À l'aide. Infecté par malwares (je crois)...

Résolu
BibiRouge Messages postés 20 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Cela fait quelque temps que je suis infecté. J'ai essayer de trouver des solutions sur internet, j'ai téléchargé Malwarebytes, cclener, et autres, mais, bien qu'à chaque fois ça a aidé un peu, rien n'a éliminer les problèmes. Je n'arrive plus à mettre à jour mon antivirus (eTrust) ni à mettre à jour Windows.

Si quelqu'un pourrait m'aider, j'apprécierais !

Voici mon rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:30, on 2011-03-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\mshta.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ws&s={searchTerms}&f=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0061215
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Service RPC eTrust ITM (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: Service en temps réel eTrust ITM (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: Service des jobs eTrust ITM (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

--
End of file - 7594 bytes

Merci infiniement !

32 réponses

  • 1
  • 2
  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Okey, on va faire le ménage.

    ▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

    ▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    KillAll::
    
    :File
    
    c:\documents and settings\Yvette\Application Data\*.bat
    c:\documents and settings\Yvette\Application Data\*.js
    C:\Hijackthis 
    
    


    ▶ Enregistre ce fichier sous le nom CFScript

    ▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

    ▶ Combofix se lance, laisse toi guider..

    ▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

    ▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Ensuite j'aimerais vérifier un truc:

    ▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
    ▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
    dessus, et sur exécuter en tant qu'administrateur)
    ▶ Clique sur Start Scan
    ▶ Si l'outil a trouvé des éléments, choisi Cure,
    puis sur Reboot Now
    ▶ Le PC va redémarrer, et un rapport va s'ouvrir
    ▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
    N° de version_Date_Heure_log.txt
    )

    ++
    1
  2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut :)

    Hijackthis est obsolète par contre j ai cru voir l'adware bandoo ! c est un publiciel !

    Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

    http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
    OU
    https://www.androidworld.fr/ ( Miroir )

    /!\ Ferme toutes applications en cours /!\

    ▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ▶ Sur la page, clique sur le bouton « Nettoyer »
    ▶ Confirme lancement du scan
    ▶ Laisse travailler l'outil.
    ▶ Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Pour un diagnostic beaucoup plus complet:
    ▶ Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    ▶ Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    ▶ Lance OTL
    ▶ Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    CREATERESTOREPOINT
    nslookup www.google.fr /c 

    ▶ Clique sur le bouton Analyse.
    ▶ Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
    Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.

    @+
    0
  3. BibiRouge Messages postés 20 Statut Membre
     
    Merci, je remet un post quand c'est fait !
    0
  4. BibiRouge Messages postés 20 Statut Membre
     
    Bonjour juju666,

    Alors, voilà d'abord pour AD Remover, voici le log:

    ======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 01/03/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:36:04 on 08/03/2011, Normal boot

    Microsoft Windows XP Professional Service Pack 3 (X86)
    BibiRouge ( )

    ============== ACTION(S) ==============

    (!) -- Temporary files deleted.

    Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
    Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
    Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
    Key deleted: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
    Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Key deleted: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key deleted: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
    Key deleted: HKLM\Software\Classes\BandooCore.BandooCore
    Key deleted: HKLM\Software\Classes\BandooCore.BandooCore.1
    Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr
    Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
    Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr
    Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr.1
    Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr
    Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr.1
    Key deleted: HKLM\Software\Classes\AppID\BandooCore.EXE
    Key deleted: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key deleted: HKLM\Software\bandoo
    Key deleted: HKU\.DEFAULT\Software\DataMngr
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

    Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}

    ============== ADDITIONNAL SCAN ==============

    **** Mozilla Firefox Version [3.0.3 (fr)] ****

    Searchplugins\fcmdSrchws.xml (hxxp://start.facemoods.com/?a=ws&f=4&q={searchTerms}/)
    Components\aboutRobots.js
    Components\nsPostUpdateWin.js

    -- C:\Documents and Settings\BibiRouge\Application Data\Mozilla\FireFox\Profiles\cvf5r5bs.default --
    Prefs.js - browser.download.dir, C:\\Documents and Settings\\BibiRouge\\My Documents\\My Received Files
    Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3

    -- C:\Documents and Settings\Yvette\Application Data\Mozilla\FireFox\Profiles\d7y1czic.default --
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3

    ========================================

    **** Internet Explorer Version [8.0.6001.18702] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
    HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar2user.exe (?)
    HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL)
    BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
    BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} (?)
    BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\BAE\BAE.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
    C:\Program Files\Ad-Remover\Backup: 13 File(s)

    C:\Ad-Report-CLEAN[1].txt - 08/03/2011 11:36:20 (2628 Byte(s))

    End at: 11:37:58, 08/03/2011

    ============== E.O.F ==============

    Et voici les liens pour OTL:

    OTL.txt
    https://pjjoint.malekal.com/files.php?id=e604e379c268

    Et Extras.txt
    https://pjjoint.malekal.com/files.php?id=f5a7bb45fe1415

    Bon je crois que c'est tout.

    Merci encore pour ton aide et la rapidité de tes réponses !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ok vu :)

    Tu es infecté d'un rogue (faux logiciel de sécurité) ou étais ?

    Télécharge sur le bureau RogueKiller (par tigzy)

    ▶ Quitte tous tes programmes en cours
    ▶ Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
    ▶ Lance RogueKiller.exe.
    ▶ Lorsque demandé, tape 1 et valide
    ▶ Si le programme demande pour supprimer le proxy, tape 2 si tu es sûr que ce n'est pas toi qui l'a mis, sinon tape 1
    ▶ Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    ▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.

