A voir également:
- Redirection non désirée
- Avertissement de redirection ✓ - Forum Internet / Réseaux sociaux
- Bouton redirection html ✓ - Forum HTML
- Redirection url gratuit ✓ - Forum Internet / Réseaux sociaux
- Php redirection - Astuces et Solutions
- La redirection d'un parent vers un descendant a echoué ✓ - Forum Windows 8 / 8.1
58 réponses
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
1 mars 2008 à 22:36
1 mars 2008 à 22:36
Salut
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
Bonsoir,
>Ouvre ce lien (merci a S!RI pour ce fix) http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe.
- Regarde le tuto
- Exécute le programme et choisi l’option 1
Le programme va générer un rapport, copie/colle le sur le forum stp.
A+
:)
>Ouvre ce lien (merci a S!RI pour ce fix) http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe.
- Regarde le tuto
- Exécute le programme et choisi l’option 1
Le programme va générer un rapport, copie/colle le sur le forum stp.
A+
:)
j'ai dézippé le fichier et j'ai plein d'exe mais pas celui mentionné dans le tutorial, je clique sur lequel?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
1 mars 2008 à 22:44
1 mars 2008 à 22:44
voir le tuto ici : http://siri.urz.free.fr/Fix/SmitfraudFix.php
++
++
Salut Green Land...
Tu me copies ? http://www.commentcamarche.net/forum/affich 5268453 redirection non desiree#2
Je te laisse la place...
Quoi que....on a posté en même temps...
+
Tu me copies ? http://www.commentcamarche.net/forum/affich 5268453 redirection non desiree#2
Je te laisse la place...
Quoi que....on a posté en même temps...
+
voili, voilà
SmitFraudFix v2.299
Rapport fait à 22:46:20.88, 01.03.2008
Executé à partir de C:\Documents and Settings\Christophe\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Christophe
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Christophe\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/1000 PL Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.299
Rapport fait à 22:46:20.88, 01.03.2008
Executé à partir de C:\Documents and Settings\Christophe\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Christophe
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Christophe\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/1000 PL Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83E6215F-3F9B-40C9-8DA7-F3CE456985C1}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
1 mars 2008 à 22:55
1 mars 2008 à 22:55
Tsssss ! j'avions posté 4 minutes avant toi ! :p
Codu :
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Codu :
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
et voilà le travail ! (je suis revenu en mode normal)
ComboFix 08-03-01.3 - Christophe 2008-03-01 23:04:36.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1731 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:40 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-02-27 19:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 19:38 . 2008-02-27 19:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-27 19:28 . 2008-02-27 19:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 19:24 . 2008-02-27 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 22:22 . 2006-03-11 16:12 3,956,547 --------- C:\WINDOWS\YMP.CAB
2008-02-24 22:22 . 2008-02-24 22:22 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-23 01:14 . 2008-02-23 01:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 22:02 . 2008-02-20 22:02 <REP> d-------- C:\Program Files\ooVoo
2008-02-20 22:02 . 2008-02-20 22:15 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\ooVoo Details
2008-02-20 17:48 . 2008-02-20 17:48 <REP> d-------- C:\Documents and Settings\Orane\Application Data\IEPro
2008-02-20 17:47 . 2008-02-20 17:47 <REP> d-------- C:\Documents and Settings\Orane\Application Data\Grisoft
2008-02-16 18:20 . 2008-02-16 18:20 1,409 --a------ C:\WINDOWS\system32\tmp8DE63.FOT
2008-02-12 23:37 . 2008-02-12 23:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-10 18:45 . 2008-02-10 18:45 <REP> d-------- C:\Documents and Settings\Bouchra\Application Data\Grisoft
2008-02-08 21:07 . 2008-02-08 21:07 <REP> d-------- C:\Documents and Settings\Yanis\Application Data\Grisoft
2008-02-05 21:20 . 2008-02-05 21:23 <REP> d-------- C:\Program Files\Lopxp
2008-02-05 21:00 . 2008-02-05 21:01 <REP> d-------- C:\Program Files\CleanUp!
