Probléme avec virtumonde

yova -  
 yova -
Bonjour,
je viens a vous car j'ai un sérieux ennuie avec "virtumonde" qui reviend sans cesse dans mes analyse spybot j'ai pourtant essayé de supprimer la source etc...en vain...
De plus lorsque je lance internet explorer il m'apparait au bout de quelque seconde ou quelque minutes des pages about blank ou des pubs de jeux que je ne connais pas...
S'il vous plait si quelqu'un a la motivation de m'aider je l'en remercie d'avance.

35 réponses

  • 1
  • 2
Réponse 1 / 35
ginga2 Messages postés 187 Statut Membre 6
 
tu as essayer avec avg et ad aware?
0
yova
 
oui rien n'y fait
0
yova
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36, on 2008-05-19
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
C:\Windows\system32\Dwm.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\yova\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\WINDOWS\SYSTEM32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\yova\Desktop\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yova\AppData\Local\Temp\jkkJyYqr.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yova\AppData\Local\Temp\xxyvsqnM.dll,c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\yova\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [f83f4bac] rundll32.exe "C:\Users\yova\AppData\Local\Temp\yywtujsl.dll",b
O4 - HKCU\..\Run: [BMfb0c7830] Rundll32.exe "C:\Users\yova\AppData\Local\Temp\kmsydyyr.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
0
yova
 
merci quand meme..;
0
Réponse 2 / 35
yova
 
ad-ware ne trouve rien
0
Réponse 3 / 35
yova
 
bonjour,je vous redemande votre aide mon probléme n'est toujours pas résolu....
j'ai posté un rapport hijackthis...si ca peut fairegagner du temps...lol
0
Réponse 4 / 35
yova
 
merci d'avance
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
yova
 
je serais de retour vers 10H00...
0
Réponse 6 / 35
yova
 
salut toujours moi...j'ai peut etre résolu mon probléme si ca a marché je posterais ma manip...



ps:bref pour le moment c'est en cours donc si des astuces navigues je suis preuneur.
0
Réponse 7 / 35
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
pour aider:

tu peux utiliser l'utiliataire de windows qui est dans tous les pc a jour et qui trouve en partie virtumone :

DEMARRER puis EXECUTER puis taper mrt puis suivre la procedure


____________

sinon bien plus efficaces fais tout ce qui suis

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_____________


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.



déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
yova
 
salut a toi et merci beaucoup pour ta réponses,désolé du retard de la mienne beaucoup dboulot en ce moment j'essaye ta manip vers 15h00 en rentrant du boulot je te tiendrais informé merci beaucoup...a plus tard...
0
Réponse 8 / 35
yova
 
salut donc impossible poour moi d'utiliser mrt comme tu me l'a dit je vais dans rechercher,je tappe mrt;mrt apparait dans ma recherche mais cela dit lorsque je click dessus rien ne sa passe.(aucune appli. n'est lancé).
tu trouvera donc ci joint mon rapport VGG:
[05/22/2008, 9:03:47] - VirtumundoBeGone v1.5 ( "F:\VirtumundoBeGone.exe" )
[05/22/2008, 9:04:04] - Detected System Information:
[05/22/2008, 9:04:04] - Windows Version: 6.0.6000,
[05/22/2008, 9:04:04] - Current Username: yova (Admin)
[05/22/2008, 9:04:04] - Windows is in NORMAL mode.
[05/22/2008, 9:04:04] - Searching for Browser Helper Objects:
[05/22/2008, 9:04:04] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[05/22/2008, 9:04:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/22/2008, 9:04:04] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[05/22/2008, 9:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 9:04:04] - Checking for HKLM\...\Winlogon\Notify\NppBho
[05/22/2008, 9:04:04] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[05/22/2008, 9:04:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/22/2008, 9:04:04] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/22/2008, 9:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 9:04:04] - No filename found. Continuing.
[05/22/2008, 9:04:04] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/22/2008, 9:04:04] - Finished Searching Browser Helper Objects
[05/22/2008, 9:04:04] - Finishing up...
[05/22/2008, 9:04:04] - Nothing found! Exiting...


