Impossible de supprimer virtumonde !

Résolu

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention -
DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention - 30 mai 2008 à 02:46

Bonjour,

Je 'n'arrive pas à supprimer Virtumonde de mon ordinateur.
J'ai essayé vundoFix et fixVundo ainsi que VirtumundoBeGone, mais ils ne détectent pas !

Il n'y a que SpyBot qui arrive à le trouver et le supprimer (reboot safe mode), mais à caque redémarrage, Virtumonde est toujours là...

Comment faire ?

Je poste aussi un log de hijackthis.

Merci pour votre aide !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:47, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS2\system32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\WINDOWS2\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS2\system32\rundll32.exe
C:\WINDOWS2\system32\rundll32.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\rundll32.exe
C:\WINDOWS2\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\téléchargements\Anti-virus et autres\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {95D07C2C-CD06-4DDE-8128-5FBA2BBCB418} - C:\WINDOWS2\system32\geBqpopP.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {FF55CDD2-A3D2-45C7-9212-55511B80FC64} - C:\WINDOWS2\system32\hgGaApOi.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [BM0b9527f0] Rundll32.exe "C:\WINDOWS2\system32\fmobrjug.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA2978] command /c del "C:\WINDOWS2\system32\hgGaApOi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2736] cmd /c del "C:\WINDOWS2\system32\hgGaApOi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7056] cmd /c del "C:\WINDOWS2\system32\ddcBUMeb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3095] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3710] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4037] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2887] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Afficher la suite

A voir également:

Impossible de supprimer virtumonde !
Supprimer rond bleu whatsapp - Guide
Impossible de supprimer une page word - Guide
Impossible de supprimer un fichier - Guide
Supprimer pub youtube - Accueil - Streaming
Supprimer compte instagram - Guide

20 réponses

Réponse 1 / 20

Utilisateur anonyme

bonjour fait ceci et poste moi les rapports generés

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" n'est pas coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

ensuite

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Merci

Je suis en train de procéder au nettoyage !

Bientôt de bonnes nouvelles j'espère...

à+
$

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour M.L king

Voilà le rapport de comboFix :

ComboFix 08-05-20.5 - Mikael Mohamad 2008-05-21 11:17:15.1 - NTFSx86
Endroit: C:\Documents and Settings\Mikael Mohamad\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\Fichiers communs\{08A61~1
C:\Program Files\Fichiers communs\{38A61~1
C:\Program Files\Fichiers communs\{38A61~1\toolbardll.lzma
C:\Program Files\kkvy\ccnq.dll
C:\Program Files\kkvy\qqbe.dll
C:\reg.reg
C:\WINDOWS2\BM0b9527f0.xml
C:\WINDOWS2\pskt.ini
C:\WINDOWS2\system32\aajdyqnj.dll
C:\WINDOWS2\system32\beMUBcdd.ini
C:\WINDOWS2\system32\beMUBcdd.ini2
C:\WINDOWS2\system32\bjxdudvr.dll
C:\WINDOWS2\system32\components
C:\WINDOWS2\system32\dlafsfve.ini
C:\WINDOWS2\system32\hbngltgm.dll
C:\WINDOWS2\system32\imijapbq.ini
C:\WINDOWS2\system32\iOpAaGgh.ini
C:\WINDOWS2\system32\iOpAaGgh.ini2
C:\WINDOWS2\system32\ipjsrbkl.dll
C:\WINDOWS2\system32\kjllm.bak1
C:\WINDOWS2\system32\kjllm.bak2
C:\WINDOWS2\system32\kjllm.ini
C:\WINDOWS2\system32\kjllm.ini2
C:\WINDOWS2\system32\kjllm.tmp
C:\WINDOWS2\system32\lklgqdwc.dll
C:\WINDOWS2\system32\mcrh.tmp
C:\WINDOWS2\system32\MSINET.oca
C:\WINDOWS2\system32\OUCbdccf.ini
C:\WINDOWS2\system32\OUCbdccf.ini2
C:\WINDOWS2\system32\pouxewsm.exe
C:\WINDOWS2\system32\pXGNmUtv.ini
C:\WINDOWS2\system32\pXGNmUtv.ini2
C:\WINDOWS2\system32\qcxrpulo.dll
C:\WINDOWS2\system32\system\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PPAD
-------\Service_ppad