2008-02-05 19:57 . 2008-02-05 19:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 07:02 . 2008-02-05 07:02 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 00:16 . 2008-02-05 06:56 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-04 22:46 . 2008-02-04 22:46 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Grisoft
2008-02-04 22:45 . 2008-02-04 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 22:45 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 22:34 . 2008-02-04 22:34 <REP> d-------- C:\Program Files\CCleaner
2008-02-04 00:27 . 2008-02-04 00:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:27 . 2008-02-04 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 20:10 . 2008-02-01 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-01 20:10 . 2008-02-01 20:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 11:17 . 2008-02-01 11:17 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 21:46 6,172 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-29 15:16 355,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 15:16 30,107,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 10:37 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-28 00:03 --------- d-----w C:\Program Files\Windows Live
2008-02-27 18:33 --------- d-----w C:\Program Files\MSN Messenger
2008-02-24 21:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 20:24 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Skype
2008-02-20 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-05 20:12 --------- d-----w C:\Program Files\FreeAngel
2008-02-05 18:29 --------- d-----w C:\Program Files\Navilog1
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\Christophe\Application Data\SecondLife
2008-02-01 19:10 --------- d-----w C:\Program Files\Lavasoft
2008-01-15 22:21 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Panasonic
2008-01-15 22:16 --------- d-----w C:\Program Files\Panasonic
2008-01-15 22:16 --------- d-----w C:\Documents and Settings\Christophe\Application Data\InstallShield
2008-01-11 16:09 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\ZoomBrowser EX
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 17:53 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-08 17:17 --------- d-----w C:\Documents and Settings\Christophe\Application Data\ZoomBrowser EX
2008-01-06 08:52 --------- d-----w C:\Documents and Settings\Yanis\Application Data\IEPro
2008-01-05 21:09 --------- d-----w C:\Documents and Settings\Christophe\Application Data\MiniDm
2008-01-04 10:37 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IE7Pro
2008-01-04 10:36 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IE7Pro
2008-01-01 18:34 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-01 18:34 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-01 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-01 18:33 --------- d-----w C:\Program Files\Zone Labs
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-03 16:29 560 ----a-w C:\Documents and Settings\Bouchra\Application Data\ViewerApp.dat
2006-11-03 22:18 284 ----a-w C:\Documents and Settings\Christophe\Application Data\ViewerApp.dat
2006-03-27 20:57 104 --sh--r C:\WINDOWS\system32\D814B28974.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[HKEY_CLASSES_ROOT\clsid\{cedda62d-5fbe-4ab2-ae2e-5e069f444444}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 20:37 67128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 17:57 7110656]
"CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"monitr32"="C:\Program Files\Canon\MultiPASS4\monitr32.exe" [2002-10-29 10:35 315392]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 10:56 151552]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 09:36 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 11:12 243240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-28 17:33:51 110592]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22 738968]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 20:37:21 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-09-03 10:02]
S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
S2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 11:13]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 07:40]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-14 05:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 22:05:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-01 21:36:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 23:07:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 23:08:27
.
2008-02-29 14:18:26 --- E O F ---
ComboFix 08-03-01.3 - Christophe 2008-03-01 23:04:36.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1731 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:40 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-02-27 19:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 19:38 . 2008-02-27 19:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-27 19:28 . 2008-02-27 19:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 19:24 . 2008-02-27 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 22:22 . 2006-03-11 16:12 3,956,547 --------- C:\WINDOWS\YMP.CAB
2008-02-24 22:22 . 2008-02-24 22:22 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-23 01:14 . 2008-02-23 01:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 22:02 . 2008-02-20 22:02 <REP> d-------- C:\Program Files\ooVoo
2008-02-20 22:02 . 2008-02-20 22:15 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\ooVoo Details
2008-02-20 17:48 . 2008-02-20 17:48 <REP> d-------- C:\Documents and Settings\Orane\Application Data\IEPro
2008-02-20 17:47 . 2008-02-20 17:47 <REP> d-------- C:\Documents and Settings\Orane\Application Data\Grisoft
2008-02-16 18:20 . 2008-02-16 18:20 1,409 --a------ C:\WINDOWS\system32\tmp8DE63.FOT
2008-02-12 23:37 . 2008-02-12 23:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-10 18:45 . 2008-02-10 18:45 <REP> d-------- C:\Documents and Settings\Bouchra\Application Data\Grisoft
2008-02-08 21:07 . 2008-02-08 21:07 <REP> d-------- C:\Documents and Settings\Yanis\Application Data\Grisoft
2008-02-05 21:20 . 2008-02-05 21:23 <REP> d-------- C:\Program Files\Lopxp
2008-02-05 21:00 . 2008-02-05 21:01 <REP> d-------- C:\Program Files\CleanUp!