    Suivi de:

    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    /!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

    tutoriel combofix

    ▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\

    ▶ Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    ▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets internet)

    ▶ Mets-le en langue française F

    ▶ Tape sur la touche 1 (Yes) pour démarrer le scan.


    ▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC


    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    ▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    ▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    ▶ Note : Le rapport se trouve également là : C:\ComboFix.txt

    @+
    .::. Membre Contributeur Commentçamarche .::.
    0
  7. BibiRouge Messages postés 20 Statut Membre
     
    Merci, je m'y met !
    0
  8. BibiRouge Messages postés 20 Statut Membre
     
    D'abord, merci pout tout, je peux déjà faire mes Mises à jour Widows ; ) !

    Alors, voici déjà le Rogue Killer:

    RogueKiller V4.2.0 by Tigzy
    contact at https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Feedback: https://www.luanagames.com/index.fr.html

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: BibiRouge [Admin rights]
    Mode: Scan -- Date : 03/08/2011 13:30:02

    Bad processes: 0

    Registry Entries: 0

    HOSTS File:
    127.0.0.1 localhost
    127.0.0.1 www.8minutedating.com
    127.0.0.1 whysohardx.com
    127.0.0.1 protectyourpc-11.com
    127.0.0.1 checkserverstatux.com
    127.0.0.1 xinmin.cn
    127.0.0.1 xy95.cn
    127.0.0.1 koralda.com
    127.0.0.1 weirden.com
    127.0.0.1 nanocloudcontroller.com
    127.0.0.1 coo0lnet.net

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    Et voilà pour ComboFix:

    ComboFix 11-03-07.07 - BibiRouge 2011-03-08 13:50:42.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.603 [GMT -5:00]
    Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
    AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\BibiRouge\Application Data\facemoods.com
    c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4
    c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\enemies-names.txt
    c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\local.ini
    c:\documents and settings\NetworkService\Application Data\Adobe\plugs
    c:\documents and settings\NetworkService\Application Data\fkNoLR.exe
    c:\documents and settings\NetworkService\Application Data\searchqutb
    c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini
    c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat
    c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml
    c:\hijackthis\Hijackthis.exe
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\drivers\sst12.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
    2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
    2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
    2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
    2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
    2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
    2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
    2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
    2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
    2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
    2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
    2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
    2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
    2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
    2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
    2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
    2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
    2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
    2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
    2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
    2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
    2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
    2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
    2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
    2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
    2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
    2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
    2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
    2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
    2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
    2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
    2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
    2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
    2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
    2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
    2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
    2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
    2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
    2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
    2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
    2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
    2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
    2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
    2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
    2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
    2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
    2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
    2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
    2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
    2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
    2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
    2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
    2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
    2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-31 18:41 . 2011-01-31 18:41 73216 ----a-w- c:\windows\system32\drivers\10033.sys
    2011-01-26 15:27 . 2011-01-26 15:27 88 ----a-w- C:\asdfasfas.bat
    2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ------- Sigcheck -------
    .
    [7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    [7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
    .
    c:\windows\System32\spoolsv.exe ... manque !!
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
    "nwiz"="nwiz.exe" [2006-08-23 1617920]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 rvyakrwqr;rvyakrwqr; [x]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    Trusted Zone: microsoft.com\www.update
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
    Toolbar-Locked - (no file)
    Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    AddRemove-HijackThis - c:\hijackthis\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-08 13:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    Heure de fin: 2011-03-08 13:59:04
    ComboFix-quarantined-files.txt 2011-03-08 18:58

    .
    Avant-CF: 58 781 495 296 bytes free
    Après-CF: 58 963 312 640 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    ;
    ;Warning: Boot.ini is used on Windows XP and earlier operating systems.
    ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
    ;
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /NOEXECUTE=OPTIN /FASTDETECT
    .
    - - End Of File - - 17D839667B3324113A71D85522656A93

    Encore merci, je reste à l'écoute pour savoir si je suis encore infecté...
    0
  9. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ouais t'es même TRES infecté.

    ▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

    CE SCRIPT A ETE REDIGE POUR CET INTERNAUTE, NE PAS REPRODUIRE SUR UN AUTRE ORDINATEUR !!!


    ▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    KillAll::
    
    
    FCopy::
    c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe
    
    File::
    C:\Hijackthis
    c:\windows\system32\drivers\10033.sys 
    C:\asdfasfas.bat 
    
    


    ▶ Enregistre ce fichier sous le nom CFScript

    ▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

    ▶ Combofix se lance, laisse toi guider..

    ▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

    ▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ensuite:

    ▶ Rentre dans ton panneau de configuration....
    ▶ Apparence et personnalisation...
    ▶ Option des dossiers...(double cliquer dessus)
    ▶ Dans l'onglet affichage un peu plus bas où il est indiqué "Afficher les dossiers et fichiers cachés": Coche cette option
    ▶ Encore plus bas : Masquer les fichiers protégés du système d'exploitation (recommandé) : à décocher.

