Mon pc est infecté par brontok.a

YOUCEF69 -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Depuis quelque temps j'ai remarqué une étrange fenetre qui s'ouvrait sur internet sur un fond vert et ecrit en gras BRONTOK.a.J'ai directe pensé que c'était un virus plus exactement un vers j'ai télécharger plusieur antivirus mais rien ne fais BRONTOK est toujour la Est ce que y'aurais quelqun qui pourait m'aider sa serait super gentil.
Configuration: Windows XP
Firefox 3.5.6

33 réponses

  • 1
  • 2
Résumé de la discussion

Le problème décrit une fenêtre suspecte affichant BRONTOK.a sur un ordinateur sous Windows XP avec Firefox 3.5.6, perçue comme potentiellement virale et liée à une alerte visuelle récurrente. Plusieurs intervenants proposent des pistes et des outils de désinfection, tels RSIT, OTM et HijackThis, suivis d’analyses en ligne avec Bitdefender et des rapports à partager pour expertises. Les échanges se succèdent autour de guidages techniques et de remarques de prudence, avec des procédures étape par étape et des rapports détaillés, rappelant l’importance de rester sur un seul fil pour l’aide. D'autres avertissements signalent l'ouverture de multiples sujets et insistent sur la nécessité de suivre les conseils donnés, sans aboutir à une conclusion sur l'état du problème.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir Tous le monde !

    Tout d'abord merci pimprenelle27 je n'avais pas fait attention a ce double sujet !

    Youcef69, effectivement tu as fait une chose qui ne ce fait pas, premièrement et le plus important pour le bon fonctionnement de ton PC si tu fait faire des manipulations par deux personnes il peut d'une y avoir confusion et des risques irrémédiable.
    Deuxièmement pour une histoire de honnêteté il faut prendre en compte que nous sommes comme toi' soit messieurs tout le monde et qui si nous aidons cela est fait bénévolement et tu nous fait perdre du temps et de l'énergie de plus tu empêche peut-être une autre personne d'être aider.
    Si l'on te dépanne c'est avec plaisir car on aime ce que l'on fait et il faut être patient quand aux réponses attendus.



    4
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir
    Je vais te guider pour la désinfection de ton PC.

    Commence par ceci :

    ● Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    ● Double-clique sur RSIT.exe afin de lancer RSIT.

    ● Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    ● Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    ● Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    ● Poste le contenu de log.txt

    0
  3. Youcef69 Messages postés 42 Statut Membre
     
    MERCI BEAUCOUP DE VOULOIR M' aider je vais
    telecharger le logiciel
    0
  4. Youcef69 Messages postés 42 Statut Membre
     
    Voici le rapport de log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by administrateur2 at 2010-01-03 19:52:30
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 49 GB (64%) free of 76 GB
    Total RAM: 247 MB (8% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53:01, on 03/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\administrateur2\Mes documents\Téléchargements\RSIT.exe
    C:\Program Files\trend micro\administrateur2.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe
    O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\administrateur2\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
    O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
    O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Youcef, tu éviteras d'ouvrir plusieurs sujets, reste ici s'il te plait
    0
  7. Youcef69 Messages postés 42 Statut Membre
     
    oki alor que doije faire aidez moi svp
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok

    Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ● Déconnecte toi d'internet et ferme toutes tes applications.

    ● Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

    ● Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

    ● /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\

    ● Attends que Combofix ait terminé, un rapport sera créé.

    ● réactive ton parefeu, ton antivirus, la garde de ton antispyware

    ● copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

    ● Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

    0
  9. Youcef69 Messages postés 42 Statut Membre
     
    SVP AIDEZ MOI MON PC EST INFECTER PAR DES VIRUS JE VOU EST POSTER LES RAPPORT UN PEU PLU EN HAUT
    0
    1. Utilisateur anonyme
       
      Comme te la dis Green-Day nous sommes des bénévoles pas des robots !

      Évite les majuscule c'est hors charte et soit plus polit.