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 19:25 . 2008-05-20 19:25 <REP> d-------- C:\Documents and Settings\Mikael Mohamad\Application Data\Malwarebytes
2008-05-20 19:24 . 2008-05-20 19:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 19:24 . 2008-05-20 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 19:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS2\system32\drivers\mbamcatchme.sys
2008-05-20 19:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS2\system32\drivers\mbam.sys
2008-05-20 12:16 . 2008-05-20 12:16 135,168 --a------ C:\WINDOWS2\system32\fryqeqxy.dll
2008-05-20 12:14 . 2008-05-20 12:14 126,976 --a------ C:\WINDOWS2\system32\fmobrjug.dll
2008-05-19 09:53 . 2008-05-19 12:42 <REP> d-------- C:\WINDOWS2\ERUNT
2008-05-19 09:50 . 2008-05-19 14:05 <REP> d-------- C:\SDFix
2008-05-18 21:23 . 2008-05-18 23:14 <REP> d-------- C:\Program Files\BHODemon 2
2008-05-18 16:10 . 2008-05-18 14:16 186,880 --a------ C:\LSPFix.exe
2008-05-17 18:00 . 2008-05-17 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-17 17:54 . 2008-05-17 17:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-16 16:30 . 2008-05-21 11:26 2,422 --a------ C:\WINDOWS2\system32\wpa.dbl
2008-05-16 13:11 . 2008-05-16 13:10 96,978 --a------ C:\VirtumundoBeGone.exe
2008-05-15 21:05 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS2\system32\d3dx9_33.dll
2008-05-15 21:05 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS2\system32\D3DCompiler_33.dll
2008-05-15 21:05 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS2\system32\d3dx10_33.dll
2008-05-15 21:05 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS2\system32\xactengine2_7.dll
2008-05-15 21:05 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS2\system32\xactengine2_6.dll
2008-05-15 17:49 . 2008-05-15 17:51 <REP> d-------- C:\Program Files\PDFCreator
2008-05-15 17:49 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS2\system32\pdfcmnnt.dll
2008-05-15 17:49 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS2\system32\MSMAPI32.OCX
2008-05-15 17:49 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS2\system32\MSMPIDE.DLL
2008-05-14 23:05 . 2008-05-14 23:05 230 --a------ C:\config.xml
2008-05-14 21:54 . 2008-05-14 21:54 <REP> d-------- C:\Program Files\Microsoft Research
2008-05-14 11:47 . 2008-05-14 11:47 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-14 11:41 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS2\system32\HPZidr12.dll
2008-05-14 11:41 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS2\system32\HPZipr12.dll
2008-05-14 11:41 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS2\system32\HPZipt12.dll
2008-05-14 11:41 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS2\system32\HPZipm12.exe
2008-05-14 11:41 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS2\system32\HPZinw12.exe
2008-05-14 11:41 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS2\system32\HPZisn12.dll
2008-05-14 11:39 . 2008-05-14 11:41 <REP> d-------- C:\Program Files\HP
2008-05-14 11:33 . 2008-05-14 11:48 102,877 --a------ C:\WINDOWS2\hpoins05.dat
2008-05-14 11:33 . 2005-06-22 08:27 17,505 --------- C:\WINDOWS2\hpomdl07.dat
2008-05-14 11:32 . 2008-05-15 14:55 <REP> d-------- C:\Temp\HP_WebRelease
2008-04-26 18:36 . 2008-05-16 15:53 <REP> d-------- C:\Program Files\WebGraphics Optimizer 4.2
2008-04-26 18:36 . 1998-06-23 23:00 164,144 --a------ C:\WINDOWS2\system32\Comct232.ocx
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Program Files\River Past
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Program Files\Fichiers communs\River Past
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Documents and Settings\Mikael Mohamad\Application Data\River Past G5
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-04-23 15:25 . 2008-04-23 15:25 166,598 --a------ C:\WINDOWS2\Video Perspective Uninstaller.exe
2008-04-23 12:38 . 2008-04-23 12:40 <REP> d-------- C:\Program Files\Konvertor
2008-04-23 10:11 . 2008-04-23 10:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\sysprs7.tgz
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\sysprs7.dll
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\clauth2.dll
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\clauth1.dll
2008-04-23 10:11 . 2008-04-23 10:11 220 --a------ C:\WINDOWS2\system32\lsprst7.tgz
2008-04-23 10:11 . 2008-04-23 10:11 206 --a------ C:\WINDOWS2\system32\lsprst7.dll
2008-04-23 10:11 . 2008-04-23 10:11 88 --a------ C:\WINDOWS2\system32\ssprs.tgz
2008-04-23 10:11 . 2008-04-23 10:11 74 --a------ C:\WINDOWS2\system32\ssprs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 09:21 --------- d-----w C:\Program Files\kkvy
2008-05-21 09:12 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Skype
2008-05-21 08:51 --------- d-----w C:\Program Files\SP2 Connection Patcher
2008-05-21 08:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-20 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-20 17:56 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-20 10:13 38,532 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\wklnhst.dat
2008-05-19 10:34 --------- d-----w C:\Program Files\CCleaner
2008-05-19 07:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 15:59 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-05-17 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:39 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-05-15 21:32 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\OpenOffice.org2
2008-05-13 13:43 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\EssentialPIM
2008-04-23 12:31 --------- d-----w C:\Program Files\VirtualDub-MPEG2
2008-04-20 17:53 --------- d-----w C:\Program Files\Google
2008-04-19 16:20 --------- d-----w C:\Program Files\u-he
2008-04-19 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
2008-04-19 16:19 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2008-04-19 16:19 --------- d-----w C:\Program Files\Celemony
2008-04-13 09:41 --------- d-----w C:\Program Files\Converio 2.0
2008-04-13 09:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-12 21:59 --------- d-----w C:\Program Files\AC3Filter
2008-04-10 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 16:53 --------- d-----w C:\Program Files\VirtualDub-1.7.8
2008-04-09 15:52 --------- d-----w C:\Program Files\Audivimédia
2008-04-09 13:52 --------- d-----w C:\Program Files\Tale of Tales
2008-04-08 22:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-08 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-04-08 21:09 --------- d-----w C:\Program Files\Opera
2008-04-08 09:16 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Sony Corporation
2008-04-08 09:06 --------- d-----w C:\Program Files\Sonic
2008-04-08 08:53 --------- d-----w C:\Program Files\Sony
2008-04-08 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-04-08 08:50 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\InstallShield
2008-04-07 11:40 --------- d-----w C:\Program Files\Mapedit
2008-04-07 11:40 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\BoutellDotCom
2008-04-03 11:37 48,456 ----a-w C:\WINDOWS2\system32\UninstallElectricSheep.exe
2008-04-02 14:15 --------- d-----w C:\Program Files\Macromedia
2008-04-02 09:57 --------- d-----w C:\Program Files\Nvu
2008-04-02 09:57 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Nvu
2008-04-01 14:56 --------- d-----w C:\Program Files\IDAutomation.com Code 39 Free Font
2008-04-01 14:56 --------- d-----w C:\Program Files\ICONStudio
2008-04-01 14:56 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-01 14:56 --------- d-----w C:\Program Files\e-Carte Bleue La Banque Postale
2008-04-01 09:38 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Thinstall
2008-04-01 06:09 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Apple Computer
2008-03-31 20:59 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\gtk-2.0
2008-03-28 15:48 --------- d-----w C:\Program Files\Safari
2008-03-28 15:46 --------- d-----w C:\Program Files\iTunes
2008-03-28 15:46 --------- d-----w C:\Program Files\iPod
2008-03-27 22:35 --------- d-----w C:\Program Files\Intel Desktop Board
2008-03-27 21:52 --------- d-----w C:\Program Files\Lavalys
2008-03-27 20:55 --------- d-----w C:\Program Files\LaCie
2008-03-27 20:19 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\LaCie
2008-03-20 18:09 691,545 ----a-w C:\WINDOWS2\unins000.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS2\system32\win32k.sys
2008-02-20 10:33 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol
2008-02-20 10:33 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol
2007-07-03 17:26 156,464 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 14:52 247,922 ----a-w C:\Program Files\kuler.swf
2006-12-02 16:07 81,920 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\ezpinst.exe
2006-12-02 16:07 47,360 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\pcouffin.sys
2005-11-11 18:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-10-05 20:52 1,690 ----a-w C:\Program Files\Cult3D Acrobat Plug-in.log
2005-08-11 20:14 6 ----a-w C:\Program Files\sonysoundforge8serial.txt
2005-07-31 21:35 33 ----a-w C:\Program Files\code Works.txt
1995-10-19 11:16 1,450,496 ----a-w C:\Program Files\TVPAINT.EXE
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2007-05-12 14:36 32 --sha-w C:\WINDOWS2\{9C93175A-A1B6-4E16-A635-9E44CA49DA1D}.dat
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS2\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS2\system32\msfDX.dll
2007-05-12 14:36 32 --sha-w C:\WINDOWS2\system32\{5F925491-14AB-4098-B7B8-3A631DB3046F}.dat
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS2\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS2\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS2\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS2\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS2\$NtUninstallKB893066$\tcpip.sys
2005-08-06 18:18 359808 14143695e27b2718dee96ea2e50428b3 C:\WINDOWS2\$NtUninstallKB913446$\tcpip.sys
2006-02-17 13:56 359808 eb98d5e55321cefd803e8173dbb000db C:\WINDOWS2\$NtUninstallKB917953$\tcpip.sys
2006-06-17 22:06 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS2\$NtUninstallKB941644$\tcpip.sys
2008-01-09 16:06 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS2\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF55CDD2-A3D2-45C7-9212-55511B80FC64}]
C:\WINDOWS2\system32\hgGaApOi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 13:51 409600]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
"EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [2008-04-14 15:49 1530880]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 10:32 23395368]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-07-13 11:10 598656]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-07-01 12:11 71280]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-19 14:11 59056]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"BM0b9527f0"="C:\WINDOWS2\system32\fmobrjug.dll" [2008-05-20 12:14 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7056"="cmd /c del C:\WINDOWS2\system32\ddcBUMeb.dll_old" [ ]
"SpybotDeletingA3095"="command /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old" [ ]
"SpybotDeletingC3710"="cmd /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old" [ ]
"SpybotDeletingA4037"="command /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old" [ ]
"SpybotDeletingC2887"="cmd /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old" [ ]
"SpybotDeletingA7246"="command /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old" [ ]
"SpybotDeletingC8386"="cmd /c del K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0"= MyFlashZip0.ax
"VIDC.MSZH"= AVIMSZH.DLL
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"wave3"= sfcumd.dll
"VIDC.LAGS"= lagarith.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.I420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS2\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Curious Labs\\Poser 5\\poser.exe"=
"C:\\Program Files\\Speech2Graphite\\Serveur_lpc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"=
"C:\\3dsmax6\\3dsmax.exe"=
"C:\\Program Files\\jeux\\GTR\\GTR.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem.exe"=
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem1.0.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Curious Labs\\Poser4\\Poser.exe"=
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS2\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS2\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{939b4184-ebfc-11da-b0f1-00112f7e661a}]
\Shell\AutoRun\command - K:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-21 09:00:00 C:\WINDOWS2\Tasks\AC0F819C918435F0.job"
- c:\docume~1\mikael~1\applic~1\chicfa~1\ProxyPlayClock.exe
"2008-05-02 14:34:01 C:\WINDOWS2\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 09:47:08 C:\WINDOWS2\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-05-21 09:47:00 C:\WINDOWS2\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 11:27:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS2\system32\winlogon.exe
-> C:\WINDOWS2\system32\sfcumd.dll

PROCESS: C:\WINDOWS2\system32\lsass.exe
-> C:\WINDOWS2\system32\sfcumd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS2\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
C:\WINDOWS2\system32\drivers\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS2\system32\ati2evxx.exe
C:\WINDOWS2\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS2\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-21 11:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 09:47:39

Pre-Run: 90,515,873,792 octets libres
Post-Run: 90,464,264,192 octets libres

346 --- E O F --- 2008-04-11 12:05:00

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention > SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

et les logs de Malwarebytes' Anti-Malware
J'en ai fait un deuxième (mode simple après la désinfection)

le premier:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 770

Type de recherche: Examen complet (C:\|H:\|K:\|)
Eléments examinés: 604901
Temps écoulé: 8 hour(s), 12 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS2\system32\geBqpopP.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS2\system32\olyyjqkw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS2\system32\jkkHyywv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95d07c2c-cd06-4dde-8128-5fba2bbcb418} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{95d07c2c-cd06-4dde-8128-5fba2bbcb418} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0c5c8e9a-48ba-4d26-aa01-2e1d4dc14718} (Adware.Boran) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdeb1e22-adae-41f3-adc4-4cd331432909} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows2\system32\gebqpopp -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows2\system32\gebqpopp -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS2\system32\fikupqiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\uiqpukif.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\geBqpopP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS2\system32\PpopqBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\PpopqBeg.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS2\system32\jncrsqgn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\ngqsrcnj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\lvnwbivm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\mvibwnvl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\olyyjqkw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS2\system32\wkqjyylo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\urqQjGXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\rXGjQqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\rXGjQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\jkkHyywv.dll (Trojan.Vundo) -> Delete on reboot.

le deuxième:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 770

Type de recherche: Examen rapide
Eléments examinés: 41803
Temps écoulé: 13 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS2\system32\geBqpopP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\PpopqBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

voilà...

