Probléme avec virtumonde

yova -  
 yova -
Bonjour,
je viens a vous car j'ai un sérieux ennuie avec "virtumonde" qui reviend sans cesse dans mes analyse spybot j'ai pourtant essayé de supprimer la source etc...en vain...
De plus lorsque je lance internet explorer il m'apparait au bout de quelque seconde ou quelque minutes des pages about blank ou des pubs de jeux que je ne connais pas...
S'il vous plait si quelqu'un a la motivation de m'aider je l'en remercie d'avance.
Configuration: Windows Vista
Internet Explorer 7.0

35 réponses

  • 1
  • 2
Résumé de la discussion

Un logiciel malveillant détecté lors d’analyses, nommé Virtumonde, réapparaît sur le système et provoque des redirections dans Internet Explorer vers des pages blanches ou des pubs inattendues. Les interventions préconisées consistent à relancer HijackThis en mode scan uniquement, puis supprimer les entrées suspectes, et à envisager un redémarrage en mode sans échec ou avec Unlocker pour supprimer des fichiers bloqués. Des outils comme ComboFix et l’analyse des rapports VirusTotal sont évoqués pour nettoyer les traces, créer un point de restauration et identifier des éléments résistants, notamment des DLL temporaires. En cas de doutes persistants, certains évoquent la nécessité de vérifier les programmes installés et les composants Windows Live ou HP pour éviter des récidives.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ginga2 Messages postés 187 Statut Membre 6
     
    tu as essayer avec avg et ad aware?
    0
    1. yova
       
      oui rien n'y fait
      0
    2. yova
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:36, on 2008-05-19
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\SYSTEM32\taskeng.exe
      C:\WINDOWS\SYSTEM32\taskeng.exe
      C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Users\yova\Program Files\DNA\btdna.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\ESET\nod32kui.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Windows\explorer.exe
      C:\WINDOWS\SYSTEM32\Taskmgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Users\yova\Desktop\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yova\AppData\Local\Temp\jkkJyYqr.dll,#1
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yova\AppData\Local\Temp\xxyvsqnM.dll,c
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\yova\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [f83f4bac] rundll32.exe "C:\Users\yova\AppData\Local\Temp\yywtujsl.dll",b
      O4 - HKCU\..\Run: [BMfb0c7830] Rundll32.exe "C:\Users\yova\AppData\Local\Temp\kmsydyyr.dll",s
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
      0
    3. yova
       
      merci quand meme..;
      0
  2. yova
     
    bonjour,je vous redemande votre aide mon probléme n'est toujours pas résolu....
    j'ai posté un rapport hijackthis...si ca peut fairegagner du temps...lol
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. yova
     
    salut toujours moi...j'ai peut etre résolu mon probléme si ca a marché je posterais ma manip...

    ps:bref pour le moment c'est en cours donc si des astuces navigues je suis preuneur.
    0
  5. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    pour aider:

    tu peux utiliser l'utiliataire de windows qui est dans tous les pc a jour et qui trouve en partie virtumone :

    DEMARRER puis EXECUTER puis taper mrt puis suivre la procedure

    ____________

    sinon bien plus efficaces fais tout ce qui suis

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _____________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. yova
       
      salut a toi et merci beaucoup pour ta réponses,désolé du retard de la mienne beaucoup dboulot en ce moment j'essaye ta manip vers 15h00 en rentrant du boulot je te tiendrais informé merci beaucoup...a plus tard...
      0
  6. yova
     
    salut donc impossible poour moi d'utiliser mrt comme tu me l'a dit je vais dans rechercher,je tappe mrt;mrt apparait dans ma recherche mais cela dit lorsque je click dessus rien ne sa passe.(aucune appli. n'est lancé).
    tu trouvera donc ci joint mon rapport VGG:
    [05/22/2008, 9:03:47] - VirtumundoBeGone v1.5 ( "F:\VirtumundoBeGone.exe" )
    [05/22/2008, 9:04:04] - Detected System Information:
    [05/22/2008, 9:04:04] - Windows Version: 6.0.6000,
    [05/22/2008, 9:04:04] - Current Username: yova (Admin)
    [05/22/2008, 9:04:04] - Windows is in NORMAL mode.
    [05/22/2008, 9:04:04] - Searching for Browser Helper Objects:
    [05/22/2008, 9:04:04] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
    [05/22/2008, 9:04:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/22/2008, 9:04:04] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
    [05/22/2008, 9:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/22/2008, 9:04:04] - Checking for HKLM\...\Winlogon\Notify\NppBho
    [05/22/2008, 9:04:04] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
    [05/22/2008, 9:04:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [05/22/2008, 9:04:04] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/22/2008, 9:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/22/2008, 9:04:04] - No filename found. Continuing.
    [05/22/2008, 9:04:04] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [05/22/2008, 9:04:04] - Finished Searching Browser Helper Objects
    [05/22/2008, 9:04:04] - Finishing up...
    [05/22/2008, 9:04:04] - Nothing found! Exiting...