      Bonne chasse !
      0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    regarde plus haut !!
    0
  11. Youcef69 Messages postés 42 Statut Membre
     
    Merci beaucoup de m'aider je vais faire sa je te poste le rappor dans quelque minute
    0
  12. Youcef69 Messages postés 42 Statut Membre
     
    Voici le rapport dsl pour tous ce temps:
    ComboFix 10-01-03.01 - administrateur2 03/01/2010 22:48:16.1.1 - x86
    Lancé depuis: c:\documents and settings\administrateur2\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\documents and settings\admin\Local Settings\Application Data\Bron.tok.A3.em.bin
    c:\documents and settings\admin\Local Settings\Application Data\Kosong.Bron.Tok.txt
    c:\documents and settings\admin\Local Settings\Application Data\Update.3.Bron.Tok.bin
    c:\documents and settings\Administrateur\Local Settings\Application Data\Bron.tok-3-2
    c:\documents and settings\Administrateur\Local Settings\Application Data\Bron.tok.A3.em.bin
    c:\documents and settings\Administrateur\Local Settings\Application Data\BronFoldNetDomList.txt
    c:\documents and settings\Administrateur\Local Settings\Application Data\BronNetDomList.bat
    c:\documents and settings\Administrateur\Local Settings\Application Data\Kosong.Bron.Tok.txt
    c:\documents and settings\Administrateur\Local Settings\Application Data\Update.3.Bron.Tok.bin
    c:\documents and settings\administrateur2\Local Settings\Application Data\Bron.tok.A3.em.bin
    c:\documents and settings\administrateur2\Local Settings\Application Data\Kosong.Bron.Tok.txt
    c:\documents and settings\All Users\Application Data\hpe195.dll
    c:\documents and settings\sidahmed\Local Settings\Application Data\Bron.tok.A3.em.bin
    c:\documents and settings\sidahmed\Local Settings\Application Data\Kosong.Bron.Tok.txt
    c:\documents and settings\sidahmed\Local Settings\Application Data\Update.3.Bron.Tok.bin
    c:\program files\QUAD Utilities
    c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
    C:\Thumbs.db
    c:\windows\EventSystem.log
    c:\windows\system32\Ijl11.dll

