Infection spyware

Fermé
mancelot - 8 avril 2008 à 21:03
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 10 mai 2008 à 18:17
Bonjour,
mon ordi est infecté par un ou plusieurs spywares ou autre saleté, quelqu'un peut il m'aider à faire le nettoyage sans formater le disque.
Voici le scan de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:31:01, on 07/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\System32\winlegal.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\System32\wnslogan.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\shell.exe
C:\Documents and Settings\All Users\Application Data\tujaxcrg\vmxsbeva.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\WINDOWS\System32\winmed.exe
C:\WINDOWS\TEMP\winlogan.exe
C:\WINDOWS\system32\azqhgqpw.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = Selection
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: etlrlws - {86AEF867-F889-453D-97C1-5EC912C0FA76} - C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\ac8zt2\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [WinMed] winmed.exe
O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [azqhgqpw] C:\WINDOWS\system32\azqhgqpw.exe
O4 - HKLM\..\Run: [ebolubyl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ebolubyl.dll"
O4 - HKLM\..\Run: [kdypalsr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kdypalsr.dll"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Emmanuel\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [hlphzdnm] C:\WINDOWS\system32\gzezgzwp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: autorun.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8274098-59F2-42E1-8527-DC25B264E790}: NameServer = 80.10.246.2,80.10.246.129
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: bokpkov - {B7AE9C68-CA22-4E5C-BDFF-9FA1E5C12F45} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {86F827E7-BDB4-498D-A149-7F50744E28C3} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: KernelService - {b91b200a-d3e9-4e7b-bd28-ae65d6e9de02} - C:\WINDOWS\Installer\{b91b200a-d3e9-4e7b-bd28-ae65d6e9de02}\KernelService.dll
O21 - SSODL: zip - {3b655395-e3c6-47d6-a293-ab6cfecbce00} - C:\WINDOWS\Installer\{3b655395-e3c6-47d6-a293-ab6cfecbce00}\zip.dll
O21 - SSODL: AlrtPrx - {853222a2-c6ee-4523-b03f-26d44de66524} - C:\WINDOWS\Installer\{853222a2-c6ee-4523-b03f-26d44de66524}\AlrtPrx.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlegal.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\System32\wnslogan.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe


Ce message à était posté depuis un autre PC sain.
A voir également:

6 réponses

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 avril 2008 à 13:25
slt,
je veux bien t'aider mais cela n'est pas gagné car tu es infésté de nombrux virus!!!

ton windows n'est pas a jour? tu n'as pas le sp2

norton c'est l'antivirus ou la suite?

si ce n'est que l'antivirus il faut mettre un parefeu:

KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm


___________________________

___________


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
________________



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

______________



smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.


attends avant de faire la troisieme partie

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

___________________
recolle un nouveau hijackhtis
0
Je te remercie du coup de main, je vais suivre tes conseils et faire les différentes étapes énumérées, je t'informerais des résultat des différents scan.
@+ mancelot
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 avril 2008 à 20:17
ok

a plus

tu pourra aussi me coller un scan en ligne au final



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html

Panda en ligne :
http://pandasoftware.fr



ou telecharger bitdefender free et me coller le rapport:

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
0
Salut,
J'ai fini les differents scan, voici les resultats:

SDfix:


[b]SDFix: Version 1.168 [/b]
Run by Emmanuel on 10/04/2008 at 19:54

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Emmanuel\Bureau\Sdfix\SDFix

[b]Checking Services [/b]:

Name:
1Google Online Search Service
AdvPowerMgmt
Googles Onlines Search Services
INR04
ndisaluo
ntio922

Path:
\??\C:\WINDOWS\System32\Drivers\ndisaluo.sys
System32\Drivers\ntio922.sys

1Google Online Search Service - Deleted
AdvPowerMgmt - Deleted
Googles Onlines Search Services - Deleted
INR04 - Deleted
ndisaluo - Deleted
ntio922 - Deleted

Killing PID 948 'shell.exe'
Killing PID 900 'shell.exe'


