 18

eljose

dois je faire confiance en l'expert? J'arrête spy et je lance combofix?

le gaulois 14 Messages postés 677 Statut Membre 8

oui fait lui confiance

eljose > le gaulois 14 Messages postés 677 Statut Membre

ok, je quitte tout, lance combofix et je t'envoie le rapport dès que je peux.
Merci à toi.

Réponse 10 / 18

noodles

oui combofix est très puissant mais quand il y a rootkit en général tu peux envoyer
CF sans hesiter.les drivers seront pour la plupart du temps reconnu.on y peut rien
c'est comme ca:combofix est le tool de référence,on tourne autour et on fini par l'utiliser.
alors autant le passer en premier dans ce genre de cas et au moins le rapport te sera utile
pour le nettoyage avec le script,une fois les bébêtes révélées par le rapport.

eljose59

resalut, impossible de redémarrer mon ordinateur, même en mode sans echec...
Que dois-faire?

eljose59 > eljose59

bon, j'ai finalement réussi à le redémarrer en lancant la dernière bonne configuration. J'attend le rapport de combofix

eljose > eljose59

voici le rapport de combofix.
Des modifications ont été faîtes depuis sur certains fichiers dont un dans le systèmes. Dois-je les accepter?

Rapport:

ComboFix 09-03-19.02 - charl 2009-03-22 11:06:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.601 [GMT 1:00]
Lancé depuis: c:\documents and settings\charl\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090321-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\50110040.Evt
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\UAClsmfrqoy.dat
c:\windows\Z058_jpg.zip

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_asc3550p
-------\Service_UACd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-22 au 2009-03-22 ))))))))))))))))))))))))))))))))))))
.

2009-03-22 10:04 . 2009-03-22 10:05 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 10:04 . 2009-03-22 10:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Spyware Doctor
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\62340E.SYS
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\4cc40F.SYS
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\[u]0/u2640D.SYS
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\62340E.DAT
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\4cc40F.DAT
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\[u]0/u2640D.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\a0840C.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\9a5409.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\912408.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\85f40B.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u2640A.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u26407.DAT
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a------ c:\windows\system32\drivers\sfloppy.sys
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a--c--- c:\windows\system32\dllcache\sfloppy.sys
2009-03-21 20:59 . 2009-03-21 20:59 <REP> d-------- c:\windows\LastGood
2009-03-21 20:19 . 2009-03-21 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a------ c:\windows\system32\drivers\modem.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a--c--- c:\windows\system32\dllcache\modem.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a------ c:\windows\system32\drivers\changer.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-03-19 19:17 . 2009-03-19 19:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-16 11:45 . 2009-03-16 11:45 <REP> d-------- c:\program files\iPod
2009-03-16 11:45 . 2009-03-16 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 11:38 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-09 19:21 . 2009-03-09 19:21 550 --a------ c:\windows\eReg.dat
2009-03-09 18:58 . 2009-03-11 09:12 <REP> d-------- c:\program files\GameSpy Arcade
2009-03-09 18:56 . 2009-03-09 18:59 <REP> d-------- c:\program files\EA GAMES
2009-03-07 21:16 . 2009-03-07 21:16 <REP> d-------- c:\program files\AskBarDis
2009-03-07 08:47 . 2009-03-07 08:47 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTrans
2009-03-04 09:55 . 2009-03-04 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-03 18:25 . 2009-03-03 18:25 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-25 18:21 . 2009-02-25 18:26 <REP> d-------- c:\program files\Ludi
2009-02-23 12:51 . 2009-02-23 12:51 <REP> d-------- c:\program files\Microsoft
2009-02-23 11:35 . 2009-02-23 11:35 <REP> d-------- c:\program files\Bonjour
2009-02-22 22:17 . 2009-03-21 11:33 <REP> d-------- c:\documents and settings\charl\Tracing
2009-02-22 22:11 . 2009-02-22 22:11 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-22 21:54 . 2009-02-22 21:54 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-22 15:31 . 2009-02-22 19:48 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTransDoctor
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\program files\WindSolutions
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTransControlCenter
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\CopyTransControlCenter

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 10:12 193,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-22 10:12 16,371,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-22 08:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 19:45 --------- d-----w c:\documents and settings\charl\Application Data\Azureus
2009-03-21 17:27 --------- d-----w c:\program files\eMule
2009-03-16 15:43 --------- d-----w c:\program files\Vuze
2009-03-16 10:46 --------- d-----w c:\program files\iTunes
2009-03-16 10:45 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-13 15:09 23,480 ----a-w c:\documents and settings\charl\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 15:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-23 11:51 --------- d-----w c:\program files\Windows Live
2009-02-22 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-02-20 08:25 --------- d-----w c:\program files\WinPatrol
2009-02-17 13:18 --------- d-----w c:\program files\QuickTime
2009-02-13 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-01 14:15 --------- d-----w c:\program files\Sony
2009-02-01 12:07 --------- d-----w c:\program files\Guitar Pro 5
2009-02-01 10:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-29 17:35 --------- d-----w c:\program files\PhotoFiltreeljose

Réponse 11 / 18

noodles

ton rapport est incomplet.upload le fichier texte de ton rapport ici https://www.sendspace.com/
puis copie-colle le lien de telechargement.sinon colle le rapport ici en plusieurs fois.