Réponse 2 / 20

Utilisateur anonyme

bonjour poste un nouveau rapport hijackthis stp

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour, merci pour ton attention.
Voilà le nouveau rapport HijackThis

SpyBot m'a demandé d'autoriser ou non les changements par rapport au page de démarrage, je n'ai pas trop su quoi faire...J'en ai accepté certaines et d'autres pas.
j'ai accepté ce changement par exemple...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:57, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\PROGRA~1\MACROM~1\FLASH8~2\Flash.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
K:\téléchargements\Anti-virus et autres\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingC7056] cmd /c del "C:\WINDOWS2\system32\ddcBUMeb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3095] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3710] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4037] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2887] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Réponse 3 / 20

Utilisateur anonyme

fait ceci

Suppression d'un service malveillant

« Démarrer » / « Exécuter» / puis tape

sc stop MSControlService valide par ok.

« Démarrer » / « Exécuter» / puis tape

sc delete MSControlService valide par ok.

____________

ensuite fait ceci :

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Copie le texte en gras : ci-dessous :

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF55CDD2-A3D2-45C7-9212-55511B80FC64}]
C:\WINDOWS2\system32\hgGaApOi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM0b9527f0"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7056"=-
"SpybotDeletingA3095"=-
"SpybotDeletingC3710"=-
"SpybotDeletingA4037"=-
"SpybotDeletingC2887"=-
"SpybotDeletingA7246"=-
"SpybotDeletingC8386"=-
"SpybotSnD"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{939b4184-ebfc-11da-b0f1-00112f7e661a}]
\Shell\AutoRun\command - K:\setupSNK.exe

files::
C:\WINDOWS2\system32\fryqeqxy.dll
C:\WINDOWS2\system32\fmobrjug.dll
C:\Documents and Settings\Mikael Mohamad\Application Data\wklnhst.dat
C:\WINDOWS2\system32\ddcBUMeb.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

fait Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour.

Il n'y a pas eu de redémarrage après l'éxécution de comboFix.

voici les rapports :

ComboFix 08-05-20.5 - Mikael Mohamad 2008-05-21 17:00:17.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1330 [GMT 2:00]
Endroit: C:\Documents and Settings\Mikael Mohamad\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mikael Mohamad\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS2\pskt.ini
C:\WINDOWS2\system32\system\
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.