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value


Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\Installer\{b91b200a-d3e9-4e7b-bd28-ae65d6e9de02}\KernelService.dll - Deleted
C:\WINDOWS\Installer\{3b655395-e3c6-47d6-a293-ab6cfecbce00}\zip.dll - Deleted
C:\WINDOWS\Installer\{853222a2-c6ee-4523-b03f-26d44de66524}\AlrtPrx.dll - Deleted
C:\WINDOWS\system32\jfiehayd.dll - Deleted
C:\FCJHBFR.EXE - Deleted
C:\108049~1 - Deleted
C:\WINDOWS\SYSTEM32\SLAYERX.DLL - Deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe - Deleted
C:\Documents and Settings\Emmanuel\Local Settings\Application Data\cftmon.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\printer.exe - Deleted
C:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\DOCUME~1\LOCALS~1\FTPDLL.DLL - Deleted
C:\DOCUME~1\EMMANUEL\FTPDLL.DLL - Deleted
C:\RHVETM.EXE - Deleted
C:\WINDOWS\TEMP\RUDKGSSK.EXE - Deleted
C:\WINDOWS\TEMP\BABKIN~1.EXE - Deleted
C:\Program Files\tmp0.exe - Deleted
C:\Program Files\tmp1.exe - Deleted
C:\Program Files\tmp2.exe - Deleted
C:\Program Files\tmp1101718.exe - Deleted
C:\Program Files\tmp1102312.exe - Deleted
C:\Program Files\tmp1118484.exe - Deleted
C:\Program Files\tmp1144718.exe - Deleted
C:\Documents and Settings\Emmanuel\Application Data\ultra\uninstall.bat - Deleted
C:\Documents and Settings\Emmanuel\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Error Cleaner.url - Deleted
C:\Documents and Settings\Emmanuel\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Privacy Protector.url - Deleted
C:\Documents and Settings\Emmanuel\Favoris\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\Temp\168.tmp.lst - Deleted
C:\WINDOWS\Temp\28C5.tmp.lst - Deleted
C:\WINDOWS\Temp\3037.tmp.lst - Deleted
C:\WINDOWS\Temp\4356.tmp.lst - Deleted
C:\WINDOWS\Temp\7DE3.tmp.lst - Deleted
C:\WINDOWS\Temp\40C5.tmp.lst - Deleted
C:\WINDOWS\Temp\6C33.tmp.lst - Deleted
C:\WINDOWS\Temp\1FC7.tmp.lst - Deleted
C:\WINDOWS\Temp\40F3.tmp.lst - Deleted
C:\WINDOWS\Temp\5F8C.tmp.lst - Deleted
C:\WINDOWS\Temp\295A.tmp.lst - Deleted
C:\WINDOWS\Temp\2BDE.tmp.lst - Deleted
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Program Files\IE Extensions\cj.v2.dll - Deleted
C:\Program Files\iSecurity\iSecurity.dat - Deleted
C:\Program Files\iSecurity\systemdefender.bmp - Deleted
C:\Program Files\iSecurity\systemdefenderinstalled.bmp - Deleted
C:\Program Files\iSecurity\syscleaner.bmp - Deleted
C:\Program Files\iSecurity\syscleanerinstalled.bmp - Deleted
C:\Program Files\iSecurity\winifixer.bmp - Deleted
C:\Program Files\iSecurity\winifixerinstalled.bmp - Deleted
C:\Program Files\iSecurity\Ultimate Cleaner\setup.exe - Deleted
C:\Program Files\iSecurity\WiniFixer\setup.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\drnpfdxfqd.dll - Deleted
C:\WINDOWS\system32\~.exe - Deleted
C:\Program Files\antiviirus.exe - Deleted
C:\Documents and Settings\Emmanuel\ie_updates3r.exe - Deleted
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\Csrssc.exe - Deleted
C:\autoex.dll - Deleted
C:\findfast.exe - Deleted
C:\WINDOWS\altvxvm.dll - Deleted
C:\WINDOWS\bokpkov.dll - Deleted
C:\WINDOWS\fmsxwqs.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\shell.exe - Deleted
C:\WINDOWS\system32\~.exe - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\printer.exe - Deleted
C:\WINDOWS\system32\spoolvs.exe - Deleted
C:\WINDOWS\system32\svchost.t__ - Deleted
C:\WINDOWS\system32\winlegal.exe - Deleted
C:\WINDOWS\system32\winlogans.tmp - Deleted
C:\WINDOWS\system32\winmed.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\wnslogan.exe - Deleted
C:\WINDOWS\Temp\babkinepaxnut.exe - Deleted
C:\WINDOWS\Temp\csrssc.exe - Deleted
C:\WINDOWS\Temp\iframestat.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\sh.exe - Deleted
C:\WINDOWS\Temp\winlogan.exe - Deleted
C:\WINDOWS\Web\def.htm - Deleted
C:\DOCUME~1\EMMANUEL\BUREAU\SDFIX\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Sdfix\SDFix\backups_old\Error Cleaner.url - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Sdfix\SDFix\backups_old\Privacy Protector.url - Deleted
C:\Documents and Settings\Emmanuel\Bureau\Sdfix\SDFix\backups_old\Spyware&Malware Protection.url - Deleted
C:\nethlpr.exe - Deleted
C:\WINDOWS\shell.exe - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\printer.exe - Deleted
C:\WINDOWS\system32\spoolvs.exe - Deleted
C:\WINDOWS\system32\drivers\ntio922.sys - Deleted
C:\WINDOWS\system32\drivers\ndisaluo.sys - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\powermgmt.sys - Deleted
C:\WINDOWS\system32\drivers\INR04.sys - Deleted
C:\WINDOWS\system32\drivers\INR04.sys - Deleted

[color=red]Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use [url=http://www2.gmer.net/gmer.zip]Gmer[/url] or [url=https://free.drweb.com/cureit]Dr.Web CureIt[/url][/color]

Could Not Remove C:\WINDOWS\system32smp
Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$
Could Not Remove C:\WINDOWS\system32smp
Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$

Folder C:\WINDOWS\Installer\{b91b200a-d3e9-4e7b-bd28-ae65d6e9de02} - Removed
Folder C:\WINDOWS\Installer\{3b655395-e3c6-47d6-a293-ab6cfecbce00} - Removed
Folder C:\WINDOWS\Installer\{853222a2-c6ee-4523-b03f-26d44de66524} - Removed
Folder C:\Documents and Settings\Emmanuel\Application Data\ultra - Removed
Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Program Files\AdvancedCleaner Free - Removed
Folder C:\Program Files\akl - Removed
Folder C:\Program Files\IE Extensions - Removed
Folder C:\Program Files\iSecurity - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 20:38:18
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\nethlpr.exe"="C:\\nethlpr.exe:*:Enabled:Windows Update"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Application Data\\sysfixer.exe"="C:\\Documents and Settings\\Emmanuel\\Application Data\\sysfixer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Emmanuel\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Emmanuel\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Application Data\\sysfixer.exe"="C:\\Documents and Settings\\Emmanuel\\Application Data\\sysfixer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Emmanuel\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Emmanuel\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Emmanuel\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:

C:\WINDOWS\system32smp Found
C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found
C:\WINDOWS\system32smp Found
C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found