Réponse 12 / 18

noodles

poste le rapport en plusieurs fois car il est incomplet.

Réponse 13 / 18

eljose

ca y est c'est uploader

Réponse 14 / 18

eljose

ComboFix 09-03-19.02 - charl 2009-03-22 11:06:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.601 [GMT 1:00]
Lancé depuis: c:\documents and settings\charl\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090321-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\50110040.Evt
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\UAClsmfrqoy.dat
c:\windows\Z058_jpg.zip

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_asc3550p
-------\Service_UACd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-22 au 2009-03-22 ))))))))))))))))))))))))))))))))))))
.

2009-03-22 10:04 . 2009-03-22 10:05 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 10:04 . 2009-03-22 10:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Spyware Doctor
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\62340E.SYS
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\4cc40F.SYS
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\[u]0/u2640D.SYS
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\62340E.DAT
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\4cc40F.DAT
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\[u]0/u2640D.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\a0840C.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\9a5409.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\912408.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\85f40B.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u2640A.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u26407.DAT
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a------ c:\windows\system32\drivers\sfloppy.sys
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a--c--- c:\windows\system32\dllcache\sfloppy.sys
2009-03-21 20:59 . 2009-03-21 20:59 <REP> d-------- c:\windows\LastGood
2009-03-21 20:19 . 2009-03-21 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a------ c:\windows\system32\drivers\modem.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a--c--- c:\windows\system32\dllcache\modem.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a------ c:\windows\system32\drivers\changer.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-03-19 19:17 . 2009-03-19 19:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-16 11:45 . 2009-03-16 11:45 <REP> d-------- c:\program files\iPod
2009-03-16 11:45 . 2009-03-16 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 11:38 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-09 19:21 . 2009-03-09 19:21 550 --a------ c:\windows\eReg.dat
2009-03-09 18:58 . 2009-03-11 09:12 <REP> d-------- c:\program files\GameSpy Arcade
2009-03-09 18:56 . 2009-03-09 18:59 <REP> d-------- c:\program files\EA GAMES
2009-03-07 21:16 . 2009-03-07 21:16 <REP> d-------- c:\program files\AskBarDis
2009-03-07 08:47 . 2009-03-07 08:47 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTrans
2009-03-04 09:55 . 2009-03-04 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-03 18:25 . 2009-03-03 18:25 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-25 18:21 . 2009-02-25 18:26 <REP> d-------- c:\program files\Ludi
2009-02-23 12:51 . 2009-02-23 12:51 <REP> d-------- c:\program files\Microsoft
2009-02-23 11:35 . 2009-02-23 11:35 <REP> d-------- c:\program files\Bonjour
2009-02-22 22:17 . 2009-03-21 11:33 <REP> d-------- c:\documents and settings\charl\Tracing
2009-02-22 22:11 . 2009-02-22 22:11 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-22 21:54 . 2009-02-22 21:54 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-22 15:31 . 2009-02-22 19:48 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTransDoctor
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\program files\WindSolutions
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTransControlCenter
2009-02-22 15:25 . 2009-02-22 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\CopyTransControlCenter

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 10:12 193,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-22 10:12 16,371,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-22 08:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 19:45 --------- d-----w c:\documents and settings\charl\Application Data\Azureus
2009-03-21 17:27 --------- d-----w c:\program files\eMule
2009-03-16 15:43 --------- d-----w c:\program files\Vuze
2009-03-16 10:46 --------- d-----w c:\program files\iTunes
2009-03-16 10:45 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-13 15:09 23,480 ----a-w c:\documents and settings\charl\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 15:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-23 11:51 --------- d-----w c:\program files\Windows Live
2009-02-22 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-02-20 08:25 --------- d-----w c:\program files\WinPatrol
2009-02-17 13:18 --------- d-----w c:\program files\QuickTime
2009-02-13 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-01 14:15 --------- d-----w c:\program files\Sony
2009-02-01 12:07 --------- d-----w c:\program files\Guitar Pro 5
2009-02-01 10:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-29 17:35 --------- d-----w c:\program files\PhotoFiltre