2008-05-21 16:21 . 2008-05-21 16:21 5,120 --ahs---- C:\Thumbs.db
2008-05-21 14:04 . 2008-05-21 14:04 <REP> d-------- C:\WINDOWS2\LastGood
2008-05-21 11:29 . 2008-05-21 11:29 0 --a------ C:\WINDOWS2\BM0b9527f0.xml
2008-05-20 19:25 . 2008-05-20 19:25 <REP> d-------- C:\Documents and Settings\Mikael Mohamad\Application Data\Malwarebytes
2008-05-20 19:24 . 2008-05-20 19:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 19:24 . 2008-05-20 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 19:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS2\system32\drivers\mbamcatchme.sys
2008-05-20 19:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS2\system32\drivers\mbam.sys
2008-05-20 12:16 . 2008-05-20 12:16 135,168 --a------ C:\WINDOWS2\system32\fryqeqxy.dll
2008-05-19 09:53 . 2008-05-19 12:42 <REP> d-------- C:\WINDOWS2\ERUNT
2008-05-19 09:50 . 2008-05-19 14:05 <REP> d-------- C:\SDFix
2008-05-18 21:23 . 2008-05-18 23:14 <REP> d-------- C:\Program Files\BHODemon 2
2008-05-18 16:10 . 2008-05-18 14:16 186,880 --a------ C:\LSPFix.exe
2008-05-17 18:00 . 2008-05-17 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-17 17:54 . 2008-05-17 17:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-16 16:30 . 2008-05-21 13:21 2,422 --a------ C:\WINDOWS2\system32\wpa.dbl
2008-05-16 13:11 . 2008-05-16 13:10 96,978 --a------ C:\VirtumundoBeGone.exe
2008-05-15 21:05 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS2\system32\d3dx9_33.dll
2008-05-15 21:05 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS2\system32\D3DCompiler_33.dll
2008-05-15 21:05 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS2\system32\d3dx10_33.dll
2008-05-15 21:05 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS2\system32\xactengine2_7.dll
2008-05-15 21:05 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS2\system32\xactengine2_6.dll
2008-05-15 17:49 . 2008-05-15 17:51 <REP> d-------- C:\Program Files\PDFCreator
2008-05-15 17:49 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS2\system32\pdfcmnnt.dll
2008-05-15 17:49 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS2\system32\MSMAPI32.OCX
2008-05-15 17:49 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS2\system32\MSMPIDE.DLL
2008-05-14 23:05 . 2008-05-14 23:05 230 --a------ C:\config.xml
2008-05-14 21:54 . 2008-05-14 21:54 <REP> d-------- C:\Program Files\Microsoft Research
2008-05-14 11:47 . 2008-05-14 11:47 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-14 11:41 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS2\system32\HPZidr12.dll
2008-05-14 11:41 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS2\system32\HPZipr12.dll
2008-05-14 11:41 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS2\system32\HPZipt12.dll
2008-05-14 11:41 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS2\system32\HPZipm12.exe
2008-05-14 11:41 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS2\system32\HPZinw12.exe
2008-05-14 11:41 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS2\system32\HPZisn12.dll
2008-05-14 11:39 . 2008-05-14 11:41 <REP> d-------- C:\Program Files\HP
2008-05-14 11:33 . 2008-05-14 11:48 102,877 --a------ C:\WINDOWS2\hpoins05.dat
2008-05-14 11:33 . 2005-06-22 08:27 17,505 --------- C:\WINDOWS2\hpomdl07.dat
2008-05-14 11:32 . 2008-05-15 14:55 <REP> d-------- C:\Temp\HP_WebRelease
2008-04-26 18:36 . 2008-05-16 15:53 <REP> d-------- C:\Program Files\WebGraphics Optimizer 4.2
2008-04-26 18:36 . 1998-06-23 23:00 164,144 --a------ C:\WINDOWS2\system32\Comct232.ocx
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Program Files\River Past
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Program Files\Fichiers communs\River Past
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Documents and Settings\Mikael Mohamad\Application Data\River Past G5
2008-04-23 15:25 . 2008-04-23 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-04-23 15:25 . 2008-04-23 15:25 166,598 --a------ C:\WINDOWS2\Video Perspective Uninstaller.exe
2008-04-23 12:38 . 2008-04-23 12:40 <REP> d-------- C:\Program Files\Konvertor
2008-04-23 10:11 . 2008-04-23 10:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\sysprs7.tgz
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\sysprs7.dll
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\clauth2.dll
2008-04-23 10:11 . 2008-04-23 10:11 1,025 --a------ C:\WINDOWS2\system32\clauth1.dll
2008-04-23 10:11 . 2008-04-23 10:11 220 --a------ C:\WINDOWS2\system32\lsprst7.tgz
2008-04-23 10:11 . 2008-04-23 10:11 206 --a------ C:\WINDOWS2\system32\lsprst7.dll
2008-04-23 10:11 . 2008-04-23 10:11 88 --a------ C:\WINDOWS2\system32\ssprs.tgz
2008-04-23 10:11 . 2008-04-23 10:11 74 --a------ C:\WINDOWS2\system32\ssprs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 14:51 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Skype
2008-05-21 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 11:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-21 11:23 --------- d-----w C:\Program Files\SP2 Connection Patcher
2008-05-21 11:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-21 09:21 --------- d-----w C:\Program Files\kkvy
2008-05-20 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-20 10:13 38,532 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\wklnhst.dat
2008-05-19 10:34 --------- d-----w C:\Program Files\CCleaner
2008-05-19 07:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 15:59 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-05-17 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 09:39 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-05-15 21:32 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\OpenOffice.org2
2008-05-13 13:43 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\EssentialPIM
2008-04-23 12:31 --------- d-----w C:\Program Files\VirtualDub-MPEG2
2008-04-20 17:53 --------- d-----w C:\Program Files\Google
2008-04-19 16:20 --------- d-----w C:\Program Files\u-he
2008-04-19 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
2008-04-19 16:19 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2008-04-19 16:19 --------- d-----w C:\Program Files\Celemony
2008-04-13 09:41 --------- d-----w C:\Program Files\Converio 2.0
2008-04-13 09:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-12 21:59 --------- d-----w C:\Program Files\AC3Filter
2008-04-09 16:53 --------- d-----w C:\Program Files\VirtualDub-1.7.8
2008-04-09 15:52 --------- d-----w C:\Program Files\Audivimédia
2008-04-09 13:52 --------- d-----w C:\Program Files\Tale of Tales
2008-04-08 22:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-08 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-04-08 21:09 --------- d-----w C:\Program Files\Opera
2008-04-08 09:16 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Sony Corporation
2008-04-08 09:06 --------- d-----w C:\Program Files\Sonic
2008-04-08 08:53 --------- d-----w C:\Program Files\Sony
2008-04-08 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-04-08 08:50 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\InstallShield
2008-04-07 11:40 --------- d-----w C:\Program Files\Mapedit
2008-04-07 11:40 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\BoutellDotCom
2008-04-03 11:37 48,456 ----a-w C:\WINDOWS2\system32\UninstallElectricSheep.exe
2008-04-02 14:15 --------- d-----w C:\Program Files\Macromedia
2008-04-02 09:57 --------- d-----w C:\Program Files\Nvu
2008-04-02 09:57 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Nvu
2008-04-01 14:56 --------- d-----w C:\Program Files\IDAutomation.com Code 39 Free Font
2008-04-01 14:56 --------- d-----w C:\Program Files\ICONStudio
2008-04-01 14:56 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-01 14:56 --------- d-----w C:\Program Files\e-Carte Bleue La Banque Postale
2008-04-01 09:38 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Thinstall
2008-04-01 06:09 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\Apple Computer
2008-03-31 20:59 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\gtk-2.0
2008-03-28 15:48 --------- d-----w C:\Program Files\Safari
2008-03-28 15:46 --------- d-----w C:\Program Files\iTunes
2008-03-28 15:46 --------- d-----w C:\Program Files\iPod
2008-03-27 22:35 --------- d-----w C:\Program Files\Intel Desktop Board
2008-03-27 21:52 --------- d-----w C:\Program Files\Lavalys
2008-03-27 20:55 --------- d-----w C:\Program Files\LaCie
2008-03-27 20:19 --------- d-----w C:\Documents and Settings\Mikael Mohamad\Application Data\LaCie
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS2\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS2\system32\msjint40.dll
2008-03-20 18:09 691,545 ----a-w C:\WINDOWS2\unins000.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS2\system32\win32k.sys
2008-02-20 10:33 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol
2008-02-20 10:33 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol
2007-07-03 17:26 156,464 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 14:52 247,922 ----a-w C:\Program Files\kuler.swf
2006-12-02 16:07 81,920 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\ezpinst.exe
2006-12-02 16:07 47,360 ----a-w C:\Documents and Settings\Mikael Mohamad\Application Data\pcouffin.sys
2005-11-11 18:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-10-05 20:52 1,690 ----a-w C:\Program Files\Cult3D Acrobat Plug-in.log
2005-08-11 20:14 6 ----a-w C:\Program Files\sonysoundforge8serial.txt
2005-07-31 21:35 33 ----a-w C:\Program Files\code Works.txt
1995-10-19 11:16 1,450,496 ----a-w C:\Program Files\TVPAINT.EXE
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2007-05-12 14:36 32 --sha-w C:\WINDOWS2\{9C93175A-A1B6-4E16-A635-9E44CA49DA1D}.dat
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS2\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS2\system32\msfDX.dll
2007-05-12 14:36 32 --sha-w C:\WINDOWS2\system32\{5F925491-14AB-4098-B7B8-3A631DB3046F}.dat
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS2\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS2\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS2\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS2\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS2\$NtUninstallKB893066$\tcpip.sys
2005-08-06 18:18 359808 14143695e27b2718dee96ea2e50428b3 C:\WINDOWS2\$NtUninstallKB913446$\tcpip.sys
2006-02-17 13:56 359808 eb98d5e55321cefd803e8173dbb000db C:\WINDOWS2\$NtUninstallKB917953$\tcpip.sys
2006-06-17 22:06 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS2\$NtUninstallKB941644$\tcpip.sys
2008-01-09 16:06 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS2\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-21_11.43.54.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 09:26:10 2,048 --s-a-w C:\WINDOWS2\bootstat.dat
+ 2008-05-21 11:21:14 2,048 --s-a-w C:\WINDOWS2\bootstat.dat
+ 2006-10-27 14:23:04 347,432 ----a-r C:\WINDOWS2\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE
- 2008-04-10 14:07:12 20,240 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-21 12:05:27 20,240 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-10 14:07:12 184,080 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-21 12:05:27 184,080 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-10 14:07:12 217,864 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-21 12:05:27 217,864 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-10 14:07:12 18,704 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-21 12:05:27 18,704 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-10 14:07:12 35,088 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-21 12:05:27 35,088 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-10 14:07:12 922,384 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-21 12:05:27 922,384 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-10 14:07:12 888,080 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-21 12:05:27 888,080 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-10 14:07:12 1,172,240 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-21 12:05:27 1,172,240 ----a-r C:\WINDOWS2\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2004-08-05 12:00:00 561,179 -c--a-w C:\WINDOWS2\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS2\system32\dllcache\dao360.dll
- 2004-08-05 12:00:00 512,029 -c--a-w C:\WINDOWS2\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS2\system32\dllcache\msexch40.dll
- 2004-08-05 12:00:00 319,517 -c--a-w C:\WINDOWS2\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS2\system32\dllcache\msexcl40.dll
- 2004-08-05 12:00:00 1,507,356 -c--a-w C:\WINDOWS2\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS2\system32\dllcache\msjet40.dll
- 2004-08-05 12:00:00 358,976 -c--a-w C:\WINDOWS2\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS2\system32\dllcache\msjetol1.dll
- 2004-08-05 12:00:00 184,351 -c--a-w C:\WINDOWS2\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS2\system32\dllcache\msjint40.dll
- 2004-08-05 12:00:00 53,279 -c--a-w C:\WINDOWS2\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS2\system32\dllcache\msjter40.dll
- 2004-08-05 12:00:00 241,693 -c--a-w C:\WINDOWS2\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS2\system32\dllcache\msjtes40.dll
- 2004-08-05 12:00:00 213,023 -c--a-w C:\WINDOWS2\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS2\system32\dllcache\msltus40.dll
- 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS2\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS2\system32\dllcache\mspbde40.dll
- 2004-08-05 12:00:00 421,919 -c--a-w C:\WINDOWS2\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS2\system32\dllcache\msrd2x40.dll
- 2004-08-05 12:00:00 315,423 -c--a-w C:\WINDOWS2\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS2\system32\dllcache\msrd3x40.dll
- 2004-08-05 12:00:00 552,989 -c--a-w C:\WINDOWS2\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS2\system32\dllcache\msrepl40.dll
- 2004-08-05 12:00:00 258,077 -c--a-w C:\WINDOWS2\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS2\system32\dllcache\mstext40.dll
- 2004-08-05 12:00:00 831,519 -c--a-w C:\WINDOWS2\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS2\system32\dllcache\mswdat10.dll
- 2004-08-05 12:00:00 614,429 -c--a-w C:\WINDOWS2\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS2\system32\dllcache\mswstr10.dll
- 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS2\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS2\system32\dllcache\msxbde40.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS2\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS2\system32\MRT.exe
- 2004-08-05 12:00:00 512,029 ----a-w C:\WINDOWS2\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS2\system32\msexch40.dll
- 2004-08-05 12:00:00 319,517 ----a-w C:\WINDOWS2\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS2\system32\msexcl40.dll
- 2004-08-05 12:00:00 1,507,356 ----a-w C:\WINDOWS2\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS2\system32\msjet40.dll
- 2004-08-05 12:00:00 358,976 ----a-w C:\WINDOWS2\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS2\system32\msjetoledb40.dll
- 2004-08-05 12:00:00 53,279 ----a-w C:\WINDOWS2\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS2\system32\msjter40.dll
- 2004-08-05 12:00:00 241,693 ----a-w C:\WINDOWS2\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS2\system32\msjtes40.dll
- 2004-08-05 12:00:00 213,023 ----a-w C:\WINDOWS2\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS2\system32\msltus40.dll
- 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS2\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS2\system32\mspbde40.dll
- 2004-08-05 12:00:00 421,919 ----a-w C:\WINDOWS2\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS2\system32\msrd2x40.dll
- 2004-08-05 12:00:00 315,423 ----a-w C:\WINDOWS2\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS2\system32\msrd3x40.dll
- 2004-08-05 12:00:00 552,989 ----a-w C:\WINDOWS2\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS2\system32\msrepl40.dll
- 2004-08-05 12:00:00 258,077 ----a-w C:\WINDOWS2\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS2\system32\mstext40.dll
- 2004-08-05 12:00:00 831,519 ----a-w C:\WINDOWS2\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS2\system32\mswdat10.dll
- 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS2\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS2\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 13:51 409600]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
"EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [2008-04-14 15:49 1530880]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 10:32 23395368]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-07-13 11:10 598656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-07-01 12:11 71280]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-19 14:11 59056]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