    merci a toi ....
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais le reste
    0
    1. yova
       
      donc j'ai bien fait la suite j' ai obtenue un rapport de combofix:
      2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
      2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
      2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
      2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
      2008-05-20 11:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-05-20 11:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-05-20 11:28 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-05-20 11:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-05-20 11:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-05-20 11:28 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-05-20 11:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
      2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
      2008-05-20 11:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
      2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
      2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
      2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-05-20 11:12 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-05-20 11:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-05-20 11:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
      2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
      2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
      2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
      2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
      .

      ------- Sigcheck -------

      .
      ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-05-22 14:30:05 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-05-22 13:24:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2008-05-22 14:30:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2008-05-22 13:24:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2008-05-22 14:30:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-05-22 14:31:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-05-22 14:31:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-05-22 14:31:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-05-22 14:31:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-05-22 14:21:48 103,924 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-05-22 14:21:48 117,572 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-05-22 14:21:48 610,142 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-05-22 14:21:48 690,832 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
      + 2008-05-22 14:32:09 3,440 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
      - 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-05-22 14:32:09 56,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-05-22 14:32:08 28,586 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
      "recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
      "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
      "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
      "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [2008-05-22 08:24 128000]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
      "{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
      "{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
      "{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
      "{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
      "{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
      "{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
      "{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
      "{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
      "{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
      "{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
      "{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
      "{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
      "{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
      "{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
      "{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
      "{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
      "{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
      "{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
      "{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
      "{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
      R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
      R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      *Newly Created Service* - COMHOST
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-22 16:36:10
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs a chargé sous des processus courants ---------------------

      PROCESS: C:\Windows\Explorer.exe
      -> C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
      -> C:\Program Files\Eset\pr_imon.dll
      .
      Temps d'accomplissement: 2008-05-22 16:40:31
      ComboFix-quarantined-files.txt 2008-05-22 14:40:26
      ComboFix2.txt 2008-05-22 14:21:24
      ComboFix3.txt 2008-05-22 14:13:13

      Pre-Run: 67,024,986,112 octets libres
      Post-Run: 66,995,875,840 octets libres

      293 --- E O F --- 2008-05-20 19:45:44
      0
  8. yova
     
    j'essaye ta manip a plus tard j'espére...si jamais je serais de retour vers 22h00.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport est incomplet

    bon fais ceci qui donnera un nouveau rapport et colle tout cette fois!

    ___________

    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    ______________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BM195896ee"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ________________
    0
  10. yova
     
    ComboFix 08-05-21.2 - yova 2008-05-22 16:10:22.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1103 [GMT 2:00]
    Endroit: C:\Users\yova\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\Windows\system32\AutoRun.inf
    C:\Windows\system32\tuvTnLdb.dll
    C:\Windows\system32\x64

    ----- BITS: Possible sites infectés -----

    hxxp://h30155.www3.hp.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 16:08 . 2008-05-22 16:09 <REP> d-------- C:\327882R2FWJFW
    2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
    2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
    2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
    2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
    2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
    2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
    2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
    2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
    2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
    2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
    2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
    2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
    2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
    2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
    2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
    2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
    2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
    2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
    2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
    2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
    2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
    2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
    2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
    2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
    2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
    2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
    2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
    2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
    2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
    2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
    2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
    2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
    2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
    2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
    2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
    2008-05-20 13:06 . 2008-05-20 13:11 49 --a------ C:\Windows\NeroDigital.ini
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
    2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
    2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
    2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
    2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
    2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
    2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
    2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
    2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
    2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
    2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
    2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
    2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
    2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
    2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
    2008-05-20 11:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-05-20 11:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-05-20 11:28 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-05-20 11:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-05-20 11:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-05-20 11:28 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-05-20 11:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-05-20 11:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
    2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-05-20 11:12 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-05-20 11:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-05-20 11:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 16:12:38
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 16:13:12
    ComboFix-quarantined-files.txt 2008-05-22 14:13:09

    Pre-Run: 60,046,893,056 octets libres
    Post-Run: 60,569,063,424 octets libres

    264 --- E O F --- 2008-05-20 19:45:44
    0
  11. yova
     
    donc et ca c'est mon rapport aprés la nouvelle manip. de cbfix:

    ComboFix 08-05-21.2 - yova 2008-05-22 23:53:37.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1094 [GMT 2:00]
    Endroit: F:\ComboFix.exe
    Command switches used :: C:\Users\yova\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active

