Virus BHO-KD [Trj] AU SECOURS !!!!!!!!!!!!!!!
sytron
-
david20100 -
david20100 -
Bonjour,
je suis completement perdu avec ce foutu virus qui me pourri la vie pouvez vous m'aider ?????
voici lerapport de combofix ComboFix 08-01-03.3 - Perso 2008-01-04 18:50:27.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.174 [GMT 1:00]
Running from: C:\Documents and Settings\Perso\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 23:41 . 2008-01-02 23:41 318,369 --a------ C:\HiJackThis.zip
2008-01-02 22:33 . 2008-01-02 22:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-02 21:10 . 2008-01-02 21:10 <REP> d-------- C:\Program Files\Yahoo!
2008-01-02 21:10 . 2008-01-02 21:11 <REP> d-------- C:\Program Files\CCleaner
2008-01-02 19:27 . 2008-01-02 19:27 <REP> d-------- C:\Program Files\SafeSoft
2008-01-02 16:27 . 2008-01-04 18:04 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-02 16:27 . 2008-01-02 16:27 <REP> d-------- C:\Documents and Settings\Perso\Application Data\PC Tools
2008-01-02 16:27 . 2008-01-02 16:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-02 16:27 . 2008-01-02 16:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-02 16:27 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-02 16:27 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-02 16:26 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 10:37 . 2007-12-31 10:37 <REP> d-------- C:\Program Files\Magentic
2007-12-31 10:37 . 2007-10-09 13:42 745,547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr
2007-12-26 14:22 . 2007-12-26 14:31 <REP> d--h----- C:\LG3G
2007-12-24 18:20 . 2007-12-24 18:20 <REP> d-------- C:\Documents and Settings\simon\Application Data\DivX
2007-12-24 14:30 . 2007-12-24 14:30 <REP> d-------- C:\Documents and Settings\Marie\Application Data\DivX
2007-12-23 10:58 . 2007-12-23 10:58 <REP> d-------- C:\Program Files\EA Sports
2007-12-23 09:31 . 2007-12-23 09:31 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-23 09:28 . 2007-12-23 09:30 <REP> d-------- C:\Program Files\GHOST Hunters Majesty Manor
2007-12-22 18:49 . 2007-12-22 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-22 02:02 . 2007-12-22 02:02 <REP> d-------- C:\Documents and Settings\Perso\Application Data\DivX
2007-12-22 02:01 . 2007-12-22 02:01 <REP> d-------- C:\Documents and Settings\Perso\Application Data\LG Electronics
2007-12-22 01:59 . 2007-12-22 01:59 <REP> d-------- C:\lgupload
2007-12-22 01:54 . 2007-12-22 01:55 <REP> d-------- C:\Program Files\DivX
2007-12-22 01:53 . 2007-12-22 01:53 <REP> d-------- C:\Program Files\LG Electronics
2007-12-22 01:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-12-22 01:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-12-22 01:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-22 01:52 . 2007-12-22 01:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2007-12-22 01:51 . 2007-12-22 01:51 <REP> d-------- C:\Documents and Settings\Perso\Application Data\InstallShield
2007-12-13 15:25 . 2007-12-13 15:25 <REP> d-------- C:\Program Files\EA GAMES
2007-12-13 15:25 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-08 08:42 . 2007-12-08 08:42 <REP> d-------- C:\Documents and Settings\Perso\Application Data\MSNInstaller
2007-12-07 07:04 . 2007-12-07 07:04 <REP> d-------- C:\Program Files\Skyline
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 17:15 --------- d-----w C:\Documents and Settings\Perso\Application Data\OpenOffice.org2
2008-01-04 17:08 --------- d-----w C:\Documents and Settings\Marie\Application Data\OpenOffice.org2
2008-01-04 16:00 --------- d-----w C:\Documents and Settings\Marie\Application Data\LimeWire
2008-01-04 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-26 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-26 20:31 --------- d-----w C:\Documents and Settings\J-P et Jordan\Application Data\LimeWire
2007-12-26 01:19 --------- d-----w C:\Documents and Settings\Perso\Application Data\LimeWire
2007-12-23 00:31 --------- d-----w C:\Documents and Settings\Marie\Application Data\Ahead
2007-12-22 00:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 14:59 --------- d-----w C:\Documents and Settings\simon\Application Data\LimeWire
2007-12-18 07:32 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-17 16:25 --------- d-----w C:\Documents and Settings\Marie\Application Data\EPSON
2007-12-06 19:11 19,456 ----a-w C:\WINDOWS\system32\drivers\oqadmywc.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-27 15:11 --------- d-----w C:\Documents and Settings\simon\Application Data\Ahead
2007-11-27 13:16 --------- d-----w C:\Documents and Settings\simon\Application Data\Apple Computer
2007-11-24 23:58 --------- d-----w C:\Documents and Settings\Perso\Application Data\EPSON
2007-11-24 11:08 --------- d-----w C:\Program Files\iTunes
2007-11-24 11:08 --------- d-----w C:\Program Files\iPod
2007-11-24 11:07 --------- d-----w C:\Program Files\QuickTime