C:\Documents and Settings\Mikael Mohamad\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-30 17:02:07 110592]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-30 17:02:07 110592]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-06-29 01:09:28 32768]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-07-29 17:30:17 135680]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-20 19:53:33 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0"= MyFlashZip0.ax
"VIDC.MSZH"= AVIMSZH.DLL
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"wave3"= sfcumd.dll
"VIDC.LAGS"= lagarith.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.I420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS2\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Curious Labs\\Poser 5\\poser.exe"=
"C:\\Program Files\\Speech2Graphite\\Serveur_lpc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"=
"C:\\3dsmax6\\3dsmax.exe"=
"C:\\Program Files\\jeux\\GTR\\GTR.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem.exe"=
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem1.0.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Curious Labs\\Poser4\\Poser.exe"=
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS2\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS2\system32\drivers\cpuidlep.sys [2006-11-30 16:04]
R1 SynFaceAudioCable;SynFace EyePhone Audio Cable;C:\WINDOWS2\system32\drivers\sfckmd.sys [2006-05-29 01:28]
R2 Vqtfk;Vqtfk;C:\WINDOWS2\system32\Vqtfk.sys [1999-08-11 10:49]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS2\system32\drivers\sp_rsdrv2.sys []
S2 MobiCap;fix8 Virtual Webcam, WDM Video Capture;C:\WINDOWS2\system32\DRIVERS\MobiCap.sys [2007-04-02 15:33]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS2\system32\drivers\ctlsb16.sys [2001-08-17 20:19]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS2\system32\DRIVERS\PRISMA00.sys [2003-08-14 17:05]
S3 Shebesrv;Shebesrv;C:\WINDOWS2\system32\drivers\prohlp02.sys [2004-03-09 12:18]
S3 SQTECH930B;USB 2.0 PC CAMERA;C:\WINDOWS2\system32\Drivers\Capt930b.sys [2005-01-26 10:27]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-10-01 20:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS2\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{939b4184-ebfc-11da-b0f1-00112f7e661a}]
\Shell\AutoRun\command - K:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-21 15:00:00 C:\WINDOWS2\Tasks\AC0F819C918435F0.job"
- c:\docume~1\mikael~1\applic~1\chicfa~1\ProxyPlayClock.exe
"2008-05-02 14:34:01 C:\WINDOWS2\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 09:47:08 C:\WINDOWS2\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-05-21 15:12:00 C:\WINDOWS2\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 17:05:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS2\system32\winlogon.exe
-> C:\WINDOWS2\system32\sfcumd.dll

PROCESS: C:\WINDOWS2\system32\lsass.exe
-> C:\WINDOWS2\system32\sfcumd.dll
.
Temps d'accomplissement: 2008-05-21 17:14:17
ComboFix-quarantined-files.txt 2008-05-21 15:13:28
ComboFix2.txt 2008-05-21 09:47:44

Pre-Run: 90,231,726,080 octets libres
Post-Run: 90,217,897,984 octets libres

382 --- E O F --- 2008-05-21 12:05:35

et celui de hijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:15, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\explorer.exe
K:\téléchargements\Anti-virus et autres\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingC7056] cmd /c del "C:\WINDOWS2\system32\ddcBUMeb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3095] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3710] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4037] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2887] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Réponse 4 / 20

Utilisateur anonyme

bon on va essayer autrement

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF55CDD2-A3D2-45C7-9212-55511B80FC64}]
C:\WINDOWS2\system32\hgGaApOi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM0b9527f0"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7056"=-
"SpybotDeletingA3095"=-
"SpybotDeletingC3710"=-
"SpybotDeletingA4037"=-
"SpybotDeletingC2887"=-
"SpybotDeletingA7246"=-
"SpybotDeletingC8386"=-
"SpybotSnD"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit 4 est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS2\system32\fryqeqxy.dll
C:\WINDOWS2\system32\fmobrjug.dll
C:\Documents and Settings\Mikael Mohamad\Application Data\wklnhst.dat
C:\WINDOWS2\system32\ddcBUMeb.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old
K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
copie et colle le rapport ici
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour.

Donc d'après toi mon PC est encore infecté ?
Je n'ai plus de symptômes d'infection.

Pour info : le répertoire :
K:\téléchargements\Anti-virus et autres\backups
est vide.
C'est normal ?

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour M.L king.

J'ai fait le fichier .reg >ok

Voilà le rapport de OTMovIt2

DllUnregisterServer procedure not found in C:\WINDOWS2\system32\fryqeqxy.dll
C:\WINDOWS2\system32\fryqeqxy.dll NOT unregistered.
C:\WINDOWS2\system32\fryqeqxy.dll moved successfully.
File/Folder C:\WINDOWS2\system32\fmobrjug.dll not found.
C:\Documents and Settings\Mikael Mohamad\Application Data\wklnhst.dat moved successfully.
File/Folder C:\WINDOWS2\system32\ddcBUMeb.dll_old not found.
File/Folder K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old not found.
File/Folder K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old not found.
File/Folder K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old not found.
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05212008_222438

Donc SpyBot a été supprimé ?
Est-ce que je peux le réinstaller ou bien est-ce néfaste ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 20

Utilisateur anonyme

oui c'est normal , il a faluut purger celas ( effectue ces manip stp le dernier rapport hijackthis et combofix montrent encore des infecions)

voici pourquoi nous avons du purger :K:\téléchargements\Anti-virus et autres

O4 - HKLM\..\RunOnce: [SpybotDeletingC7056] cmd /c del "C:\WINDOWS2\system32\ddcBUMeb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3095] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3710] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-134445-343.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4037] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2887] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-153609-390.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "K:\téléchargements\Anti-virus et autres\backups\backup-20080516-154524-676.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Réponse 6 / 20

Utilisateur anonyme

poste un nouveau rapport hijackthis stp

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Voilà le rapport hijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:20, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
K:\téléchargements\Anti-virus et autres\OTMoveIt2.exe
K:\téléchargements\Anti-virus et autres\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS2\system32\shdocvw.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS2\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS2\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Réponse 7 / 20

Utilisateur anonyme

bonjour tu pourras reinstaler spybot mais je ne pense pas qu'il est etait supprime !

mais pour l'instant il faut continuer a desinfecter ton pc car il est eencore bien malade !

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour.

Voici le rapport de SDFix :

[b]SDFix: Version 1.183 [/b]
Run by Mikael Mohamad on 22/05/2008 at 12:10

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 12:55:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2309]
"0005c982fd7b"=hex:18,d8,40,3a,95,b1,9d,83,de,3f,7c,6b,a2,dd,bc,22
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2309]
"0005c982fd7b"=hex:18,d8,40,3a,95,b1,9d,83,de,3f,7c,6b,a2,dd,bc,22