2008-02-05 19:57 . 2008-02-05 19:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 07:02 . 2008-02-05 07:02 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 00:16 . 2008-02-05 06:56 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-04 22:46 . 2008-02-04 22:46 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Grisoft
2008-02-04 22:45 . 2008-02-04 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 22:45 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 22:34 . 2008-02-04 22:34 <REP> d-------- C:\Program Files\CCleaner
2008-02-04 00:27 . 2008-02-04 00:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:27 . 2008-02-04 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 20:10 . 2008-02-01 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-01 20:10 . 2008-02-01 20:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 11:17 . 2008-02-01 11:17 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 21:46 6,172 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-29 15:16 355,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 15:16 30,107,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 10:37 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-28 00:03 --------- d-----w C:\Program Files\Windows Live
2008-02-27 18:33 --------- d-----w C:\Program Files\MSN Messenger
2008-02-24 21:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 20:24 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Skype
2008-02-20 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-05 20:12 --------- d-----w C:\Program Files\FreeAngel
2008-02-05 18:29 --------- d-----w C:\Program Files\Navilog1
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\Christophe\Application Data\SecondLife
2008-02-01 19:10 --------- d-----w C:\Program Files\Lavasoft
2008-01-15 22:21 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Panasonic
2008-01-15 22:16 --------- d-----w C:\Program Files\Panasonic
2008-01-15 22:16 --------- d-----w C:\Documents and Settings\Christophe\Application Data\InstallShield
2008-01-11 16:09 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\ZoomBrowser EX
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 17:53 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-08 17:17 --------- d-----w C:\Documents and Settings\Christophe\Application Data\ZoomBrowser EX
2008-01-06 08:52 --------- d-----w C:\Documents and Settings\Yanis\Application Data\IEPro
2008-01-05 21:09 --------- d-----w C:\Documents and Settings\Christophe\Application Data\MiniDm
2008-01-04 10:37 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IE7Pro
2008-01-04 10:36 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IE7Pro
2008-01-01 18:34 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-01 18:34 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-01 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-01 18:33 --------- d-----w C:\Program Files\Zone Labs
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-03 16:29 560 ----a-w C:\Documents and Settings\Bouchra\Application Data\ViewerApp.dat
2006-11-03 22:18 284 ----a-w C:\Documents and Settings\Christophe\Application Data\ViewerApp.dat
2006-03-27 20:57 104 --sh--r C:\WINDOWS\system32\D814B28974.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[HKEY_CLASSES_ROOT\clsid\{cedda62d-5fbe-4ab2-ae2e-5e069f444444}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 20:37 67128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 17:57 7110656]
"CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"monitr32"="C:\Program Files\Canon\MultiPASS4\monitr32.exe" [2002-10-29 10:35 315392]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 10:56 151552]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 09:36 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 11:12 243240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-28 17:33:51 110592]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22 738968]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 20:37:21 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-09-03 10:02]
S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
S2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 11:13]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 07:40]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-14 05:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 22:05:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-01 21:36:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 23:07:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 23:08:27
.
2008-02-29 14:18:26 --- E O F ---
déjà au dodo?