merci a toi ....
0
Réponse 9 / 35
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais le reste
0
yova
 
donc j'ai bien fait la suite j' ai obtenue un rapport de combofix:
2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-20 11:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-20 11:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-20 11:28 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-20 11:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-20 11:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-20 11:28 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-20 11:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-20 11:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-20 11:12 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-20 11:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-20 11:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 14:30:05 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 13:24:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-22 14:30:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-22 13:24:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-22 14:30:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 14:31:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 14:31:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 14:31:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 14:31:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 14:21:48 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 14:21:48 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 14:21:48 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 14:21:48 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
+ 2008-05-22 14:32:09 3,440 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
- 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:32:09 56,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:32:08 28,586 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [2008-05-22 08:24 128000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:36:10
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
-> C:\Program Files\Eset\pr_imon.dll
.
Temps d'accomplissement: 2008-05-22 16:40:31
ComboFix-quarantined-files.txt 2008-05-22 14:40:26
ComboFix2.txt 2008-05-22 14:21:24
ComboFix3.txt 2008-05-22 14:13:13

Pre-Run: 67,024,986,112 octets libres
Post-Run: 66,995,875,840 octets libres

293 --- E O F --- 2008-05-20 19:45:44
0
Réponse 10 / 35
yova
 
j'essaye ta manip a plus tard j'espére...si jamais je serais de retour vers 22h00.
0
Réponse 11 / 35
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le rapport est incomplet

bon fais ceci qui donnera un nouveau rapport et colle tout cette fois!

___________



pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

______________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM195896ee"=-




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



________________
0
Réponse 12 / 35
yova
 
ComboFix 08-05-21.2 - yova 2008-05-22 16:10:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1103 [GMT 2:00]
Endroit: C:\Users\yova\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\tuvTnLdb.dll
C:\Windows\system32\x64

----- BITS: Possible sites infectés -----

hxxp://h30155.www3.hp.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 16:08 . 2008-05-22 16:09 <REP> d-------- C:\327882R2FWJFW
2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
2008-05-20 13:06 . 2008-05-20 13:11 49 --a------ C:\Windows\NeroDigital.ini
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-20 11:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-20 11:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-20 11:28 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-20 11:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-20 11:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-20 11:28 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-20 11:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-20 11:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-20 11:12 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-20 11:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-20 11:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:12:38
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-22 16:13:12
ComboFix-quarantined-files.txt 2008-05-22 14:13:09

Pre-Run: 60,046,893,056 octets libres
Post-Run: 60,569,063,424 octets libres

264 --- E O F --- 2008-05-20 19:45:44
0
Réponse 13 / 35
yova
 
donc et ca c'est mon rapport aprés la nouvelle manip. de cbfix:

ComboFix 08-05-21.2 - yova 2008-05-22 23:53:37.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1094 [GMT 2:00]
Endroit: F:\ComboFix.exe
Command switches used :: C:\Users\yova\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


FILE ::
C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 23:51 . 2008-05-22 23:52 <REP> d-------- C:\327882R2FWJFW
2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
2008-05-20 13:06 . 2008-05-22 16:40 69 --a------ C:\Windows\NeroDigital.ini
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-20 11:29 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-20 11:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-20 11:29 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-20 11:29 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-20 11:29 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-20 11:19 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-20 11:19 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-20 11:19 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-20 11:19 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 21:56:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 21:57:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 21:57:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 21:57:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 21:57:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 13:39:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 21:46:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 21:45:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 21:45:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 21:45:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 21:45:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
+ 2008-05-22 20:38:31 3,472 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
- 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 20:38:31 56,162 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 20:38:30 28,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 23:57:45
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 23:59:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 21:59:31
ComboFix2.txt 2008-05-22 14:40:32
ComboFix3.txt 2008-05-22 14:21:24
ComboFix4.txt 2008-05-22 14:13:13

Pre-Run: 66,938,187,776 octets libres
Post-Run: 66,581,209,088 octets libres

313 --- E O F --- 2008-05-20 19:45:44
0
Réponse 14 / 35
yova
 
et donc ca c'est mon rapport en ayant créé cfscript et avoir fait ta manip:
ComboFix 08-05-21.2 - yova 2008-05-22 23:53:37.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1094 [GMT 2:00]
Endroit: F:\ComboFix.exe
Command switches used :: C:\Users\yova\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