File Backups: - C:\DOCUME~1\Emmanuel\Bureau\Sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 2 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 24 Nov 2005 17,920 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 24 Nov 2005 12,880 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Wed 28 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 28 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 28 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 28 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 28 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 28 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 28 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 28 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 28 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 28 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 28 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 28 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 28 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 28 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 28 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 28 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 28 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 28 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 28 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 28 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 28 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 28 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 28 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 28 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 28 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 28 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 28 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 28 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 28 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 28 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 28 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 28 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 28 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 28 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 28 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 28 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 28 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 28 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 28 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 28 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 28 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 28 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 28 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 28 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 28 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 28 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 28 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 28 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 28 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 28 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 28 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 28 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 28 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 28 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 28 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 28 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 28 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 28 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 28 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 28 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 28 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 28 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 28 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 28 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 28 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 28 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 28 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 28 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 28 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 28 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 28 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 28 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 28 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 28 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 28 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 28 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 28 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 28 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 28 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 28 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 28 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished![/b]

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Combofix:


ComboFix 08-04-11.8 - Emmanuel 2008-04-14 20:28:12.2 - [color=red][b]FAT32[/b][/color]x86
Endroit: C:\Documents and Settings\Emmanuel\Bureau\killbaggle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\shell.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinIFixer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinIFixer\Register.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinIFixer\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinIFixer\WinIFixer.lnk
C:\Documents and Settings\Emmanuel\Application Data\ultra
C:\Documents and Settings\Emmanuel\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Emmanuel\Application Data\WinIFixer.com
C:\Documents and Settings\Emmanuel\Bureauvirii
C:\Program Files\Helper
C:\Program Files\Helper\1208025163.dll
C:\Program Files\PC-Cleaner
C:\Program Files\WinIFixer
C:\Program Files\WinIFixer\database.dat
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\Uninstall.exe
C:\Program Files\WinIFixer\WinIFixer.exe
C:\Program Files\WinIFixer\WinIFixer.exe.local
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mssecu.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\shell.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\39514.exe
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\chktiefj.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\dwkwmuph.ini
C:\WINDOWS\system32\fnsuujmo.dll
C:\WINDOWS\system32\gqd232.exe
C:\WINDOWS\system32\gqd463.exe
C:\WINDOWS\system32\H4dj24g.dll
C:\WINDOWS\system32\hpumwkwd.dll
C:\WINDOWS\system32\jeyyxsja.dll
C:\WINDOWS\system32\kb1111p.dll
C:\WINDOWS\system32\Kf9467g.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcrupdate.exe
C:\WINDOWS\system32\nfaamqkf.dll
C:\WINDOWS\system32\piorclvo.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\rawhgukw.ini
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\winlegals.tmp
C:\WINDOWS\system32\wkughwar.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\tmlpcert2005
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Legacy_GRANDE48
-------\Legacy_NWSAPAGENT
-------\Service_ccEvtMgr
-------\Service_ccPwdSvc
-------\Service_NwSapAgent