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Û0ê0Ç0\x00a40M?D?J?P?0?2? ?(?T?r?u?e?T?y?p?e?)?"="HOLIDAYM.TTF"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33292444-CC7A-EC9A-7C38-D9E72565B322}]
"iagajnnkbelfpfgcmj"=hex:6b,61,6d,67,62,6a,6d,70,62,6e,66,68,65,6f,6e,6c,67,6d,6c,62,70,..
"haibljdpohohaeaj"=hex:6b,61,6d,67,62,6a,6d,70,62,6e,66,68,65,6f,6e,6c,67,6d,6c,62,70,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS2\\system32\\dpvsetup.exe"="C:\\WINDOWS2\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Curious Labs\\Poser 5\\poser.exe"="C:\\Program Files\\Curious Labs\\Poser 5\\poser.exe:*:Enabled:Poser executable file"
"C:\\Program Files\\Speech2Graphite\\Serveur_lpc.exe"="C:\\Program Files\\Speech2Graphite\\Serveur_lpc.exe:*:Enabled:Serveur_lpc"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"="C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\\3dsmax6\\3dsmax.exe"="C:\\3dsmax6\\3dsmax.exe:*:Enabled:3ds max application"
"C:\\Program Files\\jeux\\GTR\\GTR.exe"="C:\\Program Files\\jeux\\GTR\\GTR.exe:*:Enabled:GTR - FIA GT Racing Game"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem.exe"="C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem.exe:*:Enabled:Apprendre le LPC"
"C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem1.0.exe"="C:\\disk-C\\1travail\\Travail en cours\\CEM\\NorthCode\\cem1.0.exe:*:Enabled:Apprendre le LPC"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\\Program Files\\Curious Labs\\Poser4\\Poser.exe"="C:\\Program Files\\Curious Labs\\Poser4\\Poser.exe:*:Enabled:Poser executable file"
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"="C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe:*:Enabled:Malware Scanner for Home User's"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS2\\system32\\mmc.exe"="C:\\WINDOWS2\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 14 Aug 2005 57 A.SH. --- "C:\redir.sys"
Sat 27 Oct 2007 30,720 ...HR --- "C:\WINDOWS2\CdaC13BA.EXE"
Sat 27 Oct 2007 112,128 ...HR --- "C:\WINDOWS2\CdaC14BA.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Program Files\Color Schemer Studio\gdiplus.dll"
Mon 23 Jul 2007 26,768,251 A..H. --- "C:\Program Files\EMCO Malware Destroyer\signatures.zip"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 13 Sep 2032 1,537 A.SH. --- "C:\WINDOWS2\page files\maxmeg.sys"
Mon 18 Dec 2006 37,859 ..SH. --- "C:\WINDOWS2\system32\cddfsqgo.tmp"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS2\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS2\system32\msfDX.dll"
Sun 23 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 21 Dec 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 1 Sep 2006 4,136,664 A..H. --- "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\SetupEx.exe"
Mon 29 Aug 2005 64,000 A..H. --- "C:\disk-C\1travail\Ind‚pendance\Clients\~WRL0005.tmp"
Mon 7 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sat 12 May 2007 1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Sat 12 May 2007 10,218 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT21.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT22.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS2\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Fri 5 May 2006 61,440 A..H. --- "C:\disk-C\1travail\Ind‚pendance\Clients\2006\~WRL0005.tmp"
Tue 30 Jan 2007 444 ...HR --- "C:\Documents and Settings\Mikael Mohamad\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 23 Oct 2005 4,348 A..H. --- "C:\Documents and Settings\Mikael Mohamad\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 21 Jun 2006 20 A..H. --- "C:\Documents and Settings\Mikael Mohamad\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 23 Oct 2005 400 A.SH. --- "C:\Documents and Settings\Mikael Mohamad\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 10 Aug 2005 57,092 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"
Thu 21 Dec 2006 2,676 A..H. --- "C:\Documents and Settings\Mikael Mohamad\Application Data\Sonic Foundry\Sound Forge\6.0\FRG6LOG.TMP"

[b]Finished![/b]

Réponse 8 / 20

Utilisateur anonyme

bonsoir ,

* Fais un scan en ligne Kaspersky avec Internet Explorer :https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
* Clique sur http://pictures.kaspersky.fr/bouton-scann1.jpg
* Clique maintenant sur J'accepte.
* Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.( dans la barre d'info clignotante)
* Patiente pendant l'installation des Mises à jour.
* Choisis par la suite l'analyse du Poste de travail
* Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne: http://www.infos-du-net.com/forum/267224-11-scan-ligne-kaspersky

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour.

Voilà le rapport de kaspersky on line :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, May 23, 2008 4:44:50 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.93.1
Dernière mise à jour de la base antivirus Kaspersky : 22/05/2008
Enregistrements dans la base antivirus Kaspersky : 794702
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Statistiques de l'analyse:
Total d'objets analysés: 533684
Nombre de virus trouvés: 39
Nombre d'objets infectés: 343
Nombre d'objets suspects: 60
Durée de l'analyse: 12:03:31