FILE ::
C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 23:51 . 2008-05-22 23:52 <REP> d-------- C:\327882R2FWJFW
2008-05-22 08:29 . 2008-05-22 08:29 <REP> d-------- C:\VundoFix Backups
2008-05-21 02:32 . 2008-05-21 02:32 <REP> d-------- C:\Users\yova\AppData\Roaming\vlc
2008-05-20 22:51 . 2008-05-20 22:52 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 21:43 . 2008-05-20 21:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 21:39 . 2008-05-20 21:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 20:59 . 2008-05-20 21:04 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-20 20:58 . 2008-05-20 20:58 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-20 20:58 . 2008-05-20 21:04 <REP> d-------- C:\Program Files\Windows Live
2008-05-20 16:01 . 2008-05-20 16:01 <REP> d-------- C:\Program Files\VideoLAN
2008-05-20 15:30 . 2008-05-20 15:30 <REP> d-------- C:\Users\yova\AppData\Roaming\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\Users\All Users\Nero
2008-05-20 15:25 . 2008-05-20 15:25 <REP> d-------- C:\ProgramData\Nero
2008-05-20 15:25 . 2008-05-20 15:28 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:36 <REP> d-------- C:\ProgramData\Media Center Programs
2008-05-20 14:36 . 2008-05-20 14:54 <REP> d-------- C:\Program Files\GUILD WARS
2008-05-20 14:22 . 2008-05-20 14:22 <REP> d-------- C:\Users\yova\AppData\Roaming\HP
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\WEBREG
2008-05-20 14:19 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\WEBREG
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-20 14:17 . 2008-05-20 14:17 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\yova\AppData\Roaming\HPAppData
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-05-20 14:13 . 2008-05-20 14:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\HP Product Assistant
2008-05-20 14:11 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\HP Product Assistant
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\HP
2008-05-20 14:10 . 2008-05-20 14:10 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-20 14:08 . 2007-05-02 12:03 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-05-20 14:08 . 2007-03-15 15:32 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-05-20 14:07 . 2008-05-20 14:13 <REP> d-------- C:\Program Files\HP
2008-05-20 14:07 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
2008-05-20 14:07 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
2008-05-20 14:07 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-05-20 14:07 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\Users\All Users\HP
2008-05-20 13:58 . 2008-05-20 14:19 <REP> d-------- C:\ProgramData\HP
2008-05-20 13:58 . 2008-05-20 14:19 162,933 --a------ C:\Windows\hpoins21.dat
2008-05-20 13:58 . 2007-09-05 20:26 8,138 --------- C:\Windows\hpomdl21.dat
2008-05-20 13:57 . 2008-05-20 13:57 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-20 13:53 . 2008-05-20 13:53 <REP> d-------- C:\Users\yova\AppData\Roaming\PeerNetworking
2008-05-20 13:48 . 2008-05-20 13:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-05-20 13:48 . 2008-05-20 13:47 298,104 --a------ C:\Windows\System32\imon.dll
2008-05-20 13:48 . 2008-05-20 13:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-05-20 13:47 . 2008-05-20 15:11 <REP> d-------- C:\Program Files\ESET
2008-05-20 13:28 . 2008-05-20 13:28 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-20 13:27 . 2008-05-20 13:27 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-20 13:27 . 2008-05-20 13:27 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-20 13:26 . 2008-05-20 13:26 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-20 13:26 . 2008-05-20 13:26 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-20 13:24 . 2008-05-20 13:24 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-20 13:24 . 2008-05-20 13:24 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-20 13:24 . 2008-05-20 13:24 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-20 13:24 . 2008-05-20 13:24 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-20 13:23 . 2008-05-20 13:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-20 13:23 . 2008-05-20 13:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-20 13:23 . 2008-05-20 13:23 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-20 13:23 . 2008-05-20 13:23 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-20 13:23 . 2008-05-20 13:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-20 13:23 . 2008-05-20 13:23 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-20 13:23 . 2008-05-20 13:23 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-20 13:23 . 2008-05-20 13:23 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-20 13:23 . 2008-05-20 13:23 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-20 13:23 . 2008-05-20 13:23 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-20 13:22 . 2008-05-20 13:22 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-20 13:22 . 2008-05-20 13:22 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-20 13:22 . 2008-05-20 13:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-20 13:22 . 2008-05-20 13:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-20 13:22 . 2008-05-20 13:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-20 13:21 . 2008-05-20 13:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-20 13:20 . 2008-05-20 13:20 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-20 13:18 . 2008-05-20 13:18 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-20 13:18 . 2008-05-20 13:18 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-20 13:18 . 2008-05-20 13:18 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-20 13:18 . 2008-05-20 13:18 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-20 13:18 . 2008-05-20 13:18 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-20 13:17 . 2008-05-20 13:17 <REP> d-------- C:\Program Files\a-squared Free