eljose

2009-01-28 15:33 --------- d-----w c:\documents and settings\charl\Application Data\OpenOffice.org
2009-01-28 15:21 --------- d-----w c:\program files\Java
2009-01-22 22:17 --------- d-----w c:\program files\Secured eMule
2004-10-11 18:46 205,312 ----a-w c:\program files\ltefx13n.dll
2004-01-19 13:31 153,600 ----a-w c:\program files\ltfil13n.DLL
2004-01-19 12:31 27,648 ----a-w c:\program files\lfiff13n.dll
2004-01-19 12:31 20,480 ----a-w c:\program files\lfCUT13n.dll
2004-01-19 11:31 453,120 ----a-w c:\program files\ltkrn13n.dll
2004-01-19 11:12 89,600 ----a-w c:\program files\Lfcgm13n.dll
2004-01-19 10:49 278,016 ----a-w c:\program files\LFJ2K13n.dll
2004-01-19 10:49 180,736 ----a-w c:\program files\Lfpng13n.dll
2004-01-19 10:47 76,800 ----a-w c:\program files\Lfwmf13n.dll
2004-01-19 10:47 509,440 ----a-w c:\program files\LFCMW13n.dll
2004-01-19 10:45 420,352 ----a-w c:\program files\LFCMP13n.DLL
2004-01-19 10:44 143,872 ----a-w c:\program files\lftif13n.dll
2004-01-19 10:36 65,536 ----a-w c:\program files\Lfpct13n.dll
2004-01-19 10:36 56,832 ----a-w c:\program files\lfpsd13n.dll
2004-01-19 10:36 26,624 ----a-w c:\program files\lfpcx13n.dll
2004-01-19 10:36 19,968 ----a-w c:\program files\lfpcd13n.dll
2004-01-19 10:36 18,944 ----a-w c:\program files\lfmsp13n.dll
2004-01-19 10:35 20,992 ----a-w c:\program files\lfimg13n.dll
2004-01-19 10:35 18,944 ----a-w c:\program files\lfmac13n.dll
2004-01-19 10:34 31,744 ----a-w c:\program files\lfclp13n.dll
2004-01-19 10:34 30,208 ----a-w c:\program files\lfbmp13n.dll
2004-01-19 10:33 444,928 ----a-w c:\program files\ltimg13n.dll
2004-01-19 10:32 265,216 ----a-w c:\program files\LTDIS13n.dll
2000-05-02 03:17 212,480 ----a-w c:\program files\PCDLIB32.DLL
1999-11-18 22:00 284,032 ----a-w c:\program files\XceedZip.dll
2008-11-30 17:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash Media
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
--a------ 2008-07-11 17:51 423200 c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-02-26 01:01 437160 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMan"=soundman.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"nwiz"=nwiz.exe /install
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-03-07 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-03-07 234888]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - I2OMGMT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622080d1-5e23-11dc-b558-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9231f114-10d0-11de-8685-0010a719c479}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43f90a0-45b7-11dd-b6fe-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SecuUFD - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7B93CAE6-29D1-4E4C-82EF-8648E29FB31F} - hxxp://www.visiocool.com/download/cfweb_www.visiocool.com-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\charl\Application Data\Mozilla\Firefox\Profiles\f406gaow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hooseek.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 11:38:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACdomllkrp.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\UACdomllkrp.sys"
"group"="file system"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-03-22 11:41:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-22 10:41:07

Avant-CF: 7 452 536 832 octets libres
Après-CF: 7,993,659,392 octets libres

273 --- E O F --- 2009-03-21 08:13:42

eljose > eljose

lien du rapport complet que j'ai pas réussi à mettre
https://www.sendspace.com/file/g99pnj

Réponse 15 / 18

noodles

j'étudie ton rapport et t'envoie les instructions.

Réponse 16 / 18

noodles

Copie (Ctrl+C) le texte en gras ci-dessous :

File::
c:\windows\system32\drivers\62340E.SYS
c:\windows\system32\drivers\4cc40F.SYS
c:\windows\system32\drivers\[u]0/u2640D.SYS
c:\windows\system32\drivers\62340E.DAT
c:\windows\system32\drivers\4cc40F.DAT
c:\windows\system32\drivers\[u]0/u2640D.DAT
c:\windows\system32\drivers\a0840C.DAT
c:\windows\system32\drivers\9a5409.DAT
c:\windows\system32\drivers\912408.DAT
c:\windows\system32\drivers\85f40B.DAT
c:\windows\system32\drivers\[u]0/u2640A.DAT
c:\windows\system32\drivers\[u]0/u26407.DAT

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9231f114-10d0-11de-8685-0010a719c479}]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys]

Service::
ASKService
ASKUpgrade

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu as copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme dans l'image du lien ci-dessous:
http://img530.imageshack.us/img530/204/cfscriptdd4.gif

Une fenêtre bleue va apparaître ,tape 1 puis valide .(il se peut qu'il se lance directement)
Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal,
ne touche surtout à rien pendant le scan de Combofix.
Une fois le scan terminé, poste le contenu du rapport obtenu.
Ou upload-le sur Sendspace comme le précédent.