((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 19:31 . 2008-04-14 19:31 <REP> d-------- C:\ComboFix
2008-04-14 19:19 . 2008-04-14 19:19 3,648 --a------ C:\WINDOWS\system32\mfomhrxs.dll
2008-04-12 20:34 . 2008-04-12 20:34 3,648 --a------ C:\WINDOWS\system32\pqnogtsc.dll
2008-04-12 20:33 . 2008-04-12 20:33 3,648 --a------ C:\WINDOWS\system32\illeciih.dll
2008-04-12 20:32 . 2008-04-12 20:32 0 --a------ C:\WINDOWS\BM43543896.xml
2008-04-12 18:35 . 2008-04-12 18:35 <REP> d--hs---- C:\FOUND.005
2008-04-11 20:20 . 2008-04-12 20:31 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-11 20:19 . 2008-04-11 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\itqzkvyd
2008-04-11 20:19 . 2008-04-12 20:31 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-04-11 20:19 . 2008-04-11 20:19 118,784 --a------ C:\WINDOWS\system32\ypstgnul.exe
2008-04-11 20:19 . 2008-04-11 20:19 98,304 --a------ C:\WINDOWS\system32\WinAplEn.dll
2008-04-11 20:19 . 2008-04-11 20:19 98,304 --a------ C:\Documents and Settings\All Users\Application Data\gjqxwhkf.dll
2008-04-09 20:03 . 2008-04-09 20:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-07 16:59 . 2008-04-07 16:59 <REP> d--hs---- C:\FOUND.004
2008-03-31 21:05 . 2008-03-31 21:05 110,592 --a------ C:\Documents and Settings\All Users\Application Data\kdypalsr.dll
2008-03-31 21:04 . 2008-03-31 21:04 110,592 --a------ C:\WINDOWS\system32\pzpyfzcl.dll
2008-03-31 21:04 . 2008-03-31 21:04 106,496 --a------ C:\WINDOWS\system32\gzezgzwp.exe
2008-03-31 20:50 . 2008-03-31 20:50 <REP> d-------- C:\Program Files\Deus Cleaner
2008-03-31 20:45 . 2008-03-31 20:45 233,984 --a------ C:\WINDOWS\system32\ggd474.exe
2008-03-31 20:45 . 2008-03-31 20:45 17,920 --a------ C:\WINDOWS\system32\ggd472.exe
2008-03-31 20:45 . 2008-03-31 20:45 11,776 --a------ C:\WINDOWS\system32\ggd477.exe
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-29 18:31 . 2004-03-28 17:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-28 18:20 . 2008-03-28 18:20 <REP> d--hs---- C:\FOUND.003
2008-03-27 20:31 . 2008-03-27 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tujaxcrg
2008-03-27 20:31 . 2008-03-27 20:31 114,688 --a------ C:\WINDOWS\system32\pikmfftc.dll
2008-03-27 20:31 . 2008-03-27 20:31 114,688 --a------ C:\Documents and Settings\All Users\Application Data\ebolubyl.dll
2008-03-27 20:31 . 2008-03-27 20:31 102,400 --a------ C:\WINDOWS\system32\azqhgqpw.exe
2008-03-27 20:31 . 2008-03-27 20:31 33,280 --a------ C:\WINDOWS\ijyduxen.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauTrojan.Win32.BlackBird.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauFWebdEditor.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufwebd.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufkwp2.0.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufkwp1.5.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufilemanagerclient.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauEditorFKWP2.0.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauEditorFKWP1.5.exe
2008-03-25 17:52 . 2008-03-25 17:52 <REP> d--hs---- C:\FOUND.002
2008-03-24 10:27 . 2008-03-24 10:27 58,368 --a------ C:\jehebe.exe
2008-03-24 10:27 . 2008-03-24 10:27 6,144 --a------ C:\xllff.exe
2008-03-24 10:26 . 2008-03-24 10:26 17,920 --a------ C:\WINDOWS\system32\gqd374.exe
2008-03-24 10:26 . 2008-03-24 10:26 6,144 --a------ C:\WINDOWS\system32\gqd888.exe
2008-03-20 18:21 . 2008-03-20 18:21 <REP> d--hs---- C:\FOUND.001
2008-03-18 19:39 . 2008-03-18 19:40 6,144 --a------ C:\rvyvhncc.exe
2008-03-17 21:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 20:44 . 2008-03-17 20:44 69,799 --a------ C:\toahsxde.exe
2008-03-17 20:44 . 2008-03-17 20:44 58,368 --a------ C:\rdwavag.exe
2008-03-17 20:44 . 2008-03-17 20:44 14,848 --a------ C:\cwwkxwu.exe
2008-03-17 20:43 . 2008-03-17 20:43 6,144 --a------ C:\mmhkj.exe
2008-03-17 20:42 . 2008-03-17 20:42 96,499 --a------ C:\WINDOWS\system32\gqd414.exe
2008-03-17 20:41 . 2008-03-17 20:41 69,120 --a------ C:\WINDOWS\system32\gqd449.exe
2008-03-17 20:41 . 2008-03-17 20:42 11,776 --a------ C:\WINDOWS\system32\gqd387.exe
2008-03-17 20:40 . 2008-03-17 20:40 143,360 --a------ C:\WINDOWS\system32\gqd406.exe
2008-03-17 20:40 . 2008-03-17 20:41 58,368 --a------ C:\WINDOWS\system32\gqd427.exe
2008-03-16 18:26 . 2008-03-16 18:26 <REP> d-------- C:\Program Files\Fichiers communs\AdvancedCleaner
2008-03-16 18:26 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-16 18:07 . 2008-03-16 18:07 29 --a------ C:\WINDOWS\system32\yporhrep.tmp
2008-03-16 18:05 . 2008-03-16 18:05 58,368 --a------ C:\caxlkn.exe
2008-03-16 18:04 . 2008-03-16 18:04 6,144 --a------ C:\qhphkf.exe
2008-03-15 19:27 . 2008-03-15 19:22 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-15 19:27 . 2008-03-15 19:27 2,547 --a------ C:\WINDOWS\unins000.dat
2008-03-15 18:53 . 2008-03-15 18:53 54,784 --a------ C:\Documents and Settings\Emmanuel\win.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 18:02 --------- d-----w C:\Program Files\OfficeUpdate11
2011-02-08 16:28 --------- d-----w C:\Program Files\Fichiers communs\RbtProt
2011-02-08 16:22 --------- d-----w C:\Program Files\Fichiers communs\RoboBAT
2010-03-30 18:40 --------- d-----w C:\Program Files\Symantec
2010-03-30 18:40 --------- d-----w C:\Program Files\Norton SystemWorks
2010-03-30 18:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2010-03-30 18:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Symantec
2010-03-30 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-27 17:38 63,688 ----a-w C:\Documents and Settings\Emmanuel\Application Data\GDIPFONTCACHEV1.DAT
2007-08-21 16:53 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-06-17 17:57 192 --sh--r C:\WINDOWS\inf\sdatabl.sav.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{130F2532-127D-B01E-2397-0470AAF59A7E}]
2008-03-31 21:04 110592 --a------ C:\WINDOWS\system32\pzpyfzcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{662A3DAA-4A5B-C560-9E8E-03A40EB12A43}]
2008-04-11 20:19 98304 --a------ C:\WINDOWS\system32\WinAplEn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hlphzdnm"="C:\WINDOWS\system32\gzezgzwp.exe" [2008-03-31 21:04 106496]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"jdgf894jrghoiiskd"="C:\WINDOWS\TEMP\winlogan.exe" [ ]
"Spoolsv"="C:\WINDOWS\System32\spoolvs.exe" [2005-08-20 22:44 9728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 11:57 218240]
"AbyssmoClient"="C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe" [2007-09-27 10:57 270336]
"azqhgqpw"="C:\WINDOWS\system32\azqhgqpw.exe" [2008-03-27 20:31 102400]
"ctfmona"="C:\WINDOWS\System32\ctfmona.exe" [ ]
"Printer"="C:\WINDOWS\System32\printer.exe" [2005-08-20 22:08 9728]