2008-05-20 13:17 . 2008-05-20 13:17 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-20 13:17 . 2008-05-20 13:17 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-20 13:15 . 2008-05-20 13:15 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-20 13:15 . 2008-05-20 13:15 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-20 13:15 . 2008-05-20 13:15 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-20 13:15 . 2008-05-20 13:15 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-20 13:15 . 2008-05-20 13:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-20 13:14 . 2008-05-20 13:14 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-20 13:14 . 2008-05-20 13:14 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-20 13:14 . 2008-05-20 13:14 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-20 13:14 . 2008-05-20 13:14 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-20 13:14 . 2008-05-20 13:14 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-20 13:14 . 2008-05-20 13:14 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-20 13:14 . 2008-05-20 13:14 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-20 13:10 . 2008-05-20 13:10 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-20 13:09 . 2008-05-20 13:09 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-20 13:08 . 2008-05-20 13:08 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-05-20 13:07 . 2008-05-20 13:07 <REP> d-------- C:\Program Files\VS Revo Group
2008-05-20 13:06 . 2008-05-22 16:40 69 --a------ C:\Windows\NeroDigital.ini
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-22 12:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-20 13:02 . 2008-05-20 13:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\fsc-reg
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\MB application
2008-05-20 12:59 . 2008-05-20 12:59 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-05-20 12:56 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Searches
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Videos
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Saved Games
2008-05-20 12:55 . 2008-05-20 23:37 <REP> dr------- C:\Users\yova\Pictures
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Music
2008-05-20 12:55 . 2008-05-20 13:40 <REP> dr------- C:\Users\yova\Links
2008-05-20 12:55 . 2008-05-20 12:56 <REP> dr------- C:\Users\yova\Downloads
2008-05-20 12:55 . 2008-05-20 22:44 <REP> dr------- C:\Users\yova\Documents
2008-05-20 12:55 . 2008-05-20 21:07 <REP> dr------- C:\Users\yova\Contacts
2008-05-20 12:55 . 2006-11-02 14:37 <REP> d-------- C:\Users\yova\AppData\Roaming\Media Center Programs
2008-05-20 12:55 . 2008-05-20 12:56 <REP> d--h----- C:\Users\yova\AppData
2008-05-20 12:55 . 2008-05-22 12:03 <REP> d-------- C:\Users\yova
2008-05-20 12:48 . 2008-05-20 12:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-20 12:48 . 2008-05-20 12:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-20 12:48 . 2008-05-20 12:48 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-20 12:48 . 2008-05-20 12:48 80,896 --a------ C:\Windows\System32\wudriver.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 22:43 --------- d-----w C:\ProgramData\Symantec
2008-05-20 19:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-20 13:25 --------- d-----w C:\Program Files\Nero
2008-05-20 11:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-20 11:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-20 11:35 --------- d-----w C:\Program Files\Windows Calendar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-20 11:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-20 11:29 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-20 11:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-20 11:29 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-20 11:29 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-20 11:29 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-20 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-20 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-20 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-20 11:28 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-20 11:19 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-20 11:19 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-20 11:19 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-20 11:19 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-20 11:19 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-20 11:19 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-05-20 11:18 --------- d-----w C:\Program Files\Symantec