    Une copie infectée de c:\windows\system32\midimap.dll a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\midimap.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-03 19:57 . 2010-01-03 19:57 -------- d-----w- C:\27c646bc3aa0da8bfa246413f04792cd
    2010-01-03 19:51 . 2010-01-03 19:51 -------- d-----w- C:\e8a4a7bceae06555a2
    2010-01-03 19:14 . 2010-01-03 20:36 -------- d-----w- c:\program files\CleanUp!
    2010-01-03 18:52 . 2010-01-03 20:52 -------- d-----w- C:\rsit
    2010-01-02 22:43 . 2010-01-02 22:43 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-01-02 22:05 . 2010-01-02 22:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-01-02 22:05 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-01-02 22:05 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-01-02 22:05 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-01-02 22:05 . 2010-01-02 22:05 -------- d-----w- c:\program files\Avira
    2010-01-02 22:05 . 2010-01-02 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-01-02 19:54 . 2010-01-02 19:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-01-02 19:54 . 2010-01-02 19:54 -------- d-sh--w- c:\documents and settings\administrateur2\IETldCache
    2010-01-02 19:50 . 2010-01-02 19:50 -------- d--h--w- c:\windows\msdownld.tmp
    2010-01-02 19:45 . 2010-01-02 22:15 -------- d-----w- c:\windows\ie8updates
    2010-01-02 19:36 . 2010-01-02 19:41 -------- dc-h--w- c:\windows\ie8
    2010-01-02 19:27 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-01-02 19:27 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-01-02 19:25 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-01-02 19:09 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Loc.Mail.Bron.Tok
    2010-01-02 19:09 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Ok-SendMail-Bron-tok
    2010-01-02 18:57 . 2010-01-02 18:57 -------- d-----w- C:\found.002
    2010-01-02 14:41 . 2010-01-02 14:41 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Malwarebytes
    2010-01-02 14:18 . 2010-01-02 14:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-01-02 14:18 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-02 14:18 . 2010-01-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-02 14:18 . 2010-01-02 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-02 14:18 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-02 14:06 . 2010-01-02 14:06 -------- d-----w- C:\Kill'em
    2010-01-02 13:38 . 2010-01-03 20:48 -------- d-----w- c:\program files\trend micro
    2010-01-02 12:48 . 2010-01-02 12:48 -------- d-----w- c:\program files\Fichiers communs\Skype
    2010-01-02 09:53 . 2010-01-02 09:53 -------- d-----w- c:\program files\Sophos
    2010-01-01 21:06 . 2010-01-02 19:02 -------- d-----w- c:\program files\Panda Security
    2010-01-01 21:02 . 2010-01-01 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-12-29 22:56 . 2009-12-29 22:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Geckofx
    2009-12-21 12:11 . 2009-12-21 12:12 -------- d-----w- c:\documents and settings\sidahmed\Application Data\Apple Computer
    2009-12-21 07:50 . 2009-12-21 07:50 10056 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-20 11:15 . 2009-12-25 18:57 -------- d-----w- c:\documents and settings\sidahmed\Local Settings\Application Data\Loc.Mail.Bron.Tok
    2009-12-20 11:14 . 2009-12-20 11:14 -------- d-----w- c:\documents and settings\sidahmed\Local Settings\Application Data\Ok-SendMail-Bron-tok
    2009-12-19 17:56 . 2010-01-01 20:03 -------- d-----w- c:\documents and settings\administrateur2\Local Settings\Application Data\Loc.Mail.Bron.Tok
    2009-12-19 17:55 . 2009-12-19 17:55 -------- d-----w- c:\documents and settings\administrateur2\Local Settings\Application Data\Ok-SendMail-Bron-tok
    2009-12-19 14:35 . 2009-12-26 11:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Loc.Mail.Bron.Tok
    2009-12-19 14:34 . 2009-12-19 14:34 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Ok-SendMail-Bron-tok
    2009-12-19 09:39 . 2009-12-19 14:19 -------- d-----w- c:\documents and settings\admin\Application Data\Apple Computer
    2009-12-18 12:55 . 2009-12-21 12:12 -------- d-----w- c:\documents and settings\sidahmed\Local Settings\Application Data\Apple Computer
    2009-12-16 21:47 . 2009-12-16 21:47 -------- d-----w- c:\documents and settings\administrateur2\Local Settings\Application Data\Geckofx
    2009-12-16 21:46 . 2009-12-16 21:47 888804 ----a-w- c:\documents and settings\administrateur2\Application Data\OpenCandy\audioro-ipod-converter.exe
    2009-12-16 21:46 . 2009-12-16 21:46 -------- d-----w- c:\documents and settings\administrateur2\Application Data\OpenCandy
    2009-12-16 21:45 . 2009-12-19 22:31 -------- d-----w- c:\program files\AviSynth 2.5
    2009-12-16 21:45 . 2009-12-16 21:45 -------- d-----w- c:\program files\Red Kawa
    2009-12-16 18:57 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-12-16 18:57 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-12-16 18:56 . 2009-12-16 18:56 -------- d-----w- c:\program files\iPod
    2009-12-16 18:55 . 2009-12-16 19:08 -------- d-----w- c:\program files\iTunes
    2009-12-16 18:55 . 2009-12-16 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-16 18:53 . 2009-12-16 18:53 -------- d-----w- c:\program files\Bonjour
    2009-12-16 18:51 . 2009-12-16 18:53 -------- d-----w- c:\program files\QuickTime