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
2 mars 2008 à 13:00
2 mars 2008 à 13:00
Salut
on tarde à répondre, mais on n'abandonne pas nos postes !
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
File::
C:\WINDOWS\system32\drivers\klick.dat
C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\YMP.CAB
C:\WINDOWS\nsreg.dat
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
on tarde à répondre, mais on n'abandonne pas nos postes !
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
File::
C:\WINDOWS\system32\drivers\klick.dat
C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\YMP.CAB
C:\WINDOWS\nsreg.dat
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
J'ai suivi les instructions, mais j'ai le message suivant qui vient juste après le démarrage de combofix:
Etiez-vous en train ex,cuter CFScript?
Le nom CFScript semble ^tre incorrectement ,crit
(sic)
Merci de me dire ce que je dois faire?
Etiez-vous en train ex,cuter CFScript?
Le nom CFScript semble ^tre incorrectement ,crit
(sic)
Merci de me dire ce que je dois faire?
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
2 mars 2008 à 14:07
2 mars 2008 à 14:07
ça signifie que tu as du mal nommé le fichier !
est-ce que tu as bien enregistré le script sous le nom de : CFScript.txt ??
++
est-ce que tu as bien enregistré le script sous le nom de : CFScript.txt ??
++
Voilà:
ComboFix 08-03-01.3 - Christophe 2008-03-02 14:16:44.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.41.1036.18.1319 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christophe\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:40 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-02-27 19:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 19:38 . 2008-02-27 19:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-27 19:28 . 2008-02-27 19:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 19:24 . 2008-02-27 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 22:22 . 2006-03-11 16:12 3,956,547 --------- C:\WINDOWS\YMP.CAB
2008-02-24 22:22 . 2008-02-24 22:22 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-23 01:14 . 2008-02-23 01:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 22:02 . 2008-02-20 22:02 <REP> d-------- C:\Program Files\ooVoo
2008-02-20 22:02 . 2008-02-20 22:15 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\ooVoo Details
2008-02-20 17:48 . 2008-02-20 17:48 <REP> d-------- C:\Documents and Settings\Orane\Application Data\IEPro
2008-02-20 17:47 . 2008-02-20 17:47 <REP> d-------- C:\Documents and Settings\Orane\Application Data\Grisoft
2008-02-16 18:20 . 2008-02-16 18:20 1,409 --a------ C:\WINDOWS\system32\tmp8DE63.FOT
2008-02-12 23:37 . 2008-02-12 23:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-10 18:45 . 2008-02-10 18:45 <REP> d-------- C:\Documents and Settings\Bouchra\Application Data\Grisoft
2008-02-08 21:07 . 2008-02-08 21:07 <REP> d-------- C:\Documents and Settings\Yanis\Application Data\Grisoft
2008-02-05 21:20 . 2008-02-05 21:23 <REP> d-------- C:\Program Files\Lopxp
2008-02-05 21:00 . 2008-02-05 21:01 <REP> d-------- C:\Program Files\CleanUp!
