Je suis dans la panade.

Résolu
antish -  
 Utilisateur anonyme -
Bonjour,
c'est après avoir essayé toute une panoplie d'antivirus, ( avira antivir, bitdefender, avast, ect), de pare-feu (zonealarm, outpost firewall pro, etc), de navigateus web ( mozilla, opéra, etc) que je me suis résolu comme ultime recours a faire appel a ce forum.
Voici le topo: cela fait une semaine que je n'arrive plus a me connecter sur internet sans qu'il ne se bloque (il tient du miracle que je puisse poster ce message), que des pages publicitaires ne s'ouvrent (a foison gaston), que mon ordinateur ne rame.
J'ai bien trouvé quelques virus, les ai neutralisé, mais le problème persiste.
Ma question est somme toute assez simple : quelqu'un est il en mesure de m'aider i-e de fournir une solution
-raisonnable j'entend- a mon problème ?

69 réponses

Précédent
Réponse 21 / 69
Utilisateur anonyme
 
ok il ne la pas trouvé passe a la suite
0
Réponse 22 / 69
antish
 
apres avoir cliké sur supprimer la selection j'obtiens
Malwarebytes' Anti-Malware a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru
0
Réponse 23 / 69
Utilisateur anonyme
 
?? jamais vu ça ...

-> Redémarre en mode sans échec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

et refais le scan complet malewarebyte
0
Réponse 24 / 69
antish
 
j'ai redemmarré
puis j'ai re-ouvert malewarebytes
puis cliké sur tout supprimé
puis j'ai re-lancé la recherche
puis il trouve 23 elements infectés (pour l'instant).
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 69
antish
 
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\khfGyvvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\krkqlppp.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1667547c-898a-45a4-ab1c-08d93a5920c5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1667547c-898a-45a4-ab1c-08d93a5920c5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ae72190-f8a5-b7c8-9572-98c79cdf00af} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fc914f0c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmffa27c90 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgyvvw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgyvvw -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\Fonts\' (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\khfGyvvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvvyGfhk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvvyGfhk.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXPfDuU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\UuDfPXbc.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXQiFya.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ayFiQXbc.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dixglvuy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yuvlgxid.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkIYpmk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kmpYIkkj.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\krkqlppp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ppplqkrk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnmnMcy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ycMnmnmp.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\lui meme\Local Settings\Temporary Internet Files\Content.IE5\45AN89ER\setup_272_509_[1].exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\lui meme\Local Settings\Temporary Internet Files\Content.IE5\W9AR0XYN\setup_279_509_[1].exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{F600EB76-36C2-42A6-AEB9-4496F7A72FEE}\RP214\A0904697.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{F600EB76-36C2-42A6-AEB9-4496F7A72FEE}\RP229\A0909715.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sukafuhq.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\BMffa27c90.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMffa27c90.txt (Trojan.Vundo) -> No action taken.
0
Réponse 26 / 69
Utilisateur anonyme
 
No action taken.


t as rien supprimé ??
0
Réponse 27 / 69
antish
 
si maintenant c'est fait
0
Réponse 28 / 69
antish
 
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 945
Windows 5.1.2600 Service Pack 2

22:36:16 13/07/2008
mbam-log-7-13-2008 (22-36-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 149369
Temps écoulé: 49 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\khfGyvvw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\krkqlppp.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1667547c-898a-45a4-ab1c-08d93a5920c5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1667547c-898a-45a4-ab1c-08d93a5920c5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8ae72190-f8a5-b7c8-9572-98c79cdf00af} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fc914f0c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmffa27c90 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgyvvw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgyvvw -> Delete on reboot.

Dossier(s) infecté(s):
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\khfGyvvw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvvyGfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvvyGfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfDuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuDfPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXQiFya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayFiQXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dixglvuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuvlgxid.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIYpmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmpYIkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krkqlppp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ppplqkrk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnmnMcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycMnmnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lui meme\Local Settings\Temporary Internet Files\Content.IE5\45AN89ER\setup_272_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\lui meme\Local Settings\Temporary Internet Files\Content.IE5\W9AR0XYN\setup_279_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F600EB76-36C2-42A6-AEB9-4496F7A72FEE}\RP214\A0904697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F600EB76-36C2-42A6-AEB9-4496F7A72FEE}\RP229\A0909715.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sukafuhq.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BMffa27c90.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMffa27c90.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 29 / 69
arabrab Messages postés 122 Date d'inscription   Statut Membre Dernière intervention   1
 
bonsoir desolee de me taper l incruste ;o)