    2009-12-16 18:51 . 2009-12-16 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-16 18:48 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-12-16 18:48 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-12-16 18:46 . 2009-12-16 18:56 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-12-12 21:21 . 2009-12-12 21:22 -------- d-----w- c:\program files\RocketDock
    2009-12-12 21:10 . 2009-12-12 21:10 -------- d-----w- c:\documents and settings\administrateur2\Local Settings\Application Data\AKSoftware
    2009-12-12 20:57 . 2009-12-16 19:18 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Apple Computer
    2009-12-12 20:56 . 2009-12-21 07:58 -------- d-----w- c:\documents and settings\administrateur2\Local Settings\Application Data\Apple Computer
    2009-12-05 20:05 . 2009-12-05 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
    2009-12-05 19:59 . 2009-12-05 19:59 -------- d-----w- c:\documents and settings\admin\Application Data\Samsung
    2009-12-05 12:59 . 2009-12-05 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-03 18:20 . 2008-11-30 20:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-02 16:40 . 2009-07-12 14:24 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Skype
    2010-01-02 16:40 . 2009-07-24 17:03 -------- d-----w- c:\documents and settings\administrateur2\Application Data\skypePM
    2010-01-02 12:48 . 2009-04-27 17:32 -------- d-----r- c:\program files\Skype
    2010-01-02 12:47 . 2009-04-27 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-01-02 10:28 . 2009-12-02 05:53 79488 ----a-w- c:\documents and settings\administrateur2\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-25 17:08 . 2009-08-04 21:47 -------- d-----w- c:\documents and settings\administrateur2\Application Data\dvdcss
    2009-12-16 19:06 . 2009-12-04 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-12 20:14 . 2008-11-30 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-12 20:14 . 2009-07-15 16:01 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Samsung
    2009-12-12 20:14 . 2008-12-05 20:24 -------- d-----w- c:\program files\Samsung
    2009-12-11 11:48 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
    2009-12-11 11:48 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
    2009-12-07 16:42 . 2009-12-01 14:42 79488 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-04 18:32 . 2009-12-04 17:55 -------- d-----w- c:\program files\Sony Ericsson
    2009-12-04 18:32 . 2009-12-04 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
    2009-12-04 18:31 . 2009-12-04 18:31 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
    2009-12-04 18:31 . 2009-12-04 18:30 -------- d-----w- c:\program files\Sony
    2009-12-04 18:31 . 2009-12-04 18:31 10134 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
    2009-12-04 18:30 . 2009-12-04 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-12-04 18:27 . 2009-12-04 18:26 -------- d-----w- c:\program files\Apple Software Update
    2009-12-04 18:26 . 2009-12-04 18:22 21935408 ----a-w- c:\documents and settings\admin\Application Data\Sony Setup\A189E68E-2253-4c3b-86B7-D77E36F13C55\QuickTimeInstaller.exe
    2009-12-04 18:22 . 2009-12-04 18:17 -------- d-----w- c:\documents and settings\admin\Application Data\Sony Setup
    2009-12-04 18:17 . 2009-12-04 18:17 -------- d-----w- c:\documents and settings\admin\Application Data\Sony
    2009-12-04 18:17 . 2009-12-04 18:17 -------- d-----w- c:\program files\Sony Setup
    2009-12-02 06:59 . 2009-12-01 17:59 79488 ----a-w- c:\documents and settings\sidahmed\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\documents and settings\admin\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\program files\TweetDeck
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2009-11-19 14:29 . 2009-11-19 14:32 38208 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-19 14:29 . 2009-11-19 14:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-19 14:25 . 2009-08-12 23:50 1924440 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-11 15:39 . 2009-01-14 22:44 14600 ----a-w- c:\documents and settings\sidahmed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-10 17:19 . 2008-12-03 12:28 14600 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-07 21:19 . 2009-11-07 21:18 -------- d-----w- c:\program files\UltraMixer
    2009-11-06 19:11 . 2009-07-09 12:51 14600 ----a-w- c:\documents and settings\administrateur2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-06 19:10 . 2008-11-30 19:50 -------- d-----w- c:\program files\Windows Live
    2009-11-06 19:07 . 2009-11-06 19:07 -------- d-----w- c:\program files\Microsoft
    2009-11-06 19:07 . 2009-11-06 19:07 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-11-06 19:01 . 2009-11-06 19:01 -------- d-----w- c:\program files\Fichiers communs\Windows Live
    2009-11-01 16:35 . 2009-11-01 16:35 15240 ------w- c:\documents and settings\administrateur2\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    2009-10-31 20:22 . 2004-08-05 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
    2009-10-29 07:42 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 17:01 . 2009-10-20 17:01 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
    2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\winlogon.exe
    [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
    [7] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 . 2176257E2D5C71B238B95D8F1C4635FD . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\comctl32.dll
    [-] 2008-04-14 . 2176257E2D5C71B238B95D8F1C4635FD . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2004-08-05 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