eljose

ComboFix 09-03-19.02 - charl 2009-03-23 8:39:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.466 [GMT 1:00]
Lancé depuis: c:\documents and settings\charl\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\charl\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090322-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\drivers\[u]0/u26407.DAT
c:\windows\system32\drivers\[u]0/u2640A.DAT
c:\windows\system32\drivers\[u]0/u2640D.DAT
c:\windows\system32\drivers\[u]0/u2640D.SYS
c:\windows\system32\drivers\4cc40F.DAT
c:\windows\system32\drivers\4cc40F.SYS
c:\windows\system32\drivers\62340E.DAT
c:\windows\system32\drivers\62340E.SYS
c:\windows\system32\drivers\85f40B.DAT
c:\windows\system32\drivers\912408.DAT
c:\windows\system32\drivers\9a5409.DAT
c:\windows\system32\drivers\a0840C.DAT
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\[u]0/u234C4D3
c:\program files\AskBarDis\bar\Cache\[u]0/u234D3B0.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234E1F8.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234EC6A.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234EF12.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234F25C.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234F555.bin
c:\program files\AskBarDis\bar\Cache\[u]0/u234F966.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\drivers\4cc40F.DAT
c:\windows\system32\drivers\4cc40F.SYS
c:\windows\system32\drivers\62340E.DAT
c:\windows\system32\drivers\62340E.SYS
c:\windows\system32\drivers\85f40B.DAT
c:\windows\system32\drivers\912408.DAT
c:\windows\system32\drivers\9a5409.DAT
c:\windows\system32\drivers\a0840C.DAT

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-22 18:35 . 2009-03-22 18:35 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-22 18:33 . 2009-03-22 18:33 <REP> d-------- c:\windows\Logs
2009-03-22 18:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-22 18:32 . 2009-03-22 18:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-03-22 18:32 . 2009-03-22 18:32 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-22 18:32 . 2009-03-22 18:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\documents and settings\charl\Application Data\PnkBstrK.sys
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Spyware Doctor
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\[u]0/u2640D.SYS
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\[u]0/u2640D.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u2640A.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u26407.DAT
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a------ c:\windows\system32\drivers\sfloppy.sys
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a--c--- c:\windows\system32\dllcache\sfloppy.sys
2009-03-21 20:19 . 2009-03-21 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a------ c:\windows\system32\drivers\modem.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a--c--- c:\windows\system32\dllcache\modem.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a------ c:\windows\system32\drivers\changer.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-03-19 19:17 . 2009-03-19 19:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-16 11:45 . 2009-03-16 11:45 <REP> d-------- c:\program files\iPod
2009-03-16 11:45 . 2009-03-16 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 11:38 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-09 19:21 . 2009-03-09 19:21 550 --a------ c:\windows\eReg.dat
2009-03-09 18:58 . 2009-03-11 09:12 <REP> d-------- c:\program files\GameSpy Arcade
2009-03-09 18:56 . 2009-03-09 18:59 <REP> d-------- c:\program files\EA GAMES
2009-03-07 08:47 . 2009-03-07 08:47 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTrans
2009-03-04 09:55 . 2009-03-04 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-03 18:25 . 2009-03-03 18:25 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-25 18:21 . 2009-02-25 18:26 <REP> d-------- c:\program files\Ludi
2009-02-23 12:51 . 2009-02-23 12:51 <REP> d-------- c:\program files\Microsoft
2009-02-23 11:35 . 2009-02-23 11:35 <REP> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 18:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 15:54 --------- d-----w c:\program files\eMule
2009-03-22 10:12 193,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-22 10:12 16,371,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-22 08:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 19:45 --------- d-----w c:\documents and settings\charl\Application Data\Azureus
2009-03-16 15:43 --------- d-----w c:\program files\Vuze
2009-03-16 10:46 --------- d-----w c:\program files\iTunes
2009-03-16 10:45 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-13 15:09 23,480 ----a-w c:\documents and settings\charl\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-23 11:51 --------- d-----w c:\program files\Windows Live
2009-02-22 21:11 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-02-22 20:54 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-22 18:48 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransDoctor
2009-02-22 14:25 --------- d-----w c:\program files\WindSolutions
2009-02-22 14:25 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransControlCenter
2009-02-22 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2009-02-20 08:25 --------- d-----w c:\program files\WinPatrol
2009-02-17 13:18 --------- d-----w c:\program files\QuickTime
2009-02-13 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-01 14:15 --------- d-----w c:\program files\Sony