    ▶ ▶ ensuite rends toi sur ce lien:
    https://www.virustotal.com/gui/

    (si virustotal ne fonctionne pas: https://virusscan.jotti.org/fr

    ▶ Là où il est indiqué "envoyer le fichier", Clique sur "parcourir"
    recherche les entrées suivante dans ton disque :

    c:\documents and settings\NetworkService\Application Data\6611.bat  
         
    


    ▶ Si une fenêtre apparait disant, "Le fichier à déjà été Analysé", Alors clique sur Réanalyser le fichier maintenant

    ▶ Copie et colle le lien de ta barre d'adresse ici, après que l'analyse soit terminée
    0
  11. BibiRouge Messages postés 20 Statut Membre
     
    Voilà déjà le ComboFix:

    ComboFix 11-03-08.01 - BibiRouge 2011-03-08 14:40:11.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.538 [GMT -5:00]
    Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
    Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
    AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    FILE ::
    "C:\asdfasfas.bat"
    "C:\Hijackthis"
    "c:\windows\system32\drivers\10033.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\asdfasfas.bat
    c:\windows\system32\drivers\10033.sys
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
    2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
    2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
    2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
    2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
    2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
    2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
    2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
    2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
    2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
    2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
    2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
    2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
    2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
    2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
    2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
    2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
    2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
    2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
    2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
    2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
    2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
    2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
    2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
    2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
    2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
    2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
    2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
    2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
    2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
    2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
    2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
    2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
    2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
    2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
    2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
    2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
    2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
    2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
    2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
    2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
    2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
    2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
    2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
    2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
    2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
    2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
    2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
    2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
    2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
    2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
    2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
    2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
    2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
    2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
    2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
    2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
    "nwiz"="nwiz.exe" [2006-08-23 1617920]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 rvyakrwqr;rvyakrwqr; [x]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    Trusted Zone: microsoft.com\www.update
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-08 14:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(1404)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\CA\SharedComponents\iTechnology\igateway.exe
    c:\program files\CA\eTrustITM\InoRpc.exe
    c:\program files\CA\eTrustITM\InoRT.exe
    c:\program files\CA\eTrustITM\InoTask.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\stsystra.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-03-08 14:48:48 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-03-08 19:48
    ComboFix2.txt 2011-03-08 18:59
    .
    Avant-CF: 58 956 877 824 bytes free
    Après-CF: 58 947 092 480 bytes free
    .
    - - End Of File - - E2281C69DAF7CE38ECE3805D67BA3F19

    Et je m'y met pour le control panel !

    Merci encore !
    0
  12. BibiRouge Messages postés 20 Statut Membre
     
    Et voilà l'URL de Virus Total:

    http://www.virustotal.com/file-scan/report.html?id=17cbd42e2ceadbcdfde0fffe4ba2c844012eb36b877f9f750bd32c622841d168-1299615156
    0
  13. BibiRouge Messages postés 20 Statut Membre
     
    Salut !

    Alors, pour le ComboFix:

    ComboFix 11-03-08.01 - BibiRouge 2011-03-08 15:40:13.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.420 [GMT -5:00]
    Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
    Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
    AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
    2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
    2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
    2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
    2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
    2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
    2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
    2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
    2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
    2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
    2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
    2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
    2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
    2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
    2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
    2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
    2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
    2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
    2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
    2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
    2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
    2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
    2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
    2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
    2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
    2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
    2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
    2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
    2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
    2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
    2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
    2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
    2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
    2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
    2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
    2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
    2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
    2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
    2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
    2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
    2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
    2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
    2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
    2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
    2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
    2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
    2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
    2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
    2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
    2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
    2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
    2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
    2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
    2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
    2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
    2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
    2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-08 20:45 . 2011-03-08 20:45 16384 c:\windows\temp\Perflib_Perfdata_e0.dat
    + 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
    - 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
    + 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
    + 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
    - 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
    + 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
    + 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
    "nwiz"="nwiz.exe" [2006-08-23 1617920]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 rvyakrwqr;rvyakrwqr; [x]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    Trusted Zone: microsoft.com\www.update
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-08 15:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(3200)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\CA\SharedComponents\iTechnology\igateway.exe
    c:\program files\CA\eTrustITM\InoRpc.exe
    c:\program files\CA\eTrustITM\InoRT.exe
    c:\program files\CA\eTrustITM\InoTask.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\stsystra.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-03-08 15:48:49 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-03-08 20:48
    ComboFix2.txt 2011-03-08 19:48
    ComboFix3.txt 2011-03-08 18:59
    .
    Avant-CF: 58 813 235 200 bytes free
    Après-CF: 58 813 370 368 bytes free
    .
    - - End Of File - - 367AA348059A979DFA6F5F40BD1D5CE8