    [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\VistaMizer\old\ntoskrnl.exe
    [7] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [7] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [7] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [7] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
    [7] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [7] 2008-08-14 . 449566D74B5C261A3A54AA216F0C532B . 2182400 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [7] 2008-08-14 . C6649255E51F145B6E15C505AB68E459 . 2188032 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
    [7] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    [7] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntoskrnl.exe
    [7] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntoskrnl.exe
    [7] 2004-08-05 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

    [-] 2008-04-14 . 543B0B5CB3737D17FEEB7FDC20B1A181 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\user32.dll
    [-] 2008-04-14 . 543B0B5CB3737D17FEEB7FDC20B1A181 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
    [7] 2004-08-05 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

    [-] 2008-04-14 . E7F63819E78A8C4BB43657472BCEF2C3 . 1556480 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . E7F63819E78A8C4BB43657472BCEF2C3 . 1556480 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
    [-] 2004-08-05 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

    [-] 2008-04-14 . 6F88A39FD32BF0BE9D0BC0FD4090E9EB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
    [-] 2008-04-14 . 6F88A39FD32BF0BE9D0BC0FD4090E9EB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
    [7] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

    [7] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
    [7] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
    [7] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [7] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [7] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [7] 2008-08-14 . F9720D61DF1E3E47614C4FC891F3FE44 . 2059776 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [7] 2008-08-14 . DCBC1A6D150B5EE1BD6257186157B0F3 . 2065024 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
    [7] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    [7] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntkrnlpa.exe
    [7] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntkrnlpa.exe
    [7] 2004-08-05 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TransBar"="c:\documents and settings\administrateur2\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
    backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
    backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDP]
    2007-08-10 13:23 81920 ----a-w- c:\program files\Hercules\DualPix Exchange\CamService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1832448 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    2007-12-14 15:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=

    R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [30/11/2008 21:22 94208]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [04/12/2009 19:35 27632]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
    S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [04/12/2009 19:05 90280]
    S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [25/05/2009 12:34 15016]
    S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [25/05/2009 12:34 122280]
    S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [04/12/2009 19:05 115880]
    S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [04/12/2009 19:05 26024]
    S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [04/12/2009 19:05 111912]
    S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [04/12/2009 19:05 116904]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\administrateur2\Application Data\Mozilla\Firefox\Profiles\29zqzeoe.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-wsctf.exe - wsctf.exe
    MSConfigStartUp-HomePlayer - c:\program files\HomePlayer\HomePlayer.exe
    AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-03 23:06
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\1.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(576)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(632)
    c:\windows\system32\scecli.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\psbase.dll

    - - - - - - - > 'explorer.exe'(2716)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\MSVCP60.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-03 23:17:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-03 22:17

    Avant-CF: 51 712 712 704 octets libres
    Après-CF: 54 306 050 048 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - C9CCE742D39C343084F7FAAF12875141
    0
    1. Utilisateur anonyme
       
      combofix a supprimé le brontok, il faudrai voir avec ep44
      0
  13. Youcef69 Messages postés 42 Statut Membre
     
    Oki merci mais il ne repond plus
    0
    1. Utilisateur anonyme
       
      Refait un RSIT
      0
    2. DePassage
       
      salut,

      visiblement tu n'as pas compris que ceux qui te répondent sont des bénévoles.

      Si tu es pressé, tu cherches un magasin spécialisé et tu payes la désinfection.
      0
  14. Youcef69 Messages postés 42 Statut Membre
     
    Merci de t'occuper de moi:
    log:Logfile of random's system information tool 1.06 (written by random/random)
    Run by administrateur2 at 2010-01-03 23:55:40
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 52 GB (68%) free of 76 GB
    Total RAM: 247 MB (7% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:56:32, on 03/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\administrateur2\Mes documents\Téléchargements\RSIT(3).exe
    C:\Program Files\trend micro\administrateur2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\administrateur2\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    0
    1. Utilisateur anonyme
       
      S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\mbr.sys []
      S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []

      ça m'a pas l'air sain ceci, tu verras avec ep44

      Met à jour ton Malwarebytes et fait un scan complet
      0
  15. Youcef69 Messages postés 42 Statut Membre
     
    DE LAIDE SVP
    0
    1. Utilisateur anonyme
       
      bonjour
      S'il te plait, n'écrit pas en majuscule, comme l'a dit lepetitmarocain, sache que nous sommes bénévoles et que nous avons une vie à coté
      quels sont tes problèmes en ce moment ?
      0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir Youcef69,

    Excuse moi je ne t'ai pas oublié juste que je suis très pris en ce moment désolé pour ton attente

    pour la suite

    ● sélectionne ceci

    KillAll::
    
    File::
    c:\documents and settings\Administrateur\Local Settings\Application Data\Loc.Mail.Bron.Tok       
    c:\documents and settings\Administrateur\Local Settings\Application Data\Ok-SendMail-Bron-tok       
    c:\documents and settings\sidahmed\Local Settings\Application Data\Loc.Mail.Bron.Tok       
    c:\documents and settings\sidahmed\Local Settings\Application Data\Ok-SendMail-Bron-tok       
    c:\documents and settings\admin\Local Settings\Application Data\Loc.Mail.Bron.Tok       
    c:\documents and settings\admin\Local Settings\Application Data\Ok-SendMail-Bron-tok          
    C:\27c646bc3aa0da8bfa246413f04792cd       
    C:\e8a4a7bceae06555a2       
    