2008-02-05 19:57 . 2008-02-05 19:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 07:02 . 2008-02-05 07:02 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 00:16 . 2008-02-05 06:56 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-04 22:46 . 2008-02-04 22:46 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Grisoft
2008-02-04 22:45 . 2008-02-04 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 22:45 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 22:34 . 2008-02-04 22:34 <REP> d-------- C:\Program Files\CCleaner
2008-02-04 00:27 . 2008-02-04 00:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:27 . 2008-02-04 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 13:11 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Skype
2008-03-01 21:46 6,172 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-29 15:16 355,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 15:16 30,107,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 10:37 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-28 00:03 --------- d-----w C:\Program Files\Windows Live
2008-02-27 18:33 --------- d-----w C:\Program Files\MSN Messenger
2008-02-24 21:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-20 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-05 20:12 --------- d-----w C:\Program Files\FreeAngel
2008-02-05 18:29 --------- d-----w C:\Program Files\Navilog1
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\Christophe\Application Data\SecondLife
2008-02-01 19:10 --------- d-----w C:\Program Files\Lavasoft
2008-02-01 19:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-01 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-15 22:21 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Panasonic
2008-01-15 22:16 --------- d-----w C:\Program Files\Panasonic
2008-01-15 22:16 --------- d-----w C:\Documents and Settings\Christophe\Application Data\InstallShield
2008-01-11 16:09 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\ZoomBrowser EX
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 17:53 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-08 17:17 --------- d-----w C:\Documents and Settings\Christophe\Application Data\ZoomBrowser EX
2008-01-06 08:52 --------- d-----w C:\Documents and Settings\Yanis\Application Data\IEPro
2008-01-05 21:09 --------- d-----w C:\Documents and Settings\Christophe\Application Data\MiniDm
2008-01-04 10:37 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IE7Pro
2008-01-04 10:36 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IE7Pro
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-03 16:29 560 ----a-w C:\Documents and Settings\Bouchra\Application Data\ViewerApp.dat
2006-11-03 22:18 284 ----a-w C:\Documents and Settings\Christophe\Application Data\ViewerApp.dat
2006-03-27 20:57 104 --sh--r C:\WINDOWS\system32\D814B28974.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[HKEY_CLASSES_ROOT\clsid\{cedda62d-5fbe-4ab2-ae2e-5e069f444444}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 20:37 67128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 17:57 7110656]
"CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"monitr32"="C:\Program Files\Canon\MultiPASS4\monitr32.exe" [2002-10-29 10:35 315392]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 10:56 151552]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 09:36 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 11:12 243240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-28 17:33:51 110592]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22 738968]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 20:37:21 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-09-03 10:02]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 11:13]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 07:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-14 05:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 09:28:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-02 12:36:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 14:19:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 14:21:11
ComboFix2.txt 2008-03-01 22:08:28
.
2008-02-29 14:18:26 --- E O F ---
ComboFix 08-03-01.3 - Christophe 2008-03-02 14:16:44.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.41.1036.18.1319 [GMT 1:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christophe\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:40 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-02-27 19:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 19:38 . 2008-02-27 19:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-02-27 19:37 . 2008-02-27 19:37 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-27 19:28 . 2008-02-27 19:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 19:24 . 2008-02-27 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 22:22 . 2006-03-11 16:12 3,956,547 --------- C:\WINDOWS\YMP.CAB
2008-02-24 22:22 . 2008-02-24 22:22 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-23 01:14 . 2008-02-23 01:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 22:02 . 2008-02-20 22:02 <REP> d-------- C:\Program Files\ooVoo
2008-02-20 22:02 . 2008-02-20 22:15 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\ooVoo Details
2008-02-20 17:48 . 2008-02-20 17:48 <REP> d-------- C:\Documents and Settings\Orane\Application Data\IEPro
2008-02-20 17:47 . 2008-02-20 17:47 <REP> d-------- C:\Documents and Settings\Orane\Application Data\Grisoft
2008-02-16 18:20 . 2008-02-16 18:20 1,409 --a------ C:\WINDOWS\system32\tmp8DE63.FOT
2008-02-12 23:37 . 2008-02-12 23:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-10 18:45 . 2008-02-10 18:45 <REP> d-------- C:\Documents and Settings\Bouchra\Application Data\Grisoft
2008-02-08 21:07 . 2008-02-08 21:07 <REP> d-------- C:\Documents and Settings\Yanis\Application Data\Grisoft
2008-02-05 21:20 . 2008-02-05 21:23 <REP> d-------- C:\Program Files\Lopxp
2008-02-05 21:00 . 2008-02-05 21:01 <REP> d-------- C:\Program Files\CleanUp!