2009-02-01 12:07 --------- d-----w c:\program files\Guitar Pro 5
2009-02-01 10:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-29 17:35 --------- d-----w c:\program files\PhotoFiltre
2009-01-28 15:33 --------- d-----w c:\documents and settings\charl\Application Data\OpenOffice.org
2009-01-28 15:21 --------- d-----w c:\program files\Java
2004-10-11 18:46 205,312 ----a-w c:\program files\ltefx13n.dll
2004-01-19 13:31 153,600 ----a-w c:\program files\ltfil13n.DLL
2004-01-19 12:31 27,648 ----a-w c:\program files\lfiff13n.dll
2004-01-19 12:31 20,480 ----a-w c:\program files\lfCUT13n.dll
2004-01-19 11:31 453,120 ----a-w c:\program files\ltkrn13n.dll
2004-01-19 11:12 89,600 ----a-w c:\program files\Lfcgm13n.dll
2004-01-19 10:49 278,016 ----a-w c:\program files\LFJ2K13n.dll
2004-01-19 10:49 180,736 ----a-w c:\program files\Lfpng13n.dll
2004-01-19 10:47 76,800 ----a-w c:\program files\Lfwmf13n.dll
2004-01-19 10:47 509,440 ----a-w c:\program files\LFCMW13n.dll
2004-01-19 10:45 420,352 ----a-w c:\program files\LFCMP13n.DLL
2004-01-19 10:44 143,872 ----a-w c:\program files\lftif13n.dll
2004-01-19 10:36 65,536 ----a-w c:\program files\Lfpct13n.dll
2004-01-19 10:36 56,832 ----a-w c:\program files\lfpsd13n.dll
2004-01-19 10:36 26,624 ----a-w c:\program files\lfpcx13n.dll
2004-01-19 10:36 19,968 ----a-w c:\program files\lfpcd13n.dll
2004-01-19 10:36 18,944 ----a-w c:\program files\lfmsp13n.dll
2004-01-19 10:35 20,992 ----a-w c:\program files\lfimg13n.dll
2004-01-19 10:35 18,944 ----a-w c:\program files\lfmac13n.dll
2004-01-19 10:34 31,744 ----a-w c:\program files\lfclp13n.dll
2004-01-19 10:34 30,208 ----a-w c:\program files\lfbmp13n.dll
2004-01-19 10:33 444,928 ----a-w c:\program files\ltimg13n.dll
2004-01-19 10:32 265,216 ----a-w c:\program files\LTDIS13n.dll
2000-05-02 03:17 212,480 ----a-w c:\program files\PCDLIB32.DLL
1999-11-18 22:00 284,032 ----a-w c:\program files\XceedZip.dll
2008-11-30 17:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-22_11.39.54.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-22 17:34:02 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-03-22 17:34:03 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-03-22 17:34:03 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-03-22 17:33:55 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:56 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:57 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:58 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:58 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:59 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:33:59 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:34:00 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:34:00 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:34:03 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-22 17:34:03 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-03-22 17:34:04 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-03-22 17:34:04 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-03-22 17:34:04 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-03-22 17:34:02 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-03-18 15:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 11:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 15:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 15:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 15:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 15:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 14:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 18:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 14:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 16:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 13:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 16:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 06:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 10:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
+ 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2006-02-03 07:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2006-02-03 07:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
+ 2007-10-22 02:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll
+ 2006-05-31 06:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll
+ 2005-12-05 17:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2009-03-23 07:42:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_568.dat
+ 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
--a------ 2008-07-11 17:51 423200 c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-02-26 01:01 437160 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMan"=soundman.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"nwiz"=nwiz.exe /install
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622080d1-5e23-11dc-b558-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43f90a0-45b7-11dd-b6fe-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7B93CAE6-29D1-4E4C-82EF-8648E29FB31F} - hxxp://www.visiocool.com/download/cfweb_www.visiocool.com-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\charl\Application Data\Mozilla\Firefox\Profiles\f406gaow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hooseek.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 08:52:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-03-23 8:55:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-23 07:54:56
ComboFix2.txt 2009-03-22 10:41:21