2007-11-19 12:53 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-18 16:28 --------- d-----w C:\Program Files\ReparateurDeSysteme
2007-11-17 16:38 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2007-11-17 14:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-15 11:16 --------- d-----w C:\Documents and Settings\Perso\Application Data\Skyline
2007-11-15 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2007-11-15 04:12 --------- d-----w C:\Documents and Settings\Perso\Application Data\reparateurdesysteme
2007-11-15 04:07 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-11-15 04:07 --------- d-----r C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 08:45 --------- d-----w C:\Program Files\JoWooD
2007-11-09 09:23 --------- d-----w C:\Program Files\IncrediMail
2007-11-09 06:43 --------- d-----w C:\Program Files\Dcads Games Collection
2007-11-07 12:10 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_ 0.12.27.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-04 15:10:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C6D5371-2F73-4EEF-B84C-35CED1CCB420}]
2006-03-02 13:00 98304 --a------ C:\WINDOWS\system32\browsel.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44 208946]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 00:39 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 14:38 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 13:42 475180]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 19:00 99840]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09 102400]
"Salestart(1)"="C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" [2007-10-09 15:09 589824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\Marie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22]
C:\Documents and Settings\Perso\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 00:39:23]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R0 dwxdrquo;dwxdrquo;C:\WINDOWS\system32\drivers\oqadmywc.dat []
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-08-18 15:13]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-08-18 15:13]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-08-18 15:13]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 09:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 18:56:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-04 18:58:57
ComboFix-quarantined-files.txt 2008-01-04 17:58:50
ComboFix2.txt 2008-01-03 23:13:23
.
2007-12-13 02:02:57 --- E O F ---
je suis completement perdu avec ce foutu virus qui me pourri la vie pouvez vous m'aider ?????
voici lerapport de combofix ComboFix 08-01-03.3 - Perso 2008-01-04 18:50:27.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.174 [GMT 1:00]
Running from: C:\Documents and Settings\Perso\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 23:41 . 2008-01-02 23:41 318,369 --a------ C:\HiJackThis.zip
2008-01-02 22:33 . 2008-01-02 22:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-02 21:10 . 2008-01-02 21:10 <REP> d-------- C:\Program Files\Yahoo!
2008-01-02 21:10 . 2008-01-02 21:11 <REP> d-------- C:\Program Files\CCleaner
2008-01-02 19:27 . 2008-01-02 19:27 <REP> d-------- C:\Program Files\SafeSoft
2008-01-02 16:27 . 2008-01-04 18:04 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-02 16:27 . 2008-01-02 16:27 <REP> d-------- C:\Documents and Settings\Perso\Application Data\PC Tools
2008-01-02 16:27 . 2008-01-02 16:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-02 16:27 . 2008-01-02 16:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-02 16:27 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-02 16:27 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-02 16:26 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 10:37 . 2007-12-31 10:37 <REP> d-------- C:\Program Files\Magentic
2007-12-31 10:37 . 2007-10-09 13:42 745,547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr
2007-12-26 14:22 . 2007-12-26 14:31 <REP> d--h----- C:\LG3G
2007-12-24 18:20 . 2007-12-24 18:20 <REP> d-------- C:\Documents and Settings\simon\Application Data\DivX
2007-12-24 14:30 . 2007-12-24 14:30 <REP> d-------- C:\Documents and Settings\Marie\Application Data\DivX
2007-12-23 10:58 . 2007-12-23 10:58 <REP> d-------- C:\Program Files\EA Sports
2007-12-23 09:31 . 2007-12-23 09:31 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-23 09:28 . 2007-12-23 09:30 <REP> d-------- C:\Program Files\GHOST Hunters Majesty Manor
2007-12-22 18:49 . 2007-12-22 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-22 02:02 . 2007-12-22 02:02 <REP> d-------- C:\Documents and Settings\Perso\Application Data\DivX
2007-12-22 02:01 . 2007-12-22 02:01 <REP> d-------- C:\Documents and Settings\Perso\Application Data\LG Electronics
2007-12-22 01:59 . 2007-12-22 01:59 <REP> d-------- C:\lgupload
2007-12-22 01:54 . 2007-12-22 01:55 <REP> d-------- C:\Program Files\DivX
2007-12-22 01:53 . 2007-12-22 01:53 <REP> d-------- C:\Program Files\LG Electronics