2008-02-05 19:57 . 2008-02-05 19:57 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 07:02 . 2008-02-05 07:02 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 00:16 . 2008-02-05 06:56 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-04 22:46 . 2008-02-04 22:46 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Grisoft
2008-02-04 22:45 . 2008-02-04 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 22:45 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 22:34 . 2008-02-04 22:34 <REP> d-------- C:\Program Files\CCleaner
2008-02-04 00:27 . 2008-02-04 00:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 00:27 . 2008-02-04 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 13:11 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Skype
2008-03-01 21:46 6,172 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-29 15:16 355,988 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 15:16 30,107,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 10:37 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-28 00:03 --------- d-----w C:\Program Files\Windows Live
2008-02-27 18:33 --------- d-----w C:\Program Files\MSN Messenger
2008-02-24 21:22 --------- d-----w C:\Program Files\Yahoo!
2008-02-20 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-05 20:12 --------- d-----w C:\Program Files\FreeAngel
2008-02-05 18:29 --------- d-----w C:\Program Files\Navilog1
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\Christophe\Application Data\SecondLife
2008-02-01 19:10 --------- d-----w C:\Program Files\Lavasoft
2008-02-01 19:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-01 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-15 22:21 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Panasonic
2008-01-15 22:16 --------- d-----w C:\Program Files\Panasonic
2008-01-15 22:16 --------- d-----w C:\Documents and Settings\Christophe\Application Data\InstallShield
2008-01-11 16:09 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\ZoomBrowser EX
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 17:53 --------- d-----w C:\Documents and Settings\Bouchra\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-08 17:17 --------- d-----w C:\Documents and Settings\Christophe\Application Data\ZoomBrowser EX
2008-01-06 08:52 --------- d-----w C:\Documents and Settings\Yanis\Application Data\IEPro
2008-01-05 21:09 --------- d-----w C:\Documents and Settings\Christophe\Application Data\MiniDm
2008-01-04 10:37 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IEPro
2008-01-04 10:36 --------- d-----w C:\Program Files\IE7Pro
2008-01-04 10:36 --------- d-----w C:\Documents and Settings\Christophe\Application Data\IE7Pro
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-03 16:29 560 ----a-w C:\Documents and Settings\Bouchra\Application Data\ViewerApp.dat
2006-11-03 22:18 284 ----a-w C:\Documents and Settings\Christophe\Application Data\ViewerApp.dat
2006-03-27 20:57 104 --sh--r C:\WINDOWS\system32\D814B28974.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[HKEY_CLASSES_ROOT\clsid\{cedda62d-5fbe-4ab2-ae2e-5e069f444444}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 20:37 67128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 17:57 7110656]
"CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
"monitr32"="C:\Program Files\Canon\MultiPASS4\monitr32.exe" [2002-10-29 10:35 315392]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 10:56 151552]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 09:36 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 11:12 243240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-28 17:33:51 110592]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22 738968]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 20:37:21 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-09-03 10:02]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 11:13]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 07:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-14 05:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 09:28:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-02 12:36:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 14:19:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 14:21:11
ComboFix2.txt 2008-03-01 22:08:28
.
2008-02-29 14:18:26 --- E O F ---
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
2 mars 2008 à 14:26
2 mars 2008 à 14:26
tout n'a pas été supprimé ! :/
# Dans la fenêtre d'HijackThis, clique sur le bouton à droite Config
# Clique sur le bouton Misc Tools Button
# Clique sur le boutton ADS Spy
# Dans la nouvelle fenêtre, clique sur le bouton Scan
# Enregistre le rapport et poste le stp
++
# Dans la fenêtre d'HijackThis, clique sur le bouton à droite Config
# Clique sur le bouton Misc Tools Button
# Clique sur le boutton ADS Spy
# Dans la nouvelle fenêtre, clique sur le bouton Scan
# Enregistre le rapport et poste le stp
++
j'ai pris l'initative de décocher la case quick scan car avec ça ne me donnait rien, alors c'est en train de scanner le tout
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
2 mars 2008 à 15:02
2 mars 2008 à 15:02
e fais un quick scan ou un scan normal (case à cocher en haut)?
euh ! ben il y a juste marquer "scan" normalement !
++
euh ! ben il y a juste marquer "scan" normalement !
++