    ● Copie le texte sélectionné (CTRL+C).
    ● Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    ● Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    ● Colle le texte copié dans ce bloc-notes (CTRL+V).
    ● Sauvegarde ce fichier sous le nom de CFScript.txt
    ● Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif
    ● Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    ● Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    ● Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    Ensuite

    ● Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    ● Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    Ensuite

    ● Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    ● Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    ● Installe le
    ● Lance malwarebytes
    ● Coche "Executer un examen complet"
    ● Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    ● Clique sur Supprimer la sélection
    ● Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    ● Fait copier coller et poste le rapport
    0
  17. Youcef69 Messages postés 42 Statut Membre
     
    Merci de me repondre je tenvoi le rapport combofix

    ComboFix 10-01-04.01 - administrateur2 05/01/2010 19:39:12.2.1 - x86
    Lancé depuis: c:\documents and settings\administrateur2\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\administrateur2\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "C:\27c646bc3aa0da8bfa246413f04792cd"
    "c:\documents and settings\admin\Local Settings\Application Data\Loc.Mail.Bron.Tok"
    "c:\documents and settings\admin\Local Settings\Application Data\Ok-SendMail-Bron-tok"
    "c:\documents and settings\Administrateur\Local Settings\Application Data\Loc.Mail.Bron.Tok"
    "c:\documents and settings\Administrateur\Local Settings\Application Data\Ok-SendMail-Bron-tok"
    "c:\documents and settings\sidahmed\Local Settings\Application Data\Loc.Mail.Bron.Tok"
    "c:\documents and settings\sidahmed\Local Settings\Application Data\Ok-SendMail-Bron-tok"
    "C:\e8a4a7bceae06555a2"
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-04 11:06 . 2010-01-04 11:06 -------- d-----w- c:\documents and settings\administrateur2\Application Data\thecleaner
    2010-01-02 22:05 . 2010-01-02 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-01-02 14:41 . 2010-01-02 14:41 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Malwarebytes
    2010-01-02 14:18 . 2010-01-02 14:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-01-02 14:18 . 2010-01-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-01 21:02 . 2010-01-01 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-12-21 12:11 . 2009-12-21 12:12 -------- d-----w- c:\documents and settings\sidahmed\Application Data\Apple Computer
    2009-12-19 09:39 . 2009-12-19 14:19 -------- d-----w- c:\documents and settings\admin\Application Data\Apple Computer
    2009-12-16 21:46 . 2009-12-16 21:47 888804 ----a-w- c:\documents and settings\administrateur2\Application Data\OpenCandy\audioro-ipod-converter.exe
    2009-12-16 21:46 . 2009-12-16 21:46 -------- d-----w- c:\documents and settings\administrateur2\Application Data\OpenCandy
    2009-12-16 18:55 . 2009-12-16 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-16 18:51 . 2009-12-16 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-12 20:57 . 2009-12-16 19:18 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-05 16:23 . 2008-11-30 20:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-04 17:08 . 2010-01-02 13:38 -------- d-----w- c:\program files\trend micro
    2010-01-04 17:03 . 2010-01-04 17:03 -------- d-----w- c:\program files\ZNsoft Corporation
    2010-01-04 16:45 . 2010-01-04 16:44 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
    2010-01-04 15:54 . 2010-01-04 15:53 -------- d-----w- c:\program files\RegCleaner
    2010-01-04 10:53 . 2010-01-03 19:14 -------- d-----w- c:\program files\CleanUp!
    2010-01-04 10:35 . 2009-04-27 17:32 -------- d-----r- c:\program files\Skype
    2010-01-04 10:35 . 2010-01-02 09:53 -------- d-----w- c:\program files\Sophos
    2010-01-04 09:39 . 2010-01-04 09:39 -------- d-----w- c:\program files\CCleaner
    2010-01-02 22:28 . 2010-01-02 22:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-01-02 22:05 . 2010-01-02 22:05 -------- d-----w- c:\program files\Avira
    2010-01-02 19:02 . 2010-01-01 21:06 -------- d-----w- c:\program files\Panda Security
    2010-01-02 16:40 . 2009-07-12 14:24 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Skype
    2010-01-02 16:40 . 2009-07-24 17:03 -------- d-----w- c:\documents and settings\administrateur2\Application Data\skypePM
    2010-01-02 12:48 . 2010-01-02 12:48 -------- d-----w- c:\program files\Fichiers communs\Skype