2008-05-20 11:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-20 11:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-20 11:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-20 11:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-20 11:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-20 11:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-20 11:12 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Modèles
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Favoris
2008-05-20 10:46 --------- d-sh--w C:\ProgramData\Bureau
2008-05-20 10:46 --------- d-sh--w C:\Program Files\Fichiers communs
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.13.02,80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 13:24:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 21:56:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 13:27:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 21:57:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 21:57:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 13:27:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 21:57:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 21:57:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 13:39:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 21:46:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:39:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 21:46:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 14:07:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 21:45:15 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 14:07:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 21:45:15 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-22 14:07:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 21:45:15 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 14:07:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 21:45:15 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-22 13:28:21 3,408 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
+ 2008-05-22 20:38:31 3,472 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223824491-3017302394-2143434073-1000_UserData.bin
- 2008-05-22 13:28:20 55,964 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 20:38:31 56,162 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 13:28:19 28,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 20:38:30 28,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-05-15 10:14 380944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BM195896ee"="C:\Users\yova\AppData\Local\Temp\ngfdctmv.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 14:00 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 00:00 4399104 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"recinfo253"="c:\RecInfo\RecInfo.exe" [2007-06-06 13:33 2768896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 13:47 949376]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AA8E984B-D79E-4399-B0A7-A5D9C450B177}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6B6CC7E-92CC-4BE5-A5D7-BC22886332EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BDEBA399-34ED-40C4-BA66-9179DECF0EB4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{D1DA6A81-68AE-401C-BA4B-B031FED5C7A4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{707194A1-133B-491A-B93F-85CE41C69BB5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42F93850-C5E4-45CC-9A32-D8C58EEEE49A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7B72B7D3-36CB-4CD5-8D40-DBE4B8E28A94}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{304025BD-BEA7-416E-8DC6-FD6DB0D1E645}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{168CD93F-96A4-4D2D-B35A-78CC2A5EBBED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{FFDBBC81-C977-4501-B29C-6001DD727C2F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{14E533DA-F106-4B45-BFDF-1A605E56E264}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CCCFEE9B-7497-41E9-91D8-D9D0906D19B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9B5D0A20-CD6B-4AC0-A9D8-B2161FE4D95F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E6E5780D-F072-44B7-808B-64C3356F08FB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{E25E9FDD-467F-478F-824B-4EF18695947C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0461E22C-AB3B-4D28-8E24-1D29C0C24E3B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{64860478-A547-4243-9846-3E28F1A5FBA8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C6F92A08-9CDB-4483-BE2B-1F269C285A03}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FF00312-F56C-449D-81B0-ECEFC1F8C01B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{53AE0142-F908-4BDB-A3D3-B700817CDBC8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{18B69A04-1B1A-450A-9EB8-C132A19FB812}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{244BB144-0503-4B62-842A-3A6EA0C306E5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{2F68E6B3-682B-4FE7-884A-34F99E37EDFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 23:57:45
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\nod32krn.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 23:59:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 21:59:31
ComboFix2.txt 2008-05-22 14:40:32
ComboFix3.txt 2008-05-22 14:21:24
ComboFix4.txt 2008-05-22 14:13:13