Avant-CF: 11 516 477 440 octets libres
Après-CF: 11,509,460,992 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

385 --- E O F --- 2009-03-21 08:13:42

Réponse 17 / 18

noodles

Copie (Ctrl+C) le texte en gras ci-dessous (y compris l'url du topic):

http://www.commentcamarche.net/forum/affich-11645008-infection-par-le-rootkit-win32-agent-aabx

Collect::[4]
c:\windows\system32\drivers\[u]0/u2640D.SYS
c:\windows\system32\drivers\[u]0/u2640D.DAT
c:\windows\system32\drivers\[u]0/u2640A.DAT
c:\windows\system32\drivers\[u]0/u26407.DAT

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu as copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme dans l'image du lien ci-dessous:
http://img530.imageshack.us/img530/204/cfscriptdd4.gif

Une fenêtre bleue va apparaître ,tape 1 puis valide .(il se peut qu'il se lance directement)
Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal,
ne touche surtout à rien pendant le scan de Combofix.
Une fois le scan terminé, poste le contenu du rapport obtenu.

ensuite télécharge MBAM https://www.malwarebytes.com/
fais un scan complet,supprime ce qu'il trouve et poste le rapport aussi.

eljose

ComboFix 09-03-19.02 - charl 2009-03-23 12:16:01.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.667 [GMT 1:00]
Lancé depuis: c:\documents and settings\charl\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\charl\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090322-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-23 08:56 . 2009-03-23 08:56 <REP> d-------- c:\program files\AskBardis
2009-03-22 18:35 . 2009-03-22 18:35 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-22 18:33 . 2009-03-22 18:33 <REP> d-------- c:\windows\Logs
2009-03-22 18:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-22 18:32 . 2009-03-22 18:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-03-22 18:32 . 2009-03-22 18:32 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-22 18:32 . 2009-03-22 18:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\documents and settings\charl\Application Data\PnkBstrK.sys
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Spyware Doctor
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\[u]0/u2640D.SYS
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\[u]0/u2640D.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u2640A.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u26407.DAT
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a------ c:\windows\system32\drivers\sfloppy.sys
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a--c--- c:\windows\system32\dllcache\sfloppy.sys
2009-03-21 20:19 . 2009-03-21 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a------ c:\windows\system32\drivers\modem.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a--c--- c:\windows\system32\dllcache\modem.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a------ c:\windows\system32\drivers\changer.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-03-19 19:17 . 2009-03-19 19:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-16 11:45 . 2009-03-16 11:45 <REP> d-------- c:\program files\iPod
2009-03-16 11:45 . 2009-03-16 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 11:38 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-09 19:21 . 2009-03-09 19:21 550 --a------ c:\windows\eReg.dat
2009-03-09 18:58 . 2009-03-11 09:12 <REP> d-------- c:\program files\GameSpy Arcade
2009-03-09 18:56 . 2009-03-09 18:59 <REP> d-------- c:\program files\EA GAMES
2009-03-07 08:47 . 2009-03-07 08:47 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTrans
2009-03-04 09:55 . 2009-03-04 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-03 18:25 . 2009-03-03 18:25 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-25 18:21 . 2009-02-25 18:26 <REP> d-------- c:\program files\Ludi
2009-02-23 12:51 . 2009-02-23 12:51 <REP> d-------- c:\program files\Microsoft
2009-02-23 11:35 . 2009-02-23 11:35 <REP> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 18:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 15:54 --------- d-----w c:\program files\eMule
2009-03-22 10:12 193,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-22 10:12 16,371,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-22 08:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 19:45 --------- d-----w c:\documents and settings\charl\Application Data\Azureus
2009-03-16 15:43 --------- d-----w c:\program files\Vuze
2009-03-16 10:46 --------- d-----w c:\program files\iTunes
2009-03-16 10:45 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-13 15:09 23,480 ----a-w c:\documents and settings\charl\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-23 11:51 --------- d-----w c:\program files\Windows Live
2009-02-22 21:11 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-02-22 20:54 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-22 18:48 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransDoctor
2009-02-22 14:25 --------- d-----w c:\program files\WindSolutions
2009-02-22 14:25 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransControlCenter
2009-02-22 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2009-02-20 08:25 --------- d-----w c:\program files\WinPatrol
2009-02-17 13:18 --------- d-----w c:\program files\QuickTime
2009-02-13 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-01 14:15 --------- d-----w c:\program files\Sony
2009-02-01 12:07 --------- d-----w c:\program files\Guitar Pro 5
2009-02-01 10:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-29 17:35 --------- d-----w c:\program files\PhotoFiltre
2009-01-28 15:33 --------- d-----w c:\documents and settings\charl\Application Data\OpenOffice.org
2009-01-28 15:21 --------- d-----w c:\program files\Java
2004-10-11 18:46 205,312 ----a-w c:\program files\ltefx13n.dll
2004-01-19 13:31 153,600 ----a-w c:\program files\ltfil13n.DLL
2004-01-19 12:31 27,648 ----a-w c:\program files\lfiff13n.dll
2004-01-19 12:31 20,480 ----a-w c:\program files\lfCUT13n.dll
2004-01-19 11:31 453,120 ----a-w c:\program files\ltkrn13n.dll
2004-01-19 11:12 89,600 ----a-w c:\program files\Lfcgm13n.dll
2004-01-19 10:49 278,016 ----a-w c:\program files\LFJ2K13n.dll
2004-01-19 10:49 180,736 ----a-w c:\program files\Lfpng13n.dll
2004-01-19 10:47 76,800 ----a-w c:\program files\Lfwmf13n.dll
2004-01-19 10:47 509,440 ----a-w c:\program files\LFCMW13n.dll
2004-01-19 10:45 420,352 ----a-w c:\program files\LFCMP13n.DLL
2004-01-19 10:44 143,872 ----a-w c:\program files\lftif13n.dll
2004-01-19 10:36 65,536 ----a-w c:\program files\Lfpct13n.dll
2004-01-19 10:36 56,832 ----a-w c:\program files\lfpsd13n.dll
2004-01-19 10:36 26,624 ----a-w c:\program files\lfpcx13n.dll
2004-01-19 10:36 19,968 ----a-w c:\program files\lfpcd13n.dll
2004-01-19 10:36 18,944 ----a-w c:\program files\lfmsp13n.dll
2004-01-19 10:35 20,992 ----a-w c:\program files\lfimg13n.dll
2004-01-19 10:35 18,944 ----a-w c:\program files\lfmac13n.dll
2004-01-19 10:34 31,744 ----a-w c:\program files\lfclp13n.dll
2004-01-19 10:34 30,208 ----a-w c:\program files\lfbmp13n.dll
2004-01-19 10:33 444,928 ----a-w c:\program files\ltimg13n.dll
2004-01-19 10:32 265,216 ----a-w c:\program files\LTDIS13n.dll
2000-05-02 03:17 212,480 ----a-w c:\program files\PCDLIB32.DLL
1999-11-18 22:00 284,032 ----a-w c:\program files\XceedZip.dll
2008-11-30 17:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
--a------ 2008-07-11 17:51 423200 c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-02-26 01:01 437160 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMan"=soundman.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"nwiz"=nwiz.exe /install
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622080d1-5e23-11dc-b558-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43f90a0-45b7-11dd-b6fe-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7B93CAE6-29D1-4E4C-82EF-8648E29FB31F} - hxxp://www.visiocool.com/download/cfweb_www.visiocool.com-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\charl\Application Data\Mozilla\Firefox\Profiles\f406gaow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hooseek.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 12:18:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-03-23 12:20:03
ComboFix-quarantined-files.txt 2009-03-23 11:19:58
ComboFix2.txt 2009-03-23 07:55:09
ComboFix3.txt 2009-03-22 10:41:21