    Et pour le TDSS Killer

    2011/03/08 15:50:45.0796 3636 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/08 15:50:46.0031 3636 ================================================================================
    2011/03/08 15:50:46.0031 3636 SystemInfo:
    2011/03/08 15:50:46.0031 3636
    2011/03/08 15:50:46.0031 3636 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/08 15:50:46.0031 3636 Product type: Workstation
    2011/03/08 15:50:46.0031 3636 ComputerName: D2YZJ8C1
    2011/03/08 15:50:46.0031 3636 UserName: BibiRouge
    2011/03/08 15:50:46.0031 3636 Windows directory: C:\WINDOWS
    2011/03/08 15:50:46.0031 3636 System windows directory: C:\WINDOWS
    2011/03/08 15:50:46.0031 3636 Processor architecture: Intel x86
    2011/03/08 15:50:46.0031 3636 Number of processors: 1
    2011/03/08 15:50:46.0031 3636 Page size: 0x1000
    2011/03/08 15:50:46.0031 3636 Boot type: Normal boot
    2011/03/08 15:50:46.0031 3636 ================================================================================
    2011/03/08 15:50:46.0343 3636 Initialize success
    2011/03/08 15:50:58.0656 3008 ================================================================================
    2011/03/08 15:50:58.0656 3008 Scan started
    2011/03/08 15:50:58.0656 3008 Mode: Manual;
    2011/03/08 15:50:58.0656 3008 ================================================================================
    2011/03/08 15:50:59.0765 3008 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/03/08 15:50:59.0906 3008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/08 15:50:59.0968 3008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/08 15:51:00.0015 3008 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/03/08 15:51:00.0109 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/08 15:51:00.0234 3008 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/08 15:51:00.0296 3008 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/03/08 15:51:00.0343 3008 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/03/08 15:51:00.0406 3008 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/03/08 15:51:00.0468 3008 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/03/08 15:51:00.0531 3008 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/03/08 15:51:00.0609 3008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/03/08 15:51:00.0656 3008 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/03/08 15:51:00.0687 3008 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/03/08 15:51:00.0796 3008 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/03/08 15:51:00.0843 3008 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/03/08 15:51:00.0921 3008 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/03/08 15:51:00.0953 3008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/03/08 15:51:01.0015 3008 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/03/08 15:51:01.0125 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/08 15:51:01.0234 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/08 15:51:01.0312 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/08 15:51:01.0375 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/08 15:51:01.0437 3008 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/03/08 15:51:01.0484 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/08 15:51:01.0578 3008 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/03/08 15:51:01.0609 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/08 15:51:01.0640 3008 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/03/08 15:51:01.0718 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/08 15:51:01.0781 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/08 15:51:01.0890 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/08 15:51:01.0968 3008 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/03/08 15:51:02.0031 3008 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/03/08 15:51:02.0109 3008 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/03/08 15:51:02.0156 3008 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/03/08 15:51:02.0218 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/08 15:51:02.0281 3008 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/03/08 15:51:02.0343 3008 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/03/08 15:51:02.0390 3008 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/03/08 15:51:02.0421 3008 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/03/08 15:51:02.0453 3008 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/03/08 15:51:02.0484 3008 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/03/08 15:51:02.0531 3008 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/03/08 15:51:02.0562 3008 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/03/08 15:51:02.0593 3008 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/03/08 15:51:02.0781 3008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/08 15:51:02.0890 3008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/08 15:51:02.0953 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/08 15:51:03.0046 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/08 15:51:03.0125 3008 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/03/08 15:51:03.0171 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/08 15:51:03.0250 3008 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/03/08 15:51:03.0312 3008 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/03/08 15:51:03.0421 3008 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/03/08 15:51:03.0546 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/08 15:51:03.0609 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/08 15:51:03.0703 3008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/08 15:51:03.0765 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/08 15:51:03.0875 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/03/08 15:51:03.0953 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/08 15:51:04.0031 3008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/08 15:51:04.0125 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/08 15:51:04.0187 3008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/03/08 15:51:04.0250 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/08 15:51:04.0312 3008 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/03/08 15:51:04.0375 3008 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    2011/03/08 15:51:04.0515 3008 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/03/08 15:51:04.0625 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/08 15:51:04.0687 3008 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/03/08 15:51:04.0765 3008 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/03/08 15:51:04.0843 3008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/08 15:51:04.0937 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/08 15:51:04.0984 3008 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/03/08 15:51:05.0062 3008 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
    2011/03/08 15:51:05.0171 3008 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
    2011/03/08 15:51:05.0250 3008 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/03/08 15:51:05.0312 3008 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/03/08 15:51:05.0375 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/03/08 15:51:05.0406 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/08 15:51:05.0437 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/08 15:51:05.0484 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/08 15:51:05.0578 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/08 15:51:05.0640 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/08 15:51:05.0718 3008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/08 15:51:05.0765 3008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/08 15:51:05.0796 3008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/08 15:51:05.0875 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/08 15:51:05.0984 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/08 15:51:06.0093 3008 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/03/08 15:51:06.0171 3008 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/03/08 15:51:06.0218 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/08 15:51:06.0281 3008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/08 15:51:06.0328 3008 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/03/08 15:51:06.0375 3008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/08 15:51:06.0437 3008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/03/08 15:51:06.0531 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/08 15:51:06.0593 3008 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/03/08 15:51:06.0671 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/08 15:51:06.0859 3008 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/08 15:51:06.0937 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/08 15:51:07.0000 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/08 15:51:07.0046 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/08 15:51:07.0109 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/08 15:51:07.0203 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/08 15:51:07.0312 3008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/08 15:51:07.0484 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/08 15:51:07.0531 3008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/08 15:51:07.0593 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/08 15:51:07.0656 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/08 15:51:07.0718 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/08 15:51:07.0796 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/08 15:51:07.0890 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/08 15:51:08.0031 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/08 15:51:08.0187 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/08 15:51:08.0250 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/08 15:51:08.0906 3008 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/08 15:51:10.0062 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/08 15:51:10.0125 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/08 15:51:10.0203 3008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/03/08 15:51:10.0281 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/08 15:51:10.0328 3008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/08 15:51:10.0421 3008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/08 15:51:10.0515 3008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/08 15:51:10.0593 3008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/08 15:51:10.0750 3008 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/03/08 15:51:10.0828 3008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/03/08 15:51:10.0921 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/08 15:51:10.0968 3008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/03/08 15:51:11.0031 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/08 15:51:11.0078 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/08 15:51:11.0125 3008 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/08 15:51:11.0171 3008 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/03/08 15:51:11.0218 3008 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/03/08 15:51:11.0296 3008 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/03/08 15:51:11.0343 3008 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/03/08 15:51:11.0390 3008 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/03/08 15:51:11.0437 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/08 15:51:11.0546 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/08 15:51:11.0593 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/08 15:51:11.0625 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/08 15:51:11.0718 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/08 15:51:11.0750 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/08 15:51:11.0796 3008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/08 15:51:11.0875 3008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/08 15:51:11.0921 3008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/08 15:51:12.0093 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/08 15:51:12.0156 3008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/08 15:51:12.0234 3008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/08 15:51:12.0296 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/08 15:51:12.0390 3008 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/03/08 15:51:12.0437 3008 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/03/08 15:51:12.0500 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/08 15:51:12.0562 3008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/08 15:51:12.0671 3008 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/08 15:51:12.0890 3008 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
    2011/03/08 15:51:13.0015 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/08 15:51:13.0078 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/08 15:51:13.0156 3008 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/03/08 15:51:13.0234 3008 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/03/08 15:51:13.0359 3008 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    2011/03/08 15:51:13.0421 3008 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/03/08 15:51:13.0468 3008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/03/08 15:51:13.0531 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/08 15:51:13.0687 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/08 15:51:13.0765 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/08 15:51:13.0828 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/08 15:51:13.0890 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/08 15:51:13.0984 3008 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/03/08 15:51:14.0062 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/08 15:51:14.0093 3008 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/03/08 15:51:14.0171 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/08 15:51:14.0250 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/08 15:51:14.0281 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/08 15:51:14.0328 3008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/03/08 15:51:14.0375 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/08 15:51:14.0437 3008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/08 15:51:14.0578 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/08 15:51:14.0656 3008 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/03/08 15:51:14.0703 3008 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/03/08 15:51:14.0812 3008 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/08 15:51:14.0828 3008 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
    2011/03/08 15:51:14.0890 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/08 15:51:14.0984 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/08 15:51:15.0140 3008 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/03/08 15:51:15.0328 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/08 15:51:15.0375 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/08 15:51:15.0453 3008 ================================================================================
    2011/03/08 15:51:15.0453 3008 Scan finished
    2011/03/08 15:51:15.0453 3008 ================================================================================
    2011/03/08 15:51:15.0453 0788 Detected object count: 1
    2011/03/08 15:51:46.0140 0788 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/08 15:51:46.0937 0788 Backup copy found, using it..
    2011/03/08 15:51:46.0968 0788 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
    2011/03/08 15:51:46.0968 0788 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
    2011/03/08 15:51:53.0093 3656 Deinitialize success