Nom de l'objet infecté / Nom du virus / Dernière action
C:\!KillBox\qbjlwsxi.dll Infecté : not-a-virus:AdWare.Win32.Virtumonde.sce ignoré
C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\BlehDupe.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\bodysign.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\Hole tons.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\tool dead.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\All Users\Application Data\FLEXnet\adobe_00080000_tsf.data L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-22_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\ActiveSurfProgram.exe Infecté : Packed.Win32.PolyCrypt.d ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\bcmswsho.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\ibkimswy.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\stmgzdia.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\vqgijaqr.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\EssentialPIM\2007.epim L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Mozilla\Firefox\Profiles\3m21nvbj.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\call256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\call512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\callmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chat1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chat2048.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chat4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chat512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmember256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg2048.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\chatmsg8192.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\contactgroup256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\dyncontent\bundle.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\index2.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\message1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\message256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\message4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\profile4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\sms256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\transfer256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\transfer512.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\user1024.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\user16384.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\user256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\user4096.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Skype\sylv20\voicemail256.dbb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\abook.mab L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\history.mab L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\impab.mab L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\junklog.html L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\de Mary.msf L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNN ... /[ ... /[From "eBay" <customercare.refPD806994115711ZE.nf@ebay.com>][Date Sun, 22 Jul 2007 16:53:09 +0200 (CEST)]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNN ... /[From Mail Delivery ... ... /[From "egreetings.Com" <sjvj@brandywine.net>][Date Sun, 22 Jul 2007 06:30:43 -0400]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNN ... /[From Mail Delivery ... /[From Sinclair Netty <lytnr@guitar.ocn.ne.jp>][Date Sat, 21 Jul 2007 21:03:40 -0400]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNN ... /[From Mail Delivery S ... /[From pelachaud <pelachaud@iut.univ-paris8.fr>][Date Sun, 22 Jul 2007 11:17:31 +0200]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNN ... /[From Mail Delivery Subsystem <MAILER-DAEMON@avsde01.htsit.net>][Date Sat, 21 Jul 2007 18:50:08 +0200 (CEST)]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNNAMED/[From "Natacha" <Natacha@megaed.ws>][Date Sat, 21 Jul 2007 21:28:41 +0000]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED/[From Sahir <vikram1subhednu@moebelheinrich.de>][Date Sat, 21 Jul 2007 16:32:40 -0000]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "Philippe Stewner" <PhilippeStewner@sylvain-beaujouan.com>][Date Sat, 21 Jul 2007 18:10:09 +0400]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From Sys .. ... /[From "Ruben Mcdowell" <pamella.dadisman@axemer.fr>][Date Fri, 27 Jul 2007 18:03: ... /fungame.exe Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From Sys .. ... /[From "Ruben Mcdowell" <pamella.dadisman@axemer.fr>][Date Fri, 27 Jul 2007 18:03:07 - ... /UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From Sys .. ... /[From "Ruben Mcdowell" <pamella.dadisman@axemer.fr>][Date Fri, 27 Jul 2007 18:03:07 -0100]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From Sys ... /[From "francete ... /[From Hale U. Lew <rrcx@cpws.net>][Date Fri, 27 Jul 2007 12:47:31 -0400]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From Sys ... /[From "francetelecom.fr" <news.letter@orange-ftgroup.com>][Date Mon, 23 Jul 2007 21:50:26 +0200]/html Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From System Administra ... /[From "rivers ... /[From <wwphhod@bnwest.com>][Date 23 Jul 2007 18:19:23 +0800]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From System Administra ... /[From "riversongs.Com" <vhzjx@fnbestes.com>][Date Mon, 23 Jul 2007 10:10:58 -0700]/text Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED/[From System Administrator <postmaster@spectro.com>][Date Mon, 23 Jul 2007 08:49:34 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED/[From "Coleen Chacon" <YoungrepellentGreenberg@mellon.org>][Date Sun, 22 Jul 2007 23:58:41 +0500]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From "arpan Karimi" <Karimirvrs@sylvain-beaujouan.com>][Date Mon, 23 Jul 2007 05:11:21 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.brk ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html/[From <loek.klippel@ms76.hinet.net> ... /[From VIAGRA ® Official Site <info@sylvain-beaujouan.com>][Date Wed, 21 Nov 2007 15:44:19 +0100 (CET)]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html/[From <loek.klippel@ms76.hinet.net>][Date T .. ... /[From "davy nicole" <toni84hesperos06@ahtech.com.cn>][Date Wed, 21 Nov 2007 12:11:04 +0000]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html/[From <loek.klippel@ms76.hinet.net>][Date T ... / ... /[From "Kristy F. Sorensen" <Kristy@wanadoo.fr>][Date Wed, 21 Nov 2007 03:00:31 -0800]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html/[From <loek.klippel@ms76.hinet.net>][Date T ... /[From "Trisha Washington" <zahidakram48@hotmail.com>][Date Wed, 21 Nov 2007 16:53:48 +0530]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html/[From <loek.klippel@ms76.hinet.net>][Date Tue, 20 Nov 2007 20:49:39 -0800]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text/[From Kraft" <tequilas68@hotmail.com>][Date 21 Nov 2007 16:42:16 +0700]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Canadian Doctor Michelle Elder <info@sylternaechte.de>][Date 21 Nov 2007 08:09:26 +0100]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Williams@Viagra.com <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Erectile" <prudence@msn.com>][Date Wed, 21 Nov 2007 22:24:30 +0000]/UNNAMED/[From Talbot" <hfreehavenm@freehaven.net>][Date 22 No ... /[From "Maria Woodall" <info@sylvain-beaujouan.com> ... /[Date 23 Nov 2007 22:32:46 +0200]/html Infecté : Trojan-Spy.HTML.Goldfraud.t ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Williams@Viagra.com <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Erectile" <prudence@msn.com>][Date Wed, 21 Nov 2007 22:24:30 +0000]/UNNAMED/[From Talbot" <hfreehavenm@freehaven.net>][Date 22 No ... /[From "Maria Woodall" <info@sylvain-beaujouan.com>][Date Thu, 22 Nov 2007 23:09:15 -0500]/text Infecté : Trojan-Spy.HTML.Goldfraud.t ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Williams@Viagra.com <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Erectile" <prudence@msn.com>][Date Wed, 21 Nov 2007 22:24:30 +0000]/UNNAMED/[From Talbot" <hfreehavenm@freehaven.net>][Date 22 Nov 2007 05:06:26 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Goldfraud.t ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Williams@Viagra.com <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Erectile" <prudence@msn.com>][Date Wed, 21 Nov 2007 22:24:30 +0000]/UNNAMED Infecté : Trojan-Spy.HTML.Goldfraud.t ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From Williams@Viagra.com <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html Infecté : Trojan-Spy.HTML.Goldfraud.t ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... . ... /[From " ... /[From Schmitt" <tequilatoo@yahoo.com>][Date 16 Dec 2007 10:34:13 ... /card.scr Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... . ... /[From " ... /[From Schmitt" <tequilatoo@yahoo.com>][Date 16 Dec 2007 10:34:13 -0400]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... . ... /[From "Cleo Levine" <musclesj652@weisenseel.com>][Date , 16 Dec 2007 13:44:45 +0700]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... ... .. ... /[From "Philip Proctor" <tequilatie@yahoo.com>][Date , 16 Dec 2007 10:45:11 +0530]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... ... ... /[From "Lynda Hayden" <vfiwdvsa@boomprint.com>][Date Sat, 15 Dec 2007 18:03:17 -0300]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... ... /[From "Sheree Thompson" <coffutt@cuartocreciente.com>][Date , 16 Dec 2007 09:27:53 +0100]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... ... /[From "Violet Novak" <pkfox@justusconsulting.com>][Date Sat, 15 Dec 2007 20:58:12 +0700]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... /[From ... /[Fr ... /[From Fisher" <tom@paradox8reality.com>][Date 15 Dec 2007 17:19:32 +0700]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... /[From ... /[From "Bette North" <terolfes@quietman.net>][Date Sat, 15 Dec 2007 16:44:15 +0800]/text Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Cre ... /[From "Kasey Ratliff" <spheroidr61@mammothcity.com>][Date Fri, 14 Dec 2007 22:21:44 +0100]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Creative Sof ... /[From "Reid Clare" <refn@cheeseporium.com>][Date Fri, 14 Dec 2007 15:48:52 -0500]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec ... /[From Sony Creative Software <news@mail.sonycreativesoftware.com>][Date Sat, 15 Dec 2007 01:27:30 -0500 (EST)]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html/[From "Symantec Store" <Symantec@reply.digitalriver.com>][Date Fri, 14 Dec 2007 13:21:19 -0800]/UNNAMED Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html/[From "Adan N. Rush" <Adan@uol.com.br>][Date Sun, 25 Nov 2007 22:24:01 +0300]/html Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGQRA Onlinne <postmaster@sylvae.com>][Date 21 Nov 2007 08:09:26 +0100]/html Infecté : Trojan-Downloader.Win32.Agent.gbu ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[From "Shannon Dewitt" <keenan.danby@wienglas.at>][Date Mon, 19 May 2008 10:25:04 ... /jolie.exe Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[From "Shannon Dewitt" <keenan.danby@wienglas.at>][Date Mon, 19 May 2008 10:25:04 +1000]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... .. ... /[From "Ofelia Kane" <teesquarea@excite.com>][Date Sun, 18 May 2008 20:44:38 -0600]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... ... /[From "Tasha Compton" <tgpfywau@braemarhomes.com>][Date Thu, 15 May 2008 07:29:46 +0100]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[F ... /[From Goulet <Quy-vnpaiste@800petshop.com>][Date Wed, 14 May 2008 15:45:21 +0200]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[F ... /[From Best of 1&1 <bestof@1and1.fr>][Date Wed, 14 May 2008 16:50:34 +0200 (CEST)]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[From "Har ... /[From Abel" <mhx@bouldinandbouldin.com>][Date 14 May 2008 22:26:19 +0800]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[From "Har ... /[From "vaigra icalis " <maybe@yes.no>][Date Wed, 14 May 2008 08:37:06 +0000]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs . ... /[From "Harriet Woodall" <jollityv221@azinetworks.com>][Date Wed, 14 May 2008 10:28:28 +0100]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbs ... /[From "Chelsey Patel" <complete679@perfectnecklace.com>][Date Tue, 13 May 2008 21:11:02 +0800]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text/[From Colfer <praveen-tyrbslah@UltraColor.com>][Date Mon, 12 May 2008 13:03:55 +0200]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html/[From "Carmela Morton" <operativem72@leeabrams.com>][Date Mon, 12 May 2008 08:09:25 +0000]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text/[From VIAGRA ® Official Site <postmaster@sylvae.com>][Date Tue, 18 Mar 2008 13:10:12 +0100]/html Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED/[From "dgreetings.Com" <vqqx@reindel.com>][Date Wed, 18 Jul 2007 11:11:54 +0300]/text Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox/[From postmaster@bowebellhowell.de][Date Wed, 18 Jul 2007 04:09:24 +0200]/UNNAMED Infecté : Trojan.Win32.Pakes.cwv ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox MailBerkeleymboxx: infecté - 45, suspect - 15 ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox.msf L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Junk/[From <ujfpg@khpc.com>][Date Thu, 6 Sep 2007 20:15:34 +0530]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Junk MailBerkeleymboxx: suspect - 1 ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\NewsLetters.msf L'objet est verrouillé ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 3 Nov 2003 18 ... /s2k.hacking.exe Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 3 Nov 2003 18:28:49 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 3 Nov 2003 18:35:32 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro .. ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 3 Nov 2003 18:47:44 +0100]/text Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 6 Nov 2003 23:34:18 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[Fro ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 10 Nov 2003 23:25:26 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[From "Maud Pois ... /[From "COLIN Dominique" <dcolin@eyrolles.com>][Date Thu, 08 Jan 2004 12:30:54 +0100]/text Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[ ... /[From "Maud Poissonnier" <maud.poissonnier@oriel.oxford.ac.uk>][Date Thu, 8 Jan 2004 12:24:47 +0000 (GMT)]/text Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Wed, 17 Dec 2003 21:32:22 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Wed, 17 Dec 2003 21:34:41 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Wed, 7 Jan 2004 14:28:59 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Wed, 7 Jan 2004 19:12:23 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso . ... /[From "Gilbert Beaujouan" <gil ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso . ... /[From "Gilbert Beaujouan" <gilbert.beaujouan@free.fr>][Date Wed, 7 Jan 2004 00:30:21 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso . ... /[From "Gilbert Beaujouan" <gilbert.beaujouan@free.fr>][Date Wed, 7 Jan 2004 00:39:31 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "dominique-e.colin" <dominique-e.colin@laposte.net>][Date Thu, 18 Nov 2004 15:50:29 +0100]/text Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso ... /[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Wed, 10 Nov 2004 02:09:17 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 15:58:30 +0200]/UNNAMED/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Thu, 5 ... /[From =?iso-8859-1?Q?Mary_et_R=E9my_Zimmermann?= <mary.remy2@wanadoo.fr>][Date Sun, 7 Nov 2004 00:37:13 +0100]/UNNAMED Infecté : not-a-virus:Dialer.Win32.Small.gen ignoré
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\perso/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Tue, 15 Jun 2004 18:07:34 +0200]/text/[From "Sylvain Beaujouan" <info@sylvain-beaujouan.com>][Date Mon, 6 Sep 2004 14:03:24 +0200]/U

Réponse 9 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

salut SylvainMM,

Désolé pour le retard Martin nous a demandé de prendre la suite de ses post:

Dans la boite de réception de thunderbird c'est la java c'était plutôt long pour faire le tri dans toute cette salade, le rapport était tellement long qu'il n'est pas entré entièrement dans votre message:

Infecté par:
Trojan-Spy.HTML.Fraud.gen
Trojan-Downloader.Win32.Agent.brk
Trojan-Spy.HTML.Goldfraud.t
Trojan-Downloader.Win32.Agent.gbu
Trojan.Win32.Pakes.cwv ignoré
Faire une recherche avec le mot ou l'adresse postmaster@bowebellhowell.de datés de juillet, novembre, décembre 2007 et mars, mai 2008.