Chiquitine pourrais tu regarder mon message ? pour que je termine ... enfin peut etre ! merci beaucoup
0
Réponse 30 / 69
antish
 
mais je reste assez perplexe ............ mon antivirus m'a alerté plusieurs fois me demandant quelle action je voulais opérer j'ai choisis supprimer mais la meme fenetre s'ouvrait encore et encore.....
0
Réponse 31 / 69
Utilisateur anonyme
 
réouvre malewarebyte
va sur quarantaine
supprime tout

ensuite refais un scan hijackthis et post le rapport stp
0
Réponse 32 / 69
antish
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:45, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\CA\Etrust Antivirus\Register.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1877A6EA-E593-4BF6-9D02-EC27251A6DE5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {37d1bc45-8c4b-c468-37b4-0fda313c84c7} - {7c48c313-adf0-4b73-864c-b4c854cb1d73} - C:\WINDOWS\system32\kwltbg.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VTtrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06FDXRC_1355979] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108507380937
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 33 / 69
Utilisateur anonyme
 
il en reste


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 34 / 69
antish
 
ComboFix 08-07-13.6 - moi meme 2008-07-13 23:06:42.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.146 [GMT 2:00]
Endroit: C:\Documents and Settings\moi meme\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abqibugw.dll
C:\WINDOWS\system32\amwuqyil.ini
C:\WINDOWS\system32\cbsyid.dll
C:\WINDOWS\system32\chvpbrfg.ini
C:\WINDOWS\system32\ckkrritp.dll
C:\WINDOWS\system32\daurlnue.dll
C:\WINDOWS\system32\eehkocjs.ini
C:\WINDOWS\system32\gsvdrewj.ini
C:\WINDOWS\system32\gtfmqyyv.ini
C:\WINDOWS\system32\hdvmhibl.ini
C:\WINDOWS\system32\kibdurmv.ini
C:\WINDOWS\system32\kicmvvpm.ini
C:\WINDOWS\system32\kvuxbtik.ini
C:\WINDOWS\system32\kwltbg.dll
C:\WINDOWS\system32\lfbeng.dll
C:\WINDOWS\system32\LUxGQXyb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mrabuqbc.ini
C:\WINDOWS\system32\nkmrtewx.ini
C:\WINDOWS\system32\nrtlvpis.ini
C:\WINDOWS\system32\odwrevsi.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pixhdeia.dll
C:\WINDOWS\system32\pmxetidc.ini
C:\WINDOWS\system32\puyvnmjf.dll
C:\WINDOWS\system32\qdmxsq.dll
C:\WINDOWS\system32\rfayywug.ini
C:\WINDOWS\system32\rrllvm.dll
C:\WINDOWS\system32\rvaoxiwc.ini
C:\WINDOWS\system32\rvcrvfkt.dll
C:\WINDOWS\system32\rwjdln.dll
C:\WINDOWS\system32\rzwvia.dll
C:\WINDOWS\system32\TDehQqss.ini
C:\WINDOWS\system32\vafbeb.dll
C:\WINDOWS\system32\vfvapflu.dll
C:\WINDOWS\system32\vmpkdbqk.ini
C:\WINDOWS\system32\VxxHPXyb.ini
C:\WINDOWS\system32\wkvckaft.ini
C:\WINDOWS\system32\wobnwlsw.dll
C:\WINDOWS\system32\wvvyGfhk.ini
C:\WINDOWS\system32\wvvyGfhk.ini2
C:\WINDOWS\system32\xavoboca.ini
C:\WINDOWS\system32\xhpbpmjk.ini
C:\WINDOWS\system32\yysrihjk.ini
C:\WINDOWS\system32\zbxwav.dll
C:\WINDOWS\system32\zfsikp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 19:05 . 2008-07-13 19:05 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\Malwarebytes
2008-07-13 19:05 . 2008-07-13 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 19:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 19:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 19:04 . 2008-07-13 19:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 18:26 . 2008-07-13 18:26 <REP> d-------- C:\Program Files\Trend Micro
2008-07-13 18:04 . 2008-07-13 18:04 <REP> d-------- C:\_OTMoveIt
2008-07-13 16:58 . 2008-07-13 18:50 <REP> d-------- C:\Program Files\Navilog1
2008-07-13 16:12 . 2008-06-30 17:16 234,640 --a------ C:\WINDOWS\system32\drivers\afwcore.sys
2008-07-13 16:12 . 2007-10-25 19:17 49 --a------ C:\WINDOWS\transp.gif
2008-07-13 16:11 . 2008-07-13 16:20 <REP> d-------- C:\WINDOWS\system32\Filt
2008-07-13 16:11 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Agnitum