    2010-01-02 12:47 . 2009-04-27 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-01-02 10:28 . 2009-12-02 05:53 79488 ----a-w- c:\documents and settings\administrateur2\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-25 17:08 . 2009-08-04 21:47 -------- d-----w- c:\documents and settings\administrateur2\Application Data\dvdcss
    2009-12-21 07:50 . 2009-12-21 07:50 10056 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-19 22:31 . 2009-12-16 21:45 -------- d-----w- c:\program files\AviSynth 2.5
    2009-12-16 19:08 . 2009-12-16 18:55 -------- d-----w- c:\program files\iTunes
    2009-12-16 19:06 . 2009-12-04 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-16 18:56 . 2009-12-16 18:56 -------- d-----w- c:\program files\iPod
    2009-12-16 18:56 . 2009-12-16 18:46 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-12-16 18:53 . 2009-12-16 18:53 -------- d-----w- c:\program files\Bonjour
    2009-12-16 18:53 . 2009-12-16 18:51 -------- d-----w- c:\program files\QuickTime
    2009-12-12 20:14 . 2008-11-30 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-12 20:14 . 2009-07-15 16:01 -------- d-----w- c:\documents and settings\administrateur2\Application Data\Samsung
    2009-12-12 20:14 . 2008-12-05 20:24 -------- d-----w- c:\program files\Samsung
    2009-12-11 11:48 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
    2009-12-11 11:48 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
    2009-12-07 16:42 . 2009-12-01 14:42 79488 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-05 20:05 . 2009-12-05 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
    2009-12-05 19:59 . 2009-12-05 19:59 -------- d-----w- c:\documents and settings\admin\Application Data\Samsung
    2009-12-04 18:32 . 2009-12-04 17:55 -------- d-----w- c:\program files\Sony Ericsson
    2009-12-04 18:32 . 2009-12-04 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
    2009-12-04 18:31 . 2009-12-04 18:31 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
    2009-12-04 18:31 . 2009-12-04 18:30 -------- d-----w- c:\program files\Sony
    2009-12-04 18:31 . 2009-12-04 18:31 10134 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
    2009-12-04 18:30 . 2009-12-04 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-12-04 18:27 . 2009-12-04 18:26 -------- d-----w- c:\program files\Apple Software Update
    2009-12-04 18:26 . 2009-12-04 18:22 21935408 ----a-w- c:\documents and settings\admin\Application Data\Sony Setup\A189E68E-2253-4c3b-86B7-D77E36F13C55\QuickTimeInstaller.exe
    2009-12-04 18:22 . 2009-12-04 18:17 -------- d-----w- c:\documents and settings\admin\Application Data\Sony Setup
    2009-12-04 18:17 . 2009-12-04 18:17 -------- d-----w- c:\documents and settings\admin\Application Data\Sony
    2009-12-04 18:17 . 2009-12-04 18:17 -------- d-----w- c:\program files\Sony Setup
    2009-12-02 06:59 . 2009-12-01 17:59 79488 ----a-w- c:\documents and settings\sidahmed\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\documents and settings\admin\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\program files\TweetDeck
    2009-11-19 14:32 . 2009-11-19 14:32 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2009-11-19 14:29 . 2009-11-19 14:32 38208 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-19 14:29 . 2009-11-19 14:32 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-19 14:25 . 2009-08-12 23:50 1924440 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-11 15:39 . 2009-01-14 22:44 14600 ----a-w- c:\documents and settings\sidahmed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-10 17:19 . 2008-12-03 12:28 14600 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-07 21:19 . 2009-11-07 21:18 -------- d-----w- c:\program files\UltraMixer
    2009-11-06 19:11 . 2009-07-09 12:51 14600 ----a-w- c:\documents and settings\administrateur2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-06 19:10 . 2008-11-30 19:50 -------- d-----w- c:\program files\Windows Live
    2009-11-06 19:07 . 2009-11-06 19:07 -------- d-----w- c:\program files\Microsoft
    2009-11-06 19:07 . 2009-11-06 19:07 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-11-06 19:01 . 2009-11-06 19:01 -------- d-----w- c:\program files\Fichiers communs\Windows Live
    2009-11-01 16:35 . 2009-11-01 16:35 15240 ------w- c:\documents and settings\administrateur2\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    2009-10-31 20:22 . 2004-08-05 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
    2009-10-29 07:42 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 17:01 . 2009-10-20 17:01 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
    2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\winlogon.exe
    [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe

    [-] 2008-04-14 . 2176257E2D5C71B238B95D8F1C4635FD . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\comctl32.dll
    [-] 2008-04-14 . 2176257E2D5C71B238B95D8F1C4635FD . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\asms\60\msft\windows\common\controls\comctl32.dll

    [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
    [-] 2009-08-04 . 5CD86CD871166F7017C821BE4CC6CA64 . 2450560 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\VistaMizer\old\ntoskrnl.exe
    [7] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntoskrnl.exe
    [7] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntoskrnl.exe

    [-] 2008-04-14 . 543B0B5CB3737D17FEEB7FDC20B1A181 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\user32.dll
    [-] 2008-04-14 . 543B0B5CB3737D17FEEB7FDC20B1A181 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll

    [-] 2008-04-14 . E7F63819E78A8C4BB43657472BCEF2C3 . 1556480 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . E7F63819E78A8C4BB43657472BCEF2C3 . 1556480 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
    [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe

    [-] 2008-04-14 . 6F88A39FD32BF0BE9D0BC0FD4090E9EB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
    [-] 2008-04-14 . 6F88A39FD32BF0BE9D0BC0FD4090E9EB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe

    [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2009-08-04 . CC57C91DC2B6ADF816F468B98B25D78D . 2327424 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
    [7] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntkrnlpa.exe
    [7] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntkrnlpa.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TransBar"="c:\documents and settings\administrateur2\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=c:\documents and settings\admin\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=c:\windows\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
    backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
    backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDP]
    2007-08-10 13:23 81920 ----a-w- c:\program files\Hercules\DualPix Exchange\CamService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1832448 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    2007-12-14 15:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=

    R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [30/11/2008 21:22 94208]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [04/12/2009 19:35 27632]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
    S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [04/12/2009 19:05 90280]
    S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [25/05/2009 12:34 15016]
    S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [25/05/2009 12:34 122280]
    S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [04/12/2009 19:05 115880]
    S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [04/12/2009 19:05 26024]
    S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [04/12/2009 19:05 111912]
    S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [04/12/2009 19:05 116904]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\administrateur2\Application Data\Mozilla\Firefox\Profiles\29zqzeoe.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-05 19:52
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\1.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(580)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(636)
    c:\windows\system32\scecli.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\psbase.dll

    - - - - - - - > 'explorer.exe'(2096)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\MSVCP60.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-05 20:03:01 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-05 19:02
    ComboFix2.txt 2010-01-03 22:17

    Avant-CF: 54 380 503 040 octets libres
    Après-CF: 54 369 120 256 octets libres

    - - End Of File - - C4F292ECE0EBFFD7176E613696F64698
    0
  18. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Il te faut poster le reste

    @+
    0
  19. Youcef69 Messages postés 42 Statut Membre
     
    Malwarebytes' Anti-Malware 1.43
    Database version: 3497
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/01/2010 21:53:22
    mbam-log-2010-01-05 (21-53-22).txt

    Scan type: Full Scan (A:\|C:\|D:\|E:\|)
    Objects scanned: 205189
    Time elapsed: 1 hour(s), 23 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{C8FB9266-36FA-4B50-98BA-37DCE9761522}\RP3\A0009086.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C8FB9266-36FA-4B50-98BA-37DCE9761522}\RP3\A0009155.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C8FB9266-36FA-4B50-98BA-37DCE9761522}\RP3\A0009323.sys (Malware.Trace) -> Quarantined and deleted successfully.
    0
  20. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Très bien des points de restauration supprimé

    POur vérifier reposte stp un raport rsit
    0
    1. Youcef69 Messages postés 42 Statut Membre
       
      Voici rapport RSIT et merci encore une fois de m'aider grace a toi
      mon ordinateur est mieux qu'avant :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by administrateur2 at 2010-01-06 16:34:49
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 52 GB (68%) free of 76 GB
      Total RAM: 247 MB (12% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:35:29, on 06/01/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\administrateur2\Mes documents\Téléchargements\RSIT(4).exe
      C:\Program Files\trend micro\administrateur2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.windows.fr/ie8/bienvenue
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\administrateur2\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
      O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)" -"http://www8.agame.com/..."
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
      O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
      0
  • 1
  • 2