C:\Documents and Settings\Emmanuel\Menu D‚marrer\Programmes\D‚marrage\
findfast.exe [2005-08-21 00:31:32 9728]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
autorun.exe [2005-08-14 17:27:42 9728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"FzAULgJw7L"= C:\Documents and Settings\All Users\Application Data\itqzkvyd\styhojkj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A611CB}"= C:\WINDOWS\system32\kb1111p.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\\WINDOWS\\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyvu]
ddcbyvu.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AcctMgr"=C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
"DNHelper32"=C:\WINDOWS\System32\DNHlp32.exe
"QD FastAndSafe"=C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /planificateur
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\autorun.exe"=
"C:\\WINDOWS\\System32\\printer.exe"=
"C:\\WINDOWS\\System32\\spoolvs.exe"=
"C:\\Documents and Settings\\Emmanuel\\Menu Démarrer\\Programmes\\Démarrage\\findfast.exe"=
"C:\\WINDOWS\\shell.exe"=

R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2003-05-28 19:01]
R2 DK2DRV;DK2 WindowsNT Driver;C:\WINDOWS\System32\Drivers\DK2DRV.SYS [2003-04-11 17:31]
R2 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\System32\Drivers\eusk2par.sys [2003-06-06 14:34]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-23 23:00]
R2 SG_Service;SoftGuard Service;C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 11:58]
S2 PPSCAN;PPSCAN;C:\WINDOWS\System32\drivers\PPSCAN.sys [1998-02-20 14:37]
S3 ATMELFVNETusb(505A_2958)(R);ATMEL FVNETusb(505A_2958)(R) Service for ATMEL USB FastVNET (505A);C:\WINDOWS\System32\DRIVERS\vnet5a8x.sys []
S3 gel90xne;gel90xne;C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\gel90xne.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 17:00:02 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-03-17 17:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Emmanuel.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2008-03-12 17:00:02 C:\WINDOWS\Tasks\Norton Disk Doctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\ndd32.exe
"2008-03-13 17:00:02 C:\WINDOWS\Tasks\Norton System Doctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\sysdoc32.exe
"2008-03-15 17:00:02 C:\WINDOWS\Tasks\Norton WinDoctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\windoc.exe
"2005-08-18 17:12:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:34:06
Windows 5.1.2600 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-14 20:35:18
ComboFix-quarantined-files.txt 2008-04-14 18:35:12
Pre-Run: 2,134,827,008 octets libres
Post-Run: 2,117,066,752 octets libres

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Smitfraud:

SmitFraudFix v2.310

Rapport fait à 21:05:20,96, 14/04/2008
Executé à partir de C:\Documents and Settings\Emmanuel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\shell.exe supprimé
C:\WINDOWS\system32\printer.exe supprimé
C:\WINDOWS\system32\spoolvs.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8274098-59F2-42E1-8527-DC25B264E790}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8274098-59F2-42E1-8527-DC25B264E790}: NameServer=80.10.246.2,80.10.246.129


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:43:52, on 17/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\WINDOWS\system32\azqhgqpw.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = Selection
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {130F2532-127D-B01E-2397-0470AAF59A7E} - C:\WINDOWS\system32\pzpyfzcl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {546EB214-FBAF-485C-A5E8-E9C86566ACBE} - (no file)
O2 - BHO: (no name) - {662A3DAA-4A5B-C560-9E8E-03A40EB12A43} - C:\WINDOWS\system32\WinAplEn.dll
O2 - BHO: (no name) - {A64980B3-A32B-4F72-A2FE-961CDB6877F1} - (no file)
O2 - BHO: (no name) - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O2 - BHO: (no name) - {BDC07A4F-4F1D-4D70-B958-54040843FB94} - (no file)
O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O2 - BHO: (no name) - {E331816F-0043-4128-A573-7B28EA497DB4} - (no file)
O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [azqhgqpw] C:\WINDOWS\system32\azqhgqpw.exe
O4 - HKLM\..\Run: [ebolubyl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ebolubyl.dll"
O4 - HKLM\..\Run: [kdypalsr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kdypalsr.dll"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [40670b0a] rundll32.exe "C:\WINDOWS\System32\hpumwkwd.dll",b
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKCU\..\Run: [hlphzdnm] C:\WINDOWS\system32\gzezgzwp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8274098-59F2-42E1-8527-DC25B264E790}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: ddcbyvu - ddcbyvu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Bitdefenderfree:


//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 17/04/2008 20:02:17
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\WINDOWS
C:\Program Files
Dossiers : 2610
Fichiers : 19929
Processus Mémoire analysés : 0
Archives : 1
Fichiers enpaquetés : 816
Virus trouvés : 3
Fichiers infectés : 5
Proces
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 avril 2008 à 18:22
tu as mis un parefeu???
mets en un
sauf si norton en contient un (si c'est la suite) sinon les infections reviennent


______________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {130F2532-127D-B01E-2397-0470AAF59A7E} - C:\WINDOWS\system32\pzpyfzcl.dll
O2 - BHO: (no name) - {546EB214-FBAF-485C-A5E8-E9C86566ACBE} - (no file)
O2 - BHO: (no name) - {662A3DAA-4A5B-C560-9E8E-03A40EB12A43} - C:\WINDOWS\system32\WinAplEn.dll
O2 - BHO: (no name) - {A64980B3-A32B-4F72-A2FE-961CDB6877F1} - (no file)
O2 - BHO: (no name) - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O2 - BHO: (no name) - {BDC07A4F-4F1D-4D70-B958-54040843FB94} - (no file)
O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O2 - BHO: (no name) - {E331816F-0043-4128-A573-7B28EA497DB4} - (no file)
O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - (no file)
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [azqhgqpw] C:\WINDOWS\system32\azqhgqpw.exe
O4 - HKLM\..\Run: [ebolubyl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ebolubyl.dll"
O4 - HKLM\..\Run: [kdypalsr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kdypalsr.dll"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [40670b0a] rundll32.exe "C:\WINDOWS\System32\hpumwkwd.dll",b
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKCU\..\Run: [hlphzdnm] C:\WINDOWS\system32\gzezgzwp.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: autorun.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -

O20 - Winlogon Notify: ddcbyvu - ddcbyvu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\

________________________




________________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\WINDOWS\system32\azqhgqpw.exe
C:\Documents and Settings\All Users\Application Data\ebolubyl.dll
C:\Documents and Settings\All Users\Application Data\kdypalsr.dll
C:\Program Files\WinIFixer\WinIFixer.exe
C:\WINDOWS\System32\hpumwkwd.dll
C:\WINDOWS\System32\ctfmona.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\system32\gzezgzwp.exe
C:\WINDOWS\TEMP\winlogan.exe
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
C:\WINDOWS\TEMP\winlogan.exe
C:\WINDOWS\System32\spoolvs.exe


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{130F2532-127D-B01E-2397-0470AAF59A7E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyvu]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat­ions\List]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AbyssmoClient"=-
"azqhgqpw"=-
"ctfmona"=-
"Printer"=-
"hlphzdnm"=-
"C:\\WINDOWS\\System32\\printer.exe"=-
"jdgf894jrghoiiskd"=-









Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Salut,
je t'envoie les rapport de combofix et hijackthis, windows me mets toujours en garde en me disant que je suis infecté par un virus, et veux que je télécharge un anti spyware, j'ai suivi ton conseil pour le firewall (netico) mais il ne semble pas se lancer automatiquement.