    Merci pour ton temps !
    0
  14. BibiRouge Messages postés 20 Statut Membre
     
    OK, voici le ComboFix bis:

    ComboFix 11-03-08.02 - BibiRouge 2011-03-08 16:37:29.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.555 [GMT -5:00]
    Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
    Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
    AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
    2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
    2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
    2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
    2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
    2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
    2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
    2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
    2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
    2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
    2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
    2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
    2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
    2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
    2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
    2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
    2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
    2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
    2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
    2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
    2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
    2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
    2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
    2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
    2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
    2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
    2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
    2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
    2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
    2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
    2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
    2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
    2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
    2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
    2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
    2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
    2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
    2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
    2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
    2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
    2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
    2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
    2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
    2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
    2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
    2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
    2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
    2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
    2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
    2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
    2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
    2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
    2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
    2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
    2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
    2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 15:15 . 2005-08-16 10:18 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2005-08-16 10:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2005-08-16 10:18 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
    "nwiz"="nwiz.exe" [2006-08-23 1617920]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 rvyakrwqr;rvyakrwqr; [x]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    Trusted Zone: microsoft.com\www.update
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    SafeBoot-klmdb.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-08 16:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(2264)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\CA\SharedComponents\iTechnology\igateway.exe
    c:\program files\CA\eTrustITM\InoRpc.exe
    c:\program files\CA\eTrustITM\InoRT.exe
    c:\program files\CA\eTrustITM\InoTask.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\stsystra.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-03-08 16:46:32 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-03-08 21:46
    ComboFix2.txt 2011-03-08 20:48
    ComboFix3.txt 2011-03-08 19:48
    ComboFix4.txt 2011-03-08 18:59
    .
    Avant-CF: 58 589 298 688 bytes free
    Après-CF: 58 575 511 552 bytes free
    .
    - - End Of File - - B8DD279240CDE887079E54EDC9DBBAA1

    J'espère que ça a fonctionné cette fois O_o
    0
  15. BibiRouge Messages postés 20 Statut Membre
     
    Je quittes pour la soirée, merci pour ton temps et on se reparle demain !

    BibiRouge
    0
  16. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bon me revoilà j'ai buggué :\

    Demain tu feras ça (si ça marche toujours pas ! je comprends pas...)

    ▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

    ▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    KillAll::
    
    FILE::
    c:\documents and settings\NetworkService\Application Data\6611.bat
    c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    c:\documents and settings\NetworkService\Application Data\4150.bat
    c:\documents and settings\NetworkService\Application Data\HQClmm.js
    c:\documents and settings\NetworkService\Application Data\517.bat
    c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    c:\documents and settings\NetworkService\Application Data\1838.bat
    c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    c:\documents and settings\NetworkService\Application Data\8774.bat
    c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    c:\documents and settings\NetworkService\Application Data\115.bat
    c:\documents and settings\NetworkService\Application Data\xcT9U.js
    c:\documents and settings\NetworkService\Application Data\2556.bat
    c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    c:\documents and settings\NetworkService\Application Data\928.bat
    c:\documents and settings\NetworkService\Application Data\ngOxj.js
    c:\documents and settings\NetworkService\Application Data\2692.bat
    c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    c:\documents and settings\NetworkService\Application Data\3148.bat
    c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    c:\documents and settings\NetworkService\Application Data\3797.bat
    c:\documents and settings\NetworkService\Application Data\krWEFc.js
    c:\documents and settings\NetworkService\Application Data\3960.bat
    c:\documents and settings\NetworkService\Application Data\FAdO5.js
    c:\documents and settings\NetworkService\Application Data\729.bat
    c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    c:\documents and settings\NetworkService\Application Data\2768.bat
    c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    c:\documents and settings\NetworkService\Application Data\5363.bat
    c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    c:\documents and settings\NetworkService\Application Data\3034.bat
    c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    c:\documents and settings\NetworkService\Application Data\1842.bat
    c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    c:\documents and settings\NetworkService\Application Data\3861.bat
    c:\documents and settings\NetworkService\Application Data\ao25uY.js
    c:\documents and settings\NetworkService\Application Data\4.bat
    c:\documents and settings\NetworkService\Application Data\9430.bat
    c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    c:\documents and settings\NetworkService\Application Data\8819.bat
    c:\documents and settings\NetworkService\Application Data\M87LF.js
    c:\documents and settings\NetworkService\Application Data\105.bat
    c:\documents and settings\NetworkService\Application Data\eJE1O.js
    c:\documents and settings\Yvette\Application Data\1532.bat
    c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    c:\documents and settings\Yvette\Application Data\9448.bat
    c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    c:\documents and settings\NetworkService\Application Data\6137.bat
    c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    c:\documents and settings\NetworkService\Application Data\6628.bat
    c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    c:\documents and settings\NetworkService\Application Data\9327.bat
    c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    c:\documents and settings\NetworkService\Application Data\2786.bat
    c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    c:\documents and settings\NetworkService\Application Data\6699.bat
    c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    c:\documents and settings\NetworkService\Application Data\784.bat
    c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    c:\documents and settings\NetworkService\Application Data\4826.bat
    c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    c:\documents and settings\NetworkService\Application Data\7826.bat
    c:\documents and settings\NetworkService\Application Data\SMa08V.js
    c:\documents and settings\NetworkService\Application Data\5507.bat
    c:\documents and settings\NetworkService\Application Data\c8GTP.js
    c:\documents and settings\NetworkService\Application Data\4102.bat
    c:\documents and settings\NetworkService\Application Data\BA3mY.js
    c:\documents and settings\NetworkService\Application Data\8189.bat
    c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    c:\documents and settings\NetworkService\Application Data\7674.bat
    c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    c:\documents and settings\LocalService\Application Data\MbBHPA.js
    c:\documents and settings\LocalService\Application Data\OgyAB.js
    
    Folder::
    c:\documents and settings\All Users\Application Data\hLdLkOe03100
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=-
    "SigmatelSysTrayApp"=-
    "Adobe Reader Speed Launcher"=-
    
    Driver::
    rvyakrwqr
    
    Firefox::
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] 
    
    


    ▶ Enregistre ce fichier sous le nom CFScript

    ▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

    ▶ Combofix se lance, laisse toi guider..

    ▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

    ▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    :) ++
    0
  17. BibiRouge Messages postés 20 Statut Membre
     
    Bonjour,

    Me revoilà aussi.

    Je vais faire les manipulations, à plus !
    0
  18. BibiRouge Messages postés 20 Statut Membre
     
    Je crois que ça a marché cette fois, il a eu l'air d'effecer ce qu'on lui demandait:

    ComboFix 11-03-08.08 - BibiRouge 2011-03-09 10:30:17.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.526 [GMT -5:00]
    Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
    Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
    AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    FILE ::
    "c:\documents and settings\LocalService\Application Data\MbBHPA.js"
    "c:\documents and settings\LocalService\Application Data\OgyAB.js"
    "c:\documents and settings\NetworkService\Application Data\105.bat"
    "c:\documents and settings\NetworkService\Application Data\115.bat"
    "c:\documents and settings\NetworkService\Application Data\1838.bat"
    "c:\documents and settings\NetworkService\Application Data\1842.bat"
    "c:\documents and settings\NetworkService\Application Data\2556.bat"
    "c:\documents and settings\NetworkService\Application Data\2692.bat"
    "c:\documents and settings\NetworkService\Application Data\2768.bat"
    "c:\documents and settings\NetworkService\Application Data\2786.bat"
    "c:\documents and settings\NetworkService\Application Data\3034.bat"
    "c:\documents and settings\NetworkService\Application Data\3148.bat"
    "c:\documents and settings\NetworkService\Application Data\3797.bat"
    "c:\documents and settings\NetworkService\Application Data\3861.bat"
    "c:\documents and settings\NetworkService\Application Data\3960.bat"
    "c:\documents and settings\NetworkService\Application Data\4.bat"
    "c:\documents and settings\NetworkService\Application Data\4102.bat"
    "c:\documents and settings\NetworkService\Application Data\4150.bat"
    "c:\documents and settings\NetworkService\Application Data\4826.bat"
    "c:\documents and settings\NetworkService\Application Data\517.bat"
    "c:\documents and settings\NetworkService\Application Data\5363.bat"
    "c:\documents and settings\NetworkService\Application Data\5507.bat"
    "c:\documents and settings\NetworkService\Application Data\6137.bat"
    "c:\documents and settings\NetworkService\Application Data\6611.bat"
    "c:\documents and settings\NetworkService\Application Data\6628.bat"
    "c:\documents and settings\NetworkService\Application Data\6699.bat"
    "c:\documents and settings\NetworkService\Application Data\729.bat"
    "c:\documents and settings\NetworkService\Application Data\7674.bat"
    "c:\documents and settings\NetworkService\Application Data\7826.bat"
    "c:\documents and settings\NetworkService\Application Data\784.bat"
    "c:\documents and settings\NetworkService\Application Data\8189.bat"
    "c:\documents and settings\NetworkService\Application Data\8774.bat"
    "c:\documents and settings\NetworkService\Application Data\8819.bat"
    "c:\documents and settings\NetworkService\Application Data\928.bat"
    "c:\documents and settings\NetworkService\Application Data\9327.bat"
    "c:\documents and settings\NetworkService\Application Data\9430.bat"
    "c:\documents and settings\NetworkService\Application Data\a2oxcIs.js"
    "c:\documents and settings\NetworkService\Application Data\ao25uY.js"
    "c:\documents and settings\NetworkService\Application Data\BA3mY.js"
    "c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js"
    "c:\documents and settings\NetworkService\Application Data\c8GTP.js"
    "c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js"
    "c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js"
    "c:\documents and settings\NetworkService\Application Data\dH2Pv.js"
    "c:\documents and settings\NetworkService\Application Data\E62LaWk.js"
    "c:\documents and settings\NetworkService\Application Data\eJE1O.js"
    "c:\documents and settings\NetworkService\Application Data\eUrKaZW.js"
    "c:\documents and settings\NetworkService\Application Data\FAdO5.js"
    "c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js"
    "c:\documents and settings\NetworkService\Application Data\HnsXUleV.js"
    "c:\documents and settings\NetworkService\Application Data\HQClmm.js"
    "c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js"
    "c:\documents and settings\NetworkService\Application Data\ikpNOW.js"
    "c:\documents and settings\NetworkService\Application Data\IzNfYS.js"
    "c:\documents and settings\NetworkService\Application Data\krWEFc.js"
    "c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js"
    "c:\documents and settings\NetworkService\Application Data\M87LF.js"
    "c:\documents and settings\NetworkService\Application Data\ngOxj.js"
    "c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js"
    "c:\documents and settings\NetworkService\Application Data\OTve6mO.js"
    "c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js"
    "c:\documents and settings\NetworkService\Application Data\skd19sWx.js"
    "c:\documents and settings\NetworkService\Application Data\SMa08V.js"
    "c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js"
    "c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js"
    "c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js"
    "c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js"
    "c:\documents and settings\NetworkService\Application Data\wKigw4uK.js"
    "c:\documents and settings\NetworkService\Application Data\xcT9U.js"
    "c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js"
    "c:\documents and settings\Yvette\Application Data\1532.bat"
    "c:\documents and settings\Yvette\Application Data\9448.bat"
    "c:\documents and settings\Yvette\Application Data\go1lGALDP.js"
    "c:\documents and settings\Yvette\Application Data\rkolud8nJ.js"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\hLdLkOe03100
    c:\documents and settings\All Users\Application Data\hLdLkOe03100\hLdLkOe03100
    c:\documents and settings\LocalService\Application Data\MbBHPA.js
    c:\documents and settings\LocalService\Application Data\OgyAB.js
    c:\documents and settings\NetworkService\Application Data\105.bat
    c:\documents and settings\NetworkService\Application Data\115.bat
    c:\documents and settings\NetworkService\Application Data\1838.bat
    c:\documents and settings\NetworkService\Application Data\1842.bat
    c:\documents and settings\NetworkService\Application Data\2556.bat
    c:\documents and settings\NetworkService\Application Data\2692.bat
    c:\documents and settings\NetworkService\Application Data\2768.bat
    c:\documents and settings\NetworkService\Application Data\2786.bat
    c:\documents and settings\NetworkService\Application Data\3034.bat
    c:\documents and settings\NetworkService\Application Data\3148.bat
    c:\documents and settings\NetworkService\Application Data\3797.bat
    c:\documents and settings\NetworkService\Application Data\3861.bat
    c:\documents and settings\NetworkService\Application Data\3960.bat
    c:\documents and settings\NetworkService\Application Data\4.bat
    c:\documents and settings\NetworkService\Application Data\4102.bat
    c:\documents and settings\NetworkService\Application Data\4150.bat
    c:\documents and settings\NetworkService\Application Data\4826.bat
    c:\documents and settings\NetworkService\Application Data\517.bat
    c:\documents and settings\NetworkService\Application Data\5363.bat
    c:\documents and settings\NetworkService\Application Data\5507.bat
    c:\documents and settings\NetworkService\Application Data\6137.bat
    c:\documents and settings\NetworkService\Application Data\6611.bat
    c:\documents and settings\NetworkService\Application Data\6628.bat
    c:\documents and settings\NetworkService\Application Data\6699.bat
    c:\documents and settings\NetworkService\Application Data\729.bat
    c:\documents and settings\NetworkService\Application Data\7674.bat
    c:\documents and settings\NetworkService\Application Data\7826.bat