    FILE ::
    C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 23:51 . 2008-05-22 23:52 <REP> d-------- C:\327882R2FWJFW
    2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
    2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
    2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
    2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
    2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
    2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
    2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
    2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
    2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
    2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
    2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
    2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
    2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
    2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
    2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
    2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
    2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
    2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
    2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
    2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
    2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
    2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
    2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
    2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
    2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
    2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
    2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
    2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
    2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
    2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
    2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
    2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
    2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
    2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
    2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
    2008-05-20 13:06 . 2008-05-22 16:40 69 --a------ C:\Windows\NeroDigital.ini
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
    2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
    2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
    2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
    2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
    2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
    2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
    2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
    2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
    2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
    2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
    2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
    2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
    2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
    2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
    2008-05-20 11:29 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2008-05-20 11:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2008-05-20 11:29 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2008-05-20 11:29 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2008-05-20 11:29 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-05-20 11:19 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-05-20 11:19 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-05-20 11:19 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-05-20 11:19 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
    2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
    2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-22 21:56:32 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-22 21:57:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-22 21:57:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-22 21:57:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-22 21:57:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-22 13:39:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-22 21:46:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-22 21:45:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-22 21:45:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-22 21:45:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-22 21:45:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
    + 2008-05-22 20:38:31 3,472 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
    - 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 20:38:31 56,162 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 20:38:30 28,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 23:57:45
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\ESET\nod32krn.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\igfxsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 23:59:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-22 21:59:31
    ComboFix2.txt 2008-05-22 14:40:32
    ComboFix3.txt 2008-05-22 14:21:24
    ComboFix4.txt 2008-05-22 14:13:13

    Pre-Run: 66,938,187,776 octets libres
    Post-Run: 66,581,209,088 octets libres

    313 --- E O F --- 2008-05-20 19:45:44
    0
  12. yova
     
    et donc ca c'est mon rapport en ayant créé cfscript et avoir fait ta manip:
    ComboFix 08-05-21.2 - yova 2008-05-22 23:53:37.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1094 [GMT 2:00]
    Endroit: F:\ComboFix.exe
    Command switches used :: C:\Users\yova\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active

    FILE ::
    C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 23:51 . 2008-05-22 23:52 <REP> d-------- C:\327882R2FWJFW
    2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
    2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
    2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
    2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
    2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
    2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
    2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
    2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
    2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
    2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
    2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
    2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
    2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
    2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
    2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
    2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
    2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
    2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
    2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
    2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
    2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
    2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
    2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
    2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
    2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
    2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
    2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
    2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
    2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
    2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
    2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
    2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
    2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
    2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
    2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
    2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
    2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
    2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
    2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
    2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
    2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
    2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
    2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
    2008-05-20 13:06 . 2008-05-22 16:40 69 --a------ C:\Windows\NeroDigital.ini
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
    2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
    2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
    2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
    2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
    2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
    2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
    2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
    2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
    2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
    2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
    2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
    2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
    2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
    2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
    2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
    2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
    2008-05-20 11:29 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2008-05-20 11:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2008-05-20 11:29 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2008-05-20 11:29 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2008-05-20 11:29 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-05-20 11:19 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-05-20 11:19 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-05-20 11:19 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-05-20 11:19 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
    2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
    2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-22 21:56:32 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-22 21:57:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-22 21:57:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-22 21:57:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-22 21:57:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-22 13:39:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-22 21:46:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-22 21:45:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-22 21:45:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-22 21:45:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-22 21:45:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
    + 2008-05-22 20:38:31 3,472 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
    - 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 20:38:31 56,162 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 20:38:30 28,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 23:57:45
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\ESET\nod32krn.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\igfxsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 23:59:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-22 21:59:31
    ComboFix2.txt 2008-05-22 14:40:32
    ComboFix3.txt 2008-05-22 14:21:24
    ComboFix4.txt 2008-05-22 14:13:13

    Pre-Run: 66,938,187,776 octets libres
    Post-Run: 66,581,209,088 octets libres

    313 --- E O F --- 2008-05-20 19:45:44
    0
  13. yova
     
    et le nouveau rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:02:27, on 23/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [recinfo253] c:\RecInfo\RecInfo.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080520
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    analyse ce fichier sur virus total pour voir si infécté: https://www.virustotal.com/gui/

    C:\ProgramData\fsc-reg\fscreg.exe

    ________________

    lance ccleaner pour virer les traces de surf .... que tu garderas

    https://www.malekal.com/tutoriel-ccleaner/

    _____________

    installe spywareblaster pour te proteger de vundo/virtumonde que tu avais
    il suffit de mettre a jour tous les mois et d'immuniser ton system par la suite:

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

    _________________
    tu peux virer

    virtumondebegone et combofix

    ___________________

    si tu as nod 32 et norton vire un des deux sinon l'ordi va planter

    voilà si le fichier analysé sur virus total n'est pas infécté et si tu n'as plus de soucis

    c'est finit!!!!
    0
    1. yova
       
      vraiment je te remercie depuis ces manip je n'ai aparament plus de soucis avec virtumonde je vais suivre la suite des manips que tu m'a donné et je te tiens au courant....
      0
  15. yova
     