ComboFix 08-04-11.8 - Emmanuel 2008-04-21 20:39:04.3 - [color=red][b]FAT32[/b][/color]x86
Endroit: C:\Documents and Settings\Emmanuel\Bureau\Combofix.exe
Command switches used :: C:\Documents and Settings\Emmanuel\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\csrssc.exe
C:\Documents and Settings\All Users\Application Data\ebolubyl.dll
C:\Documents and Settings\All Users\Application Data\kdypalsr.dll
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\Program Files\WinIFixer\WinIFixer.exe
C:\WINDOWS\system32\azqhgqpw.exe
C:\WINDOWS\System32\ctfmona.exe
C:\WINDOWS\system32\gzezgzwp.exe
C:\WINDOWS\System32\hpumwkwd.dll
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\spoolvs.exe
C:\WINDOWS\TEMP\winlogan.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ebolubyl.dll
C:\Documents and Settings\All Users\Application Data\kdypalsr.dll
C:\Documents and Settings\Emmanuel\Application Data\ultra
C:\Documents and Settings\Emmanuel\Application Data\ultra\uninstall.bat
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\azqhgqpw.exe
C:\WINDOWS\System32\ctfmona.exe
C:\WINDOWS\system32\gzezgzwp.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\System32\spoolvs.exe
C:\WINDOWS\system32\xlibgfl254.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 19:51 . 2005-08-28 15:49 9,728 --a------ C:\WINDOWS\shell.exe
2008-04-21 20:34 . 2008-04-21 20:34 <REP> d-------- C:\killbaggle
2008-04-19 20:27 . 2008-04-19 20:27 <REP> d-------- C:\Program Files\Jetico
2008-04-18 20:23 . 2008-04-18 20:23 114,688 --a------ C:\Documents and Settings\All Users\Application Data\szmtehwz.dll
2008-04-18 20:22 . 2008-04-18 20:22 114,688 --a------ C:\WINDOWS\system32\procapisys.dll
2008-04-18 20:22 . 2008-04-18 20:22 94,208 --a------ C:\WINDOWS\system32\zwbevshc.exe
2008-04-17 20:44 . 2008-04-17 20:44 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\Bitdefender
2008-04-17 20:03 . 2008-04-21 23:22 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-17 19:57 . 2008-04-17 19:57 <REP> d-------- C:\Program Files\Softwin
2008-04-17 19:57 . 2008-04-17 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-17 19:55 . 2008-04-17 19:55 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-14 20:56 . 2008-04-14 21:05 2,414 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-14 19:19 . 2008-04-14 19:19 3,648 --a------ C:\WINDOWS\system32\mfomhrxs.dll
2008-04-12 20:34 . 2008-04-12 20:34 3,648 --a------ C:\WINDOWS\system32\pqnogtsc.dll
2008-04-12 20:33 . 2008-04-12 20:33 3,648 --a------ C:\WINDOWS\system32\illeciih.dll
2008-04-12 20:32 . 2008-04-12 20:32 0 --a------ C:\WINDOWS\BM43543896.xml
2008-04-12 18:35 . 2008-04-12 18:35 <REP> d--hs---- C:\FOUND.005
2008-04-11 20:20 . 2008-04-20 19:12 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-11 20:19 . 2008-04-11 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\itqzkvyd
2008-04-11 20:19 . 2008-04-20 19:12 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-04-11 20:19 . 2008-04-11 20:19 118,784 --a------ C:\WINDOWS\system32\ypstgnul.exe
2008-04-11 20:19 . 2008-04-11 20:19 98,304 --a------ C:\Documents and Settings\All Users\Application Data\gjqxwhkf.dll
2008-04-09 20:03 . 2008-04-09 20:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-07 16:59 . 2008-04-07 16:59 <REP> d--hs---- C:\FOUND.004
2008-03-31 20:50 . 2008-03-31 20:50 <REP> d-------- C:\Program Files\Deus Cleaner
2008-03-31 20:45 . 2008-03-31 20:45 233,984 --a------ C:\WINDOWS\system32\ggd474.exe
2008-03-31 20:45 . 2008-03-31 20:45 17,920 --a------ C:\WINDOWS\system32\ggd472.exe
2008-03-31 20:45 . 2008-03-31 20:45 11,776 --a------ C:\WINDOWS\system32\ggd477.exe
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-29 18:31 . 2004-03-28 17:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-29 18:31 . 2004-03-28 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-28 18:20 . 2008-03-28 18:20 <REP> d--hs---- C:\FOUND.003
2008-03-27 20:31 . 2008-03-27 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tujaxcrg
2008-03-27 20:31 . 2008-03-27 20:31 114,688 --a------ C:\WINDOWS\system32\pikmfftc.dll
2008-03-27 20:31 . 2008-03-27 20:31 33,280 --a------ C:\WINDOWS\ijyduxen.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauTrojan.Win32.BlackBird.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauFWebdEditor.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufwebd.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufkwp2.0.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufkwp1.5.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\Bureaufilemanagerclient.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauEditorFKWP2.0.exe
2008-03-27 20:31 . 2008-03-27 20:31 4,096 --a------ C:\Documents and Settings\Emmanuel\BureauEditorFKWP1.5.exe
2008-03-25 17:52 . 2008-03-25 17:52 <REP> d--hs---- C:\FOUND.002
2008-03-24 10:27 . 2008-03-24 10:27 58,368 --a------ C:\jehebe.exe
2008-03-24 10:27 . 2008-03-24 10:27 6,144 --a------ C:\xllff.exe
2008-03-24 10:26 . 2008-03-24 10:26 17,920 --a------ C:\WINDOWS\system32\gqd374.exe
2008-03-24 10:26 . 2008-03-24 10:26 6,144 --a------ C:\WINDOWS\system32\gqd888.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 18:02 --------- d-----w C:\Program Files\OfficeUpdate11
2011-02-08 16:28 --------- d-----w C:\Program Files\Fichiers communs\RbtProt
2011-02-08 16:22 --------- d-----w C:\Program Files\Fichiers communs\RoboBAT
2010-03-30 18:40 --------- d-----w C:\Program Files\Symantec
2010-03-30 18:40 --------- d-----w C:\Program Files\Norton SystemWorks
2010-03-30 18:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2010-03-30 18:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Symantec
2010-03-30 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-18 17:40 6,144 ----a-w C:\rvyvhncc.exe
2008-03-17 18:44 69,799 ----a-w C:\toahsxde.exe
2008-03-17 18:44 58,368 ----a-w C:\rdwavag.exe
2008-03-17 18:44 14,848 ----a-w C:\cwwkxwu.exe
2008-03-17 18:43 6,144 ----a-w C:\mmhkj.exe
2008-03-17 18:42 11,776 ----a-w C:\WINDOWS\system32\gqd387.exe
2008-03-17 18:41 58,368 ----a-w C:\WINDOWS\system32\gqd427.exe
2008-03-17 18:40 143,360 ----a-w C:\WINDOWS\system32\gqd406.exe
2008-03-16 16:26 --------- d-----w C:\Program Files\Fichiers communs\AdvancedCleaner
2008-03-16 16:05 58,368 ----a-w C:\caxlkn.exe
2008-03-16 16:04 6,144 ----a-w C:\qhphkf.exe
2008-03-15 17:22 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-15 16:53 54,784 ----a-w C:\Documents and Settings\Emmanuel\win.exe
2007-09-27 17:38 63,688 ----a-w C:\Documents and Settings\Emmanuel\Application Data\GDIPFONTCACHEV1.DAT
2007-08-21 16:53 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-06-17 17:57 192 --sh--r C:\WINDOWS\inf\sdatabl.sav.bin
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_20.34.39.63 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-18 08:43:16 262,144 ----a-w C:\WINDOWS\BCUnInstall.exe
+ 2008-04-17 17:58:58 61,440 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\helpicon.exe
+ 2008-04-17 17:58:58 32,768 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\maintenance_icon.exe
+ 2008-04-17 17:58:58 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
+ 2008-04-17 17:58:58 57,344 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\texticon.exe
- 2008-04-12 18:30:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-19 16:16:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-12 18:30:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-19 16:16:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-19 16:16:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-18 09:22:56 14,440 ----a-w C:\WINDOWS\system32\drivers\bc_hash_f.sys
+ 2008-02-18 09:23:00 26,984 ----a-w C:\WINDOWS\system32\drivers\bc_ip_f.sys
+ 2008-02-18 09:23:28 18,664 ----a-w C:\WINDOWS\system32\drivers\bc_ngn.sys
+ 2008-02-18 09:23:06 14,440 ----a-w C:\WINDOWS\system32\drivers\bc_pat_f.sys
+ 2008-02-18 09:23:10 18,280 ----a-w C:\WINDOWS\system32\drivers\bc_prt_f.sys
+ 2008-02-18 09:23:18 23,016 ----a-w C:\WINDOWS\system32\drivers\bc_tdi_f.sys
+ 2008-02-18 10:43:20 23,528 ----a-w C:\WINDOWS\system32\drivers\bcfilter.sys
+ 2008-02-18 09:23:50 61,416 ----a-w C:\WINDOWS\system32\drivers\bcftdi.sys
- 2001-10-02 16:18:14 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 11:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
- 2003-09-12 13:09:06 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 01:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
- 2003-09-12 13:09:06 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-05 01:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
- 2003-03-19 06:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2003-09-12 13:09:06 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
- 2003-09-12 13:09:06 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 01:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
- 2003-03-18 20:14:52 499,712 ----a-r C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2003-09-12 13:09:06 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-01-05 00:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2006-01-26 18:19:52 73,728 ----a-w C:\WINDOWS\system32\sockspy.dll
- 2001-09-19 16:11:12 28,672 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2006-08-22 14:08:52 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2007-01-31 12:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0969BEFE-F07D-CF3E-7079-00D7F3FB2106}]
2008-04-18 20:22 114688 --a------ C:\WINDOWS\system32\procapisys.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spoolsv"="C:\WINDOWS\System32\spoolvs.exe" [2005-08-28 14:02 9728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer"="C:\WINDOWS\System32\printer.exe" [2005-08-28 11:10 9728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"FzAULgJw7L"= C:\Documents and Settings\All Users\Application Data\itqzkvyd\styhojkj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"NoControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A611CB}"= C:\WINDOWS\system32\kb1111p.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\\WINDOWS\\shell.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AcctMgr"=C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
"DNHelper32"=C:\WINDOWS\System32\DNHlp32.exe
"QD FastAndSafe"=C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /planificateur
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\printer.exe"=
"C:\\WINDOWS\\System32\\spoolvs.exe"=
"C:\\WINDOWS\\shell.exe"=
"%windir%\\system32\\winav.exe"=