Pre-Run: 66,938,187,776 octets libres
Post-Run: 66,581,209,088 octets libres

313 --- E O F --- 2008-05-20 19:45:44
0
Réponse 15 / 35
yova
 
et le nouveau rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:27, on 23/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo253] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080520
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
0
Réponse 16 / 35
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

analyse ce fichier sur virus total pour voir si infécté: https://www.virustotal.com/gui/

C:\ProgramData\fsc-reg\fscreg.exe

________________

lance ccleaner pour virer les traces de surf .... que tu garderas

https://www.malekal.com/tutoriel-ccleaner/

_____________

installe spywareblaster pour te proteger de vundo/virtumonde que tu avais
il suffit de mettre a jour tous les mois et d'immuniser ton system par la suite:

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

_________________
tu peux virer

virtumondebegone et combofix

___________________

si tu as nod 32 et norton vire un des deux sinon l'ordi va planter




voilà si le fichier analysé sur virus total n'est pas infécté et si tu n'as plus de soucis

c'est finit!!!!
0
yova
 
vraiment je te remercie depuis ces manip je n'ai aparament plus de soucis avec virtumonde je vais suivre la suite des manips que tu m'a donné et je te tiens au courant....
0
Réponse 17 / 35
yova
 
Fichier fscreg.exe reçu le 2008.05.23 15:53:11 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 2/32 (6.25%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.23 -
Authentium 5.1.0.4 2008.05.22 -
Avast 4.8.1195.0 2008.05.23 -
AVG 7.5.0.516 2008.05.23 -
BitDefender 7.2 2008.05.23 -
CAT-QuickHeal 9.50 2008.05.23 -
ClamAV 0.92.1 2008.05.23 -
DrWeb 4.44.0.09170 2008.05.23 -
eSafe 7.0.15.0 2008.05.22 suspicious Trojan/Worm
eTrust-Vet 31.4.5815 2008.05.23 -
Ewido 4.0 2008.05.23 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.23 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.23 -
Kaspersky 7.0.0.125 2008.05.23 -
McAfee 5301 2008.05.22 -
Microsoft 1.3520 2008.05.23 -
NOD32v2 3126 2008.05.23 -
Norman 5.80.02 2008.05.22 -
Panda 9.0.0.4 2008.05.23 Suspicious file
Prevx1 V2 2008.05.23 -
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.23 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.23 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.23 -
VirusBuster 4.3.26:9 2008.05.23 -
Webwasher-Gateway 6.6.2 2008.05.23 -
Information additionnelle
File size: 380944 bytes
MD5...: 83100c86c86f43b9b2e2b2b541215647
SHA1..: 74bddb387106fe6da2e4b5dd5ed948972b184d4f
SHA256: 405817a8149fad9fc1cee685782f976c042de8f05ecd45dc51a4ede778199f57
SHA512: ecb48742baccec8fe16e43cea73d98d7a090539df8c9ce031c583059d7c7e1c2
2e2eab1516d76ab49c700f9756468602486b4034904a7fee280f138d271d25d5
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x46ad40
timedatestamp.....: 0x4648397f (Mon May 14 10:27:11 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x11000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x12000 0x5a000 0x59a00 8.00 a7edd0ffa2aeebb0a9b896538b04c1ed
.rsrc 0x6c000 0x2000 0x1e00 4.18 bc89fbc6b43f00be6047d2e6ff3eb89e

( 11 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> CRTDLL.dll: atoi
> IMAGEHLP.dll: MakeSureDirectoryPathExists
> MSHTML.dll: ShowHTMLDialog
> ole32.dll: CoTaskMemFree
> SHELL32.DLL: ShellExecuteExA
> SHLWAPI.dll: -
> urlmon.dll: CreateURLMoniker
> USER32.dll: EnumWindows
> WININET.dll: InternetCheckConnectionA

( 0 exports )

packers (F-Prot): UPX_LZMA
packers (Kaspersky): UPX


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
0
Réponse 18 / 35
yova
 
voila donc ca c'est le rapportde virus total apparemment 2 suspest
0
Virtumonde-Killer
 
télécharge ça : http://www.vosfichiers.com/1530331

-Execute le
- appuie sur y pour accepter le reglement
- laisse le scanner et supprimer
- et dès que c' est marquer "restart your computer" redemarre et ENJOY
0
yova > Virtumonde-Killer
 
c'est tjrs toi jlpjlp???
sinon c'est pour quoi ca???
0
Virtumonde-Killer > yova
 
Non c' est pas lui le fichier c' est pour supprimer definitif virtumonde
0
Réponse 19 / 35
yova
 
juste une question désolé dois je désinstaller spybot avant d'installer spyware blaster??


excuse....
0
Réponse 20 / 35
yova
 
et lorsque je suis sur virus total j'appuis sur formater ou je dois-je trouver un moyen de les enlever?
0

Discussions similaires

Virtumonde.dll/.sci virus ?
core_quad -
scaravenger -

4 réponses