Infecté par:
not-a-virus:Dialer.Win32.Small.gen
Faire une rechercher avec le mot ou l'adresse info@sylvain-beaujouan.com datés de novembre, décembre 2004 et novembre, decembre 2003.

Puis effacer les messages et vider la corbeille.

Ensuite
-----------
Télécharger OTMoveIt2(de Old_Timer) sur le Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double cliquer sur OTMoveIt2.exe pour le lancer.
Copier la liste de fichier ou de dossier qui se trouve en gras ci-dessous,
et coller-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\BlehDupe.exe
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait\

Cliquer sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Cliquer sur Exit pour fermer.

Il sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas accepter par Yes.

--> Poster le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)

A+

Denis

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour Denis.

Tout d'abord je n'ai pas réussi à retrouver les mails infectés.
Est-il possibles qu'ils soient supprimés ? Par ce que je supprime tous les jours les spams.

voilà le rapport de OTmovedIT2 :

C:\Documents and Settings\All Users\Application Data\EGGS ACTIVE GRID SECT\BlehDupe.exe moved successfully.
C:\Documents and Settings\Mikael Mohamad\Application Data\Chic face wait moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_163129

Merci.

Réponse 10 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

Re Sylvain,

Est-il possibles qu'ils soient supprimés ? Par ce que je supprime tous les jours les spams.
Kaspersky online n'efface rien, il faut installer la version d'évaluation 30 jours pour les effacer.

As tu cherché par mot ou par adresse, car les adresses que je t'ai donné ne sont peut être pas l'adresse de l'expéditeur qui te l'a envoyé, elle se retrouve dans le message donc il faut faire une recherche dans le contenu des messages.

Ces messages on été détecté dans ce répertoire:
C:\Documents and Settings\Mikael Mohamad\Application Data\Thunderbird\Profiles\kmh3rt7h.default\Mail\Local Folders\Inbox
Vu la date très récente d'un des messages c'est ton profil actuel j'imagine.

-----------------
Tu as une quantité industriel de programme ou de processus qui s'ouvre au démarrage de windows souvent pour rien ou pour une utilité limité, ce qui ralenti fortement ton ordinateur.
De plus il ne faut pas avoir 2 antispyware en résident comme dans le cas des AV.

Relancer HiJackthis cliquer sur Do a scan only et cocher les lignes en gras:

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS2\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)

Comment fixer une ligne: (Merci a Balltrap34 pour cette réalisation vidéo)
 http://pageperso.aol.fr/balltrap34/demohijack.htm
Fermer toutes tes applications et ton navigateur puis fix checked.

Spybot détecte t-il toujours Virtumonde?
D'autres symptômes bizarre?

A+

Denis

Réponse 11 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour Denis.

J'ai effectué les changements comme décris avec HijackThis.

Je n'ai pas réussi à retrouver les mails.
Mais le fichier inBox était anormalement gros, 540 Mo, alors j'ai fait en sorte de garder les messages présents effectivement dans ma boite de réception (courrier entrant) et supprimé le fichier.
J'ai donc un nouveau fichier inbox qui ne pèse plus que 50 Mo.

à+

Réponse 12 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour.

Spybot ne détecte aucun malware...
et il n'y a pas à première vue de trucs bizarres...

à+

Réponse 13 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

Salut,

La conclusion est proche donc.

Mais le fichier inBox était anormalement gros, 540 Mo, alors j'ai fait en sorte de garder les messages présents effectivement dans ma boite de réception
Je viens de comprendre Thunderbird garde en fait toujours une trace des messages effacé il faut de temps en temps les compacter.
Outils/Options/Avancé/Réseau et espaces disques/ cocher Compacter les dossiers quand cela économise au moins xxxx ko

Pour conclure
------------------------
- ToolsCleaner de A.Rothstein
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques

Télécharge le http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe sur ton Bureau.
* Double-clique sur ToolsCleaner2.bat et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)

------------------------
- Mises à jours en particulier Adobe, Flash, et autres programmes.
Updatechecker : https://filehippo.com/windows/tuning-utilities/
Quelques détails ici pour l’installation en particulier de Framework:
http://www.commentcamarche.net/faq/sujet 9908 update checker vos logiciels sont ils a jour#update checker la solution

Pour les mises à Jour Java en particulier ici une version online de Secunia en anglais, mais il y a juste 1 ou 2 boutons à cliquer :
https://www.flexera.com/products/operations/software-vulnerability-management.html
Une petite explication dans ce lien (merci malekal).

Et bien entendu windows update:
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fr

A+

Réponse 14 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour Denis.

Voilà le rapport de ToolsCleaner2 :

-->- Recherche:

C:\LSPFix.exe: trouvé !
C:\VirtumundoBeGone.exe: trouvé !
C:\SDFIX: trouvé !
C:\!Killbox: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\HijackThis: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\SmitFraudfix: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\hijackthis\HijackThis.exe: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\KillBox\KillBox.exe: trouvé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\SmitfraudFix\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS2\ERUNT\SDFIX: trouvé !

---------------------------------
-->- Suppression:

C:\LSPFix.exe: supprimé !
C:\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\SmitFraudFix.zip: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\hijackthis\HijackThis.exe: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\KillBox\KillBox.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\!Killbox: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\HijackThis: supprimé !
C:\Documents and Settings\Mikael Mohamad\Bureau\NAV\Anti-virus et autres\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\WINDOWS2\ERUNT\SDFIX: supprimé !

Fichiers temporaires nettoyés !

Pourquoi est-ce important de supprimer ces logiciels bien utiles ?

à+

Réponse 15 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

Sylvain,

Pourquoi est-ce important de supprimer ces logiciels bien utiles ?
Pour 3 raisons:

- Comme avec les AV pour une plus grande efficacité il faut avoir la dernière mise à jour.
Un seul a une option de mise à jour donc dans le doute, tous sont enlevés.

- En les supprimant, les dossiers de quarantaine ou sont placé les infections sont également effacé, sinon les programmes de protection ou d'analyse (AV, parefeu...) pourraient déclencher inutilement.

- Ils sont inutile après désinfection, autant faire place nette, si la désinfection a été bien faite et si la protection bien complété on est plus sensé en avoir besoin.

As tu également lancé les mises à jour.

A+

Réponse 16 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour Denis.

J'ai commencé les mises à jour.
Voilà ce qui me reste à faire :

dBpowerAMP Music Converter 12.4
Installed Version: 6.4.0.1

DivX Play 6.8.2.9
Installed Version: 6.6.0.42

FileZilla 3.0.10
Installed Version: 3.0.0.0

Flash Player 9.0.124.0 (IE)
Installed Version: 9.0.28.0

Internet Explorer 7.0.5730.13
Installed Version: 6.0.2900.2180

iTunes 7.6.2.9
Installed Version: 7.6.1.9

Java Runtime Environment 1.6.0.6
Installed Version: 1.5.0.11

Media Player Classic 6.4.9.1
Installed Version: 6.4.9.0

Microsoft ActiveSync 4.5
Installed Version: 4.2.4876.0

Opera 9.27
Installed Version: 9.10.8679.0
4.70MB Download Now!

Safari 3.1.1
Installed Version: 3.1

Shockwave Player 11.0.0.429
Installed Version: 10.1.4.20

Skype 3.8.0.115
Installed Version: 3.2.0.145
21.27MB Download Now!

SpeedFan 4.34
Installed Version: 4.31.0.162

VLC Media Player 0.8.6f
Installed Version: 0.8.6.3

WinRAR 3.71
Installed Version: 3.50.7.0

WinZip 11.2.8094
Installed Version: 9.0.6224.0

à+

Réponse 17 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Bonjour Denis.

J'ai enfin effectué toutes les mises à jour...

Que rets-t-il à faire maintenant ?

à+

Réponse 18 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

Sylvain,

Que rets-t-il à faire maintenant ?
Si Spybot et Norton ne trouvent rien:
Dormir sur tes 2 oreilles, mais d'un seul œil malgré tout quand tu surferas ;-)

Tu pourras cocher le problème comme résolu tout en haut de ton tout premier message.

Bye bye et bon surf.

Denis

Réponse 19 / 20

SylvainMM Messages postés 18 Date d'inscription Statut Membre Dernière intervention

Merci pour tout, à toi et à Martin !

Bonne journée.

Sylvain

Réponse 20 / 20

DeNisCoOl Messages postés 2802 Date d'inscription Statut Membre Dernière intervention 224

Merci à Matin surtout il avait fait 90% du travail.

Bye bye

Denis

Votre réponse