    c:\documents and settings\NetworkService\Application Data\784.bat
    c:\documents and settings\NetworkService\Application Data\8189.bat
    c:\documents and settings\NetworkService\Application Data\8774.bat
    c:\documents and settings\NetworkService\Application Data\8819.bat
    c:\documents and settings\NetworkService\Application Data\928.bat
    c:\documents and settings\NetworkService\Application Data\9327.bat
    c:\documents and settings\NetworkService\Application Data\9430.bat
    c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
    c:\documents and settings\NetworkService\Application Data\ao25uY.js
    c:\documents and settings\NetworkService\Application Data\BA3mY.js
    c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
    c:\documents and settings\NetworkService\Application Data\c8GTP.js
    c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
    c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
    c:\documents and settings\NetworkService\Application Data\dH2Pv.js
    c:\documents and settings\NetworkService\Application Data\E62LaWk.js
    c:\documents and settings\NetworkService\Application Data\eJE1O.js
    c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
    c:\documents and settings\NetworkService\Application Data\FAdO5.js
    c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
    c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
    c:\documents and settings\NetworkService\Application Data\HQClmm.js
    c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
    c:\documents and settings\NetworkService\Application Data\ikpNOW.js
    c:\documents and settings\NetworkService\Application Data\IzNfYS.js
    c:\documents and settings\NetworkService\Application Data\krWEFc.js
    c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
    c:\documents and settings\NetworkService\Application Data\M87LF.js
    c:\documents and settings\NetworkService\Application Data\ngOxj.js
    c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
    c:\documents and settings\NetworkService\Application Data\OTve6mO.js
    c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
    c:\documents and settings\NetworkService\Application Data\skd19sWx.js
    c:\documents and settings\NetworkService\Application Data\SMa08V.js
    c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
    c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
    c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
    c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
    c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
    c:\documents and settings\NetworkService\Application Data\xcT9U.js
    c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
    c:\documents and settings\Yvette\Application Data\1532.bat
    c:\documents and settings\Yvette\Application Data\9448.bat
    c:\documents and settings\Yvette\Application Data\go1lGALDP.js
    c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RVYAKRWQR
    -------\Service_rvyakrwqr
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-09 au 2011-03-09 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
    2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
    2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
    2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
    2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
    2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
    2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
    2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2005-08-16 10:18 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-09 15:35 . 2011-03-09 15:35 16384 c:\windows\temp\Perflib_Perfdata_6b0.dat
    - 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    - 2005-08-16 10:18 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
    + 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
    - 2005-08-16 10:27 . 2010-12-20 18:10 294072 c:\windows\system32\FNTCACHE.DAT
    + 2005-08-16 10:27 . 2011-03-08 22:13 294072 c:\windows\system32\FNTCACHE.DAT
    + 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
    - 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
    + 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
    + 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
    + 2005-08-16 10:18 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
    - 2005-08-16 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
    + 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    + 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
    - 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
    - 2010-10-28 13:13 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
    + 2010-10-28 13:13 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
    + 2005-08-16 10:18 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
    - 2005-08-16 10:18 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
    + 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
    + 2004-08-04 04:59 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
    + 2008-10-16 17:30 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
    + 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
    - 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
    + 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
    + 2008-10-16 17:30 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
    "c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-02-09 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    .
    ------- Examen supplémentaire -------
    .
    Trusted Zone: microsoft.com\www.update
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 10:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(3248)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\CA\SharedComponents\iTechnology\igateway.exe
    c:\program files\CA\eTrustITM\InoRpc.exe
    c:\program files\CA\eTrustITM\InoRT.exe
    c:\program files\CA\eTrustITM\InoTask.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-03-09 10:39:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-03-09 15:39
    ComboFix2.txt 2011-03-08 21:46
    ComboFix3.txt 2011-03-08 20:48
    ComboFix4.txt 2011-03-08 19:48
    ComboFix5.txt 2011-03-09 15:19
    .
    Avant-CF: 58 462 076 928 bytes free
    Après-CF: 58 378 964 992 bytes free
    .
    - - End Of File - - 4651BEAA196F32C60CC4A3A3AA59E114

    Voilà, j'espère que c'est bon cette fois.

    Merci pour les scripts en passant !
    0
  19. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Eh ben voilà le ménage est fait ^^

    Nous allons effectuer un diagnostic de ton PC:
    Télécharge ZHPDiag sur ton bureau :

    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    ou :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    ou :
    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    ▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

    ▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    ▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    ▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
    http://pjjoint.malekal.com/

    Si indispo:
    http://www.cijoint.fr/
    ou :
    http://ww38.toofiles.com/fr/documents-upload.html
    ou :
    https://www.cjoint.com/
    ou :
    https://www.casimages.com/

    ▶ Tuto zhpdiag :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    Hébergement de rapport sur pjjoint.malekal.com

    ▶ Rends toi sur pjjoint.malekal.com
    ▶ Clique sur le bouton Parcourir
    ▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
    ▶ Clique sur le bouton Envoyer
    ▶ Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.

    @+
    0
  20. BibiRouge Messages postés 20 Statut Membre
     
    Milles fois merci ! Je commences les manips !
    0
  • 1
  • 2