Avant-CF: 11 542 519 808 octets libres
Après-CF: 11,528,634,368 octets libres

220 --- E O F --- 2009-03-21 08:13:42

eljose > eljose

voici le rapport de mbam qui suit celui de combofire:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1887
Windows 5.1.2600 Service Pack 3

23/03/2009 13:42:22
mbam-log-2009-03-23 (13-42-22).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 166485
Temps écoulé: 1 hour(s), 10 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\UACawqjuebd.log (Trojan.Agent) -> Quarantined and deleted successfully.

Réponse 18 / 18

noodles

il y a résistance de la part de certains fichiers qui s'incrustent.refais un CFScript
avec ceci

Rootkit::
c:\windows\system32\drivers\[u]0/u2640D.SYS
c:\windows\system32\drivers\[u]0/u2640D.DAT
c:\windows\system32\drivers\[u]0/u2640A.DAT
c:\windows\system32\drivers\[u]0/u26407.DAT

(tu peux ouvrir d'un clic-droit/Modifier le précédent ,effacer son contenu et mettre
ce que tu as en gras à la place.) poste le rapport qui s'en suivra.

eljose

voici le rapport de CF:

ComboFix 09-03-22.01 - charl 2009-03-23 14:53:17.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.617 [GMT 1:00]
Lancé depuis: c:\documents and settings\charl\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\charl\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090322-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-23 12:29 . 2009-03-23 12:29 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:29 . 2009-03-23 12:29 <REP> d-------- c:\documents and settings\charl\Application Data\Malwarebytes
2009-03-23 12:29 . 2009-03-23 12:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:29 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:29 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 08:56 . 2009-03-23 08:56 <REP> d-------- c:\program files\AskBardis
2009-03-22 18:35 . 2009-03-22 18:35 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-22 18:33 . 2009-03-22 18:33 <REP> d-------- c:\windows\Logs
2009-03-22 18:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-22 18:32 . 2009-03-22 18:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-03-22 18:32 . 2009-03-22 18:32 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-22 18:32 . 2009-03-22 18:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-22 18:32 . 2009-03-22 18:32 22,328 --a------ c:\documents and settings\charl\Application Data\PnkBstrK.sys
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 10:04 . 2009-03-22 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Spyware Doctor
2009-03-22 01:49 . 2009-03-22 09:28 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-22 01:23 . 2009-03-22 01:23 33,120 --a------ c:\windows\system32\drivers\[u]0/u2640D.SYS
2009-03-22 01:23 . 2009-03-22 01:28 1,330 --ahs---- c:\windows\system32\drivers\[u]0/u2640D.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u2640A.DAT
2009-03-22 01:23 . 2009-03-22 01:23 674 --ahs---- c:\windows\system32\drivers\[u]0/u26407.DAT
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a------ c:\windows\system32\drivers\sfloppy.sys
2009-03-21 23:15 . 2008-04-13 19:40 11,392 --a--c--- c:\windows\system32\dllcache\sfloppy.sys
2009-03-21 20:19 . 2009-03-21 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-13 19:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a------ c:\windows\system32\drivers\modem.sys
2009-03-21 19:12 . 2008-04-14 02:53 30,336 --a--c--- c:\windows\system32\dllcache\modem.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys
2009-03-21 18:57 . 2008-04-13 19:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-03-21 18:56 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a------ c:\windows\system32\drivers\changer.sys
2009-03-21 18:56 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-03-19 19:17 . 2009-03-19 19:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-16 11:45 . 2009-03-16 11:45 <REP> d-------- c:\program files\iPod
2009-03-16 11:45 . 2009-03-16 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 11:38 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-09 19:21 . 2009-03-09 19:21 550 --a------ c:\windows\eReg.dat
2009-03-09 18:58 . 2009-03-11 09:12 <REP> d-------- c:\program files\GameSpy Arcade
2009-03-09 18:56 . 2009-03-09 18:59 <REP> d-------- c:\program files\EA GAMES
2009-03-07 08:47 . 2009-03-07 08:47 <REP> d-------- c:\documents and settings\charl\Application Data\CopyTrans
2009-03-04 09:55 . 2009-03-04 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-03 18:25 . 2009-03-03 18:25 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-25 18:21 . 2009-02-25 18:26 <REP> d-------- c:\program files\Ludi
2009-02-23 12:51 . 2009-02-23 12:51 <REP> d-------- c:\program files\Microsoft
2009-02-23 11:35 . 2009-02-23 11:35 <REP> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 18:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 15:54 --------- d-----w c:\program files\eMule