2007-12-22 01:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-12-22 01:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-12-22 01:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-22 01:52 . 2007-12-22 01:52 <REP> d-------- C:\Program Files\LG PC Suite 2
2007-12-22 01:51 . 2007-12-22 01:51 <REP> d-------- C:\Documents and Settings\Perso\Application Data\InstallShield
2007-12-13 15:25 . 2007-12-13 15:25 <REP> d-------- C:\Program Files\EA GAMES
2007-12-13 15:25 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-08 08:42 . 2007-12-08 08:42 <REP> d-------- C:\Documents and Settings\Perso\Application Data\MSNInstaller
2007-12-07 07:04 . 2007-12-07 07:04 <REP> d-------- C:\Program Files\Skyline
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 17:15 --------- d-----w C:\Documents and Settings\Perso\Application Data\OpenOffice.org2
2008-01-04 17:08 --------- d-----w C:\Documents and Settings\Marie\Application Data\OpenOffice.org2
2008-01-04 16:00 --------- d-----w C:\Documents and Settings\Marie\Application Data\LimeWire
2008-01-04 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-26 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-26 20:31 --------- d-----w C:\Documents and Settings\J-P et Jordan\Application Data\LimeWire
2007-12-26 01:19 --------- d-----w C:\Documents and Settings\Perso\Application Data\LimeWire
2007-12-23 00:31 --------- d-----w C:\Documents and Settings\Marie\Application Data\Ahead
2007-12-22 00:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 14:59 --------- d-----w C:\Documents and Settings\simon\Application Data\LimeWire
2007-12-18 07:32 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-17 16:25 --------- d-----w C:\Documents and Settings\Marie\Application Data\EPSON
2007-12-06 19:11 19,456 ----a-w C:\WINDOWS\system32\drivers\oqadmywc.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-27 15:11 --------- d-----w C:\Documents and Settings\simon\Application Data\Ahead
2007-11-27 13:16 --------- d-----w C:\Documents and Settings\simon\Application Data\Apple Computer
2007-11-24 23:58 --------- d-----w C:\Documents and Settings\Perso\Application Data\EPSON
2007-11-24 11:08 --------- d-----w C:\Program Files\iTunes
2007-11-24 11:08 --------- d-----w C:\Program Files\iPod
2007-11-24 11:07 --------- d-----w C:\Program Files\QuickTime
2007-11-19 12:53 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-18 16:28 --------- d-----w C:\Program Files\ReparateurDeSysteme
2007-11-17 16:38 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2007-11-17 14:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-15 11:16 --------- d-----w C:\Documents and Settings\Perso\Application Data\Skyline
2007-11-15 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2007-11-15 04:12 --------- d-----w C:\Documents and Settings\Perso\Application Data\reparateurdesysteme
2007-11-15 04:07 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-11-15 04:07 --------- d-----r C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 08:45 --------- d-----w C:\Program Files\JoWooD
2007-11-09 09:23 --------- d-----w C:\Program Files\IncrediMail
2007-11-09 06:43 --------- d-----w C:\Program Files\Dcads Games Collection
2007-11-07 12:10 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_ 0.12.27.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-04 15:10:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C6D5371-2F73-4EEF-B84C-35CED1CCB420}]
2006-03-02 13:00 98304 --a------ C:\WINDOWS\system32\browsel.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44 208946]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 00:39 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 14:38 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 13:42 475180]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 19:00 99840]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09 102400]
"Salestart(1)"="C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" [2007-10-09 15:09 589824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\Marie\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22]
C:\Documents and Settings\Perso\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 00:39:23]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R0 dwxdrquo;dwxdrquo;C:\WINDOWS\system32\drivers\oqadmywc.dat []
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-08-18 15:13]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-08-18 15:13]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-08-18 15:13]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 09:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 18:56:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-04 18:58:57
ComboFix-quarantined-files.txt 2008-01-04 17:58:50
ComboFix2.txt 2008-01-03 23:13:23
.
2007-12-13 02:02:57 --- E O F ---
A voir également:
- Virus BHO-KD [Trj] AU SECOURS !!!!!!!!!!!!!!!
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