    Fichier fscreg.exe reçu le 2008.05.23 15:53:11 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 2/32 (6.25%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: ___.
    L'heure estimée de démarrage est entre ___ et ___ .
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.22.1 2008.05.23 -
    AntiVir 7.8.0.19 2008.05.23 -
    Authentium 5.1.0.4 2008.05.22 -
    Avast 4.8.1195.0 2008.05.23 -
    AVG 7.5.0.516 2008.05.23 -
    BitDefender 7.2 2008.05.23 -
    CAT-QuickHeal 9.50 2008.05.23 -
    ClamAV 0.92.1 2008.05.23 -
    DrWeb 4.44.0.09170 2008.05.23 -
    eSafe 7.0.15.0 2008.05.22 suspicious Trojan/Worm
    eTrust-Vet 31.4.5815 2008.05.23 -
    Ewido 4.0 2008.05.23 -
    F-Prot 4.4.4.56 2008.05.23 -
    F-Secure 6.70.13260.0 2008.05.23 -
    Fortinet 3.14.0.0 2008.05.23 -
    GData 2.0.7306.1023 2008.05.23 -
    Ikarus T3.1.1.26.0 2008.05.23 -
    Kaspersky 7.0.0.125 2008.05.23 -
    McAfee 5301 2008.05.22 -
    Microsoft 1.3520 2008.05.23 -
    NOD32v2 3126 2008.05.23 -
    Norman 5.80.02 2008.05.22 -
    Panda 9.0.0.4 2008.05.23 Suspicious file
    Prevx1 V2 2008.05.23 -
    Rising 20.45.42.00 2008.05.23 -
    Sophos 4.29.0 2008.05.23 -
    Sunbelt 3.0.1123.1 2008.05.17 -
    Symantec 10 2008.05.23 -
    TheHacker 6.2.92.318 2008.05.23 -
    VBA32 3.12.6.6 2008.05.23 -
    VirusBuster 4.3.26:9 2008.05.23 -
    Webwasher-Gateway 6.6.2 2008.05.23 -
    Information additionnelle
    File size: 380944 bytes
    MD5...: 83100c86c86f43b9b2e2b2b541215647
    SHA1..: 74bddb387106fe6da2e4b5dd5ed948972b184d4f
    SHA256: 405817a8149fad9fc1cee685782f976c042de8f05ecd45dc51a4ede778199f57
    SHA512: ecb48742baccec8fe16e43cea73d98d7a090539df8c9ce031c583059d7c7e1c2
    2e2eab1516d76ab49c700f9756468602486b4034904a7fee280f138d271d25d5
    PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x46ad40
    timedatestamp.....: 0x4648397f (Mon May 14 10:27:11 2007)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x11000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0x12000 0x5a000 0x59a00 8.00 a7edd0ffa2aeebb0a9b896538b04c1ed
    .rsrc 0x6c000 0x2000 0x1e00 4.18 bc89fbc6b43f00be6047d2e6ff3eb89e

    ( 11 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
    > ADVAPI32.dll: RegCloseKey
    > CRTDLL.dll: atoi
    > IMAGEHLP.dll: MakeSureDirectoryPathExists
    > MSHTML.dll: ShowHTMLDialog
    > ole32.dll: CoTaskMemFree
    > SHELL32.DLL: ShellExecuteExA
    > SHLWAPI.dll: -
    > urlmon.dll: CreateURLMoniker
    > USER32.dll: EnumWindows
    > WININET.dll: InternetCheckConnectionA

    ( 0 exports )

    packers (F-Prot): UPX_LZMA
    packers (Kaspersky): UPX

    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
    0
  16. yova
     
    voila donc ca c'est le rapportde virus total apparemment 2 suspest
    0
    1. Virtumonde-Killer
       
      télécharge ça : http://www.vosfichiers.com/1530331

      -Execute le
      - appuie sur y pour accepter le reglement
      - laisse le scanner et supprimer
      - et dès que c' est marquer "restart your computer" redemarre et ENJOY
      0
      1. yova > Virtumonde-Killer
         
        c'est tjrs toi jlpjlp???
        sinon c'est pour quoi ca???
        0
      2. Virtumonde-Killer > yova
         
        Non c' est pas lui le fichier c' est pour supprimer definitif virtumonde
        0
  17. yova
     
    juste une question désolé dois je désinstaller spybot avant d'installer spyware blaster??

    excuse....
    0
  18. yova
     
    et lorsque je suis sur virus total j'appuis sur formater ou je dois-je trouver un moyen de les enlever?
    0
  • 1
  • 2