R1 bc_hash_f;BC_HASH_Filter;C:\WINDOWS\System32\drivers\bc_hash_f.sys [2008-02-18 11:22]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2003-05-28 19:01]
R2 DK2DRV;DK2 WindowsNT Driver;C:\WINDOWS\System32\Drivers\DK2DRV.SYS [2003-04-11 17:31]
R2 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\System32\Drivers\eusk2par.sys [2003-06-06 14:34]
R2 Jetico Personal Firewall server;Jetico Personal Firewall server;"C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe" [2008-02-18 12:41]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-23 23:00]
R2 SG_Service;SoftGuard Service;C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 11:58]
R3 BcfilterMP;BcfilterMP;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-18 12:43]
S2 PPSCAN;PPSCAN;C:\WINDOWS\System32\drivers\PPSCAN.sys [1998-02-20 14:37]
S3 ATMELFVNETusb(505A_2958)(R);ATMEL FVNETusb(505A_2958)(R) Service for ATMEL USB FastVNET (505A);C:\WINDOWS\System32\DRIVERS\vnet5a8x.sys []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-18 12:43]
S3 gel90xne;gel90xne;C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\gel90xne.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-11 17:00:02 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-18 17:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Emmanuel.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
"2008-04-16 17:00:02 C:\WINDOWS\Tasks\Norton Disk Doctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\ndd32.exe
"2008-03-13 17:00:02 C:\WINDOWS\Tasks\Norton System Doctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\sysdoc32.exe
"2008-04-19 17:00:02 C:\WINDOWS\Tasks\Norton WinDoctor.job"
- C:\PROGRA~1\NORTON~1\NORTON~2\windoc.exe
"2005-08-18 17:12:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:51:39
Windows 5.1.2600 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM32\FTRTSVC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTS~2.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPSVC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\SAVSCAN.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SPEED DISK\NOPDB.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\WLANCFG.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 19:57:05 - machine was rebooted [Emmanuel]
ComboFix-quarantined-files.txt 2008-04-22 17:56:34
Pre-Run: 1,371,561,984 octets libres
Post-Run: 1,504,788,480 octets libres


- - - - - - - - - - - - - - - - - - - - - - - - - -

Logfile of HijackThis v1.99.1
Scan saved at 20:04:00, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\All Users\Application Data\itqzkvyd\styhojkj.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = Selection
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {0969BEFE-F07D-CF3E-7079-00D7F3FB2106} - C:\WINDOWS\system32\procapisys.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - Startup: findfast.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8274098-59F2-42E1-8527-DC25B264E790}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Bonne reception
@+ Mancelot
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 21:04
as tu un parefeu ??? si tu n'en as pas mets en un comme indiqué plus haut

____________

il ne faut garder qu'un seul antivirus, norton ou bitdefender sinon l'ordi va planter!
__________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe


_____________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\All Users\Application Data\itqzkvyd\styhojkj.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________


Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix
________________



scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


_________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr


_________________
si tu a windows legal , mets le a jour: DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE

__________________
recolle un hijackthis et dis tes soucis actuels
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
bonjour

je suis infecté par WinIFixer ;-(

vous avez des tuyaux pour l'éliminer?

merci d'avance

voilà le résultat du scan par SDFix:



Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CTFMONB.BMP - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 13:52:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx1C2.tmp"="C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx1C2.tmp:*:Enabled:enable"
"C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx15.tmp"="C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx15.tmp:*:Enabled:enable"
"C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx10.tmp"="C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx10.tmp:*:Enabled:enable"
"C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx3.tmp"="C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx3.tmp:*:Enabled:enable"
"C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx17.tmp"="C:\\Documents and Settings\\Michel\\Local Settings\\Temp\\dmx17.tmp:*:Enabled:enable"
"C:\\WINDOWS\\sachostx.exe"="C:\\WINDOWS\\sachostx.exe:*:Enabled:enable"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Michel\MESDOC~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 29 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BITB.tmp"
Sun 14 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 29 Nov 2006 20 A..H. --- "C:\Documents and Settings\Michel\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 29 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\Michel\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 29 Nov 2006 1,536 A..H. --- "C:\Documents and Settings\Michel\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Wed 29 Mar 2006 312 ...H. --- "C:\Documents and Settings\Michel\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 mai 2008 à 18:17
slt il faudrait que tu cré ton propre post et on t'aidera

ou essaye ceci http://www.malekal.com/Downloader.Win32.WinFixer.php
0