2009-03-22 10:12 193,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-22 10:12 16,371,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-22 08:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 19:45 --------- d-----w c:\documents and settings\charl\Application Data\Azureus
2009-03-16 15:43 --------- d-----w c:\program files\Vuze
2009-03-16 10:46 --------- d-----w c:\program files\iTunes
2009-03-16 10:45 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-13 15:09 23,480 ----a-w c:\documents and settings\charl\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-23 11:51 --------- d-----w c:\program files\Windows Live
2009-02-22 21:11 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-02-22 20:54 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-22 18:48 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransDoctor
2009-02-22 14:25 --------- d-----w c:\program files\WindSolutions
2009-02-22 14:25 --------- d-----w c:\documents and settings\charl\Application Data\CopyTransControlCenter
2009-02-22 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2009-02-20 08:25 --------- d-----w c:\program files\WinPatrol
2009-02-17 13:18 --------- d-----w c:\program files\QuickTime
2009-02-13 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-01 14:15 --------- d-----w c:\program files\Sony
2009-02-01 12:07 --------- d-----w c:\program files\Guitar Pro 5
2009-02-01 10:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-29 17:35 --------- d-----w c:\program files\PhotoFiltre
2009-01-28 15:33 --------- d-----w c:\documents and settings\charl\Application Data\OpenOffice.org
2009-01-28 15:21 --------- d-----w c:\program files\Java
2004-10-11 18:46 205,312 ----a-w c:\program files\ltefx13n.dll
2004-01-19 13:31 153,600 ----a-w c:\program files\ltfil13n.DLL
2004-01-19 12:31 27,648 ----a-w c:\program files\lfiff13n.dll
2004-01-19 12:31 20,480 ----a-w c:\program files\lfCUT13n.dll
2004-01-19 11:31 453,120 ----a-w c:\program files\ltkrn13n.dll
2004-01-19 11:12 89,600 ----a-w c:\program files\Lfcgm13n.dll
2004-01-19 10:49 278,016 ----a-w c:\program files\LFJ2K13n.dll
2004-01-19 10:49 180,736 ----a-w c:\program files\Lfpng13n.dll
2004-01-19 10:47 76,800 ----a-w c:\program files\Lfwmf13n.dll
2004-01-19 10:47 509,440 ----a-w c:\program files\LFCMW13n.dll
2004-01-19 10:45 420,352 ----a-w c:\program files\LFCMP13n.DLL
2004-01-19 10:44 143,872 ----a-w c:\program files\lftif13n.dll
2004-01-19 10:36 65,536 ----a-w c:\program files\Lfpct13n.dll
2004-01-19 10:36 56,832 ----a-w c:\program files\lfpsd13n.dll
2004-01-19 10:36 26,624 ----a-w c:\program files\lfpcx13n.dll
2004-01-19 10:36 19,968 ----a-w c:\program files\lfpcd13n.dll
2004-01-19 10:36 18,944 ----a-w c:\program files\lfmsp13n.dll
2004-01-19 10:35 20,992 ----a-w c:\program files\lfimg13n.dll
2004-01-19 10:35 18,944 ----a-w c:\program files\lfmac13n.dll
2004-01-19 10:34 31,744 ----a-w c:\program files\lfclp13n.dll
2004-01-19 10:34 30,208 ----a-w c:\program files\lfbmp13n.dll
2004-01-19 10:33 444,928 ----a-w c:\program files\ltimg13n.dll
2004-01-19 10:32 265,216 ----a-w c:\program files\LTDIS13n.dll
2000-05-02 03:17 212,480 ----a-w c:\program files\PCDLIB32.DLL
1999-11-18 22:00 284,032 ----a-w c:\program files\XceedZip.dll
2008-11-30 17:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008113020081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-03-23_ 8.53.42.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-23 13:57:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_56c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
--a------ 2008-07-11 17:51 423200 c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-02-26 01:01 437160 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMan"=soundman.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"nwiz"=nwiz.exe /install
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622080d1-5e23-11dc-b558-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43f90a0-45b7-11dd-b6fe-0010a719c479}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7B93CAE6-29D1-4E4C-82EF-8648E29FB31F} - hxxp://www.visiocool.com/download/cfweb_www.visiocool.com-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\charl\Application Data\Mozilla\Firefox\Profiles\f406gaow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hooseek.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 14:57:14
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-23 15:01:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-23 14:00:53
ComboFix2.txt 2009-03-23 11:20:05
ComboFix3.txt 2009-03-23 07:55:09
ComboFix4.txt 2009-03-22 10:41:21

Avant-CF: 11 477 577 728 octets libres
Après-CF: 11,459,256,320 octets libres

244 --- E O F --- 2009-03-21 08:13:42

eljose > eljose

c'est bon, il est réparé l'ordi?

Infection par le rootkit Win32:Agent-AABX

18 réponses

Votre réponse

Discussions similaires

Newsletters