2008-07-13 16:11 . 2008-07-04 16:56 672,928 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2008-07-13 16:11 . 2008-06-30 17:16 30,864 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-07-13 16:09 . 2008-07-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-07-12 19:42 . 2008-07-12 19:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 19:42 . 2008-07-12 19:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 18:51 . 2008-07-12 18:51 <REP> d-------- C:\Documents and Settings\soi meme\systeme ne pas toucher
2008-07-12 18:22 . 2008-07-12 18:22 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\iolo
2008-07-12 18:22 . 2008-07-12 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-07-12 17:45 . 2008-07-12 17:45 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\Bitdefender
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\RealMedia
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\DScaler5
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\CD Audio Reader Filter
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\SHOUTcast Source
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\Haali
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\ffdshow
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\DSP-worx
2008-07-12 17:24 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-12 17:24 . 2007-12-03 16:34 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-12 17:24 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-12 17:23 . 2008-07-12 20:06 <REP> d-------- C:\Program Files\Zoom Player
2008-07-12 17:23 . 2008-07-12 17:23 <REP> d-------- C:\Program Files\DirectVobSub
2008-07-12 17:19 . 2008-07-12 17:30 1,208 --a------ C:\WINDOWS\Radio_Fr.ini
2008-07-12 17:17 . 2008-07-12 19:13 <REP> d-------- C:\Program Files\Radio Fr Solo
2008-07-12 17:01 . 2008-07-12 17:02 <REP> d-------- C:\Program Files\BillardGL 1.75
2008-07-12 16:56 . 2008-07-12 16:56 <REP> d-------- C:\Program Files\Mousotron
2008-07-12 16:52 . 2008-07-12 16:55 <REP> d-------- C:\Program Files\ZGuideTV
2008-07-12 16:52 . 1998-06-24 00:00 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-12 16:52 . 2004-08-10 09:00 200,704 --a------ C:\WINDOWS\system32\msadox.dll
2008-07-12 16:41 . 2008-07-12 16:41 <REP> d-------- C:\Program Files\ClocX
2008-07-12 16:28 . 2008-07-12 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-12 16:27 . 2008-07-12 19:58 <REP> d-------- C:\Program Files\ABAEnglishCourse
2008-07-12 16:27 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-12 16:27 . 2008-07-12 16:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-12 16:23 . 2008-07-12 19:06 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-12 14:16 . 2008-07-12 14:16 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\Bitdefender
2008-07-12 14:13 . 2008-07-13 23:22 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-12 14:08 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Softwin
2008-07-12 14:08 . 2008-07-12 14:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-12 14:04 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-07-12 13:20 . 2008-07-12 17:40 <REP> d-------- C:\Program Files\Avira
2008-07-12 13:20 . 2008-07-12 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-12 00:16 . 2008-07-12 00:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-12 00:16 . 2008-07-12 00:16 262,144 --a------ C:\Documents and Settings\ADAMLE~3
2008-07-12 00:16 . 2008-07-12 00:16 262,144 --a------ C:\Documents and Settings\1612~3.199
2008-07-12 00:13 . 2008-07-12 00:13 262,144 --a------ C:\Documents and Settings\ADAMLE~2
2008-07-12 00:13 . 2008-07-12 00:13 262,144 --a------ C:\Documents and Settings\1612~2.199
2008-07-12 00:00 . 2008-07-12 00:00 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\AVGTOOLBAR
2008-07-11 23:58 . 2008-07-12 00:01 8,192 --a------ C:\Documents and Settings\ADAMLE~1
2008-07-11 23:58 . 2008-07-12 00:01 8,192 --a------ C:\Documents and Settings\1612~1.199
2008-07-11 23:44 . 2008-07-11 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 23:36 . 2008-07-11 23:36 <REP> d-------- C:\Program Files\Opera
2008-07-11 21:11 . 2008-07-11 21:13 <REP> d-------- C:\totalcmd
2008-07-11 21:11 . 2008-07-11 21:13 570 --a------ C:\WINDOWS\wincmd.ini
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-11 20:50 . 2008-07-11 20:50 <REP> d-------- C:\Program Files\SafeSoft
2008-07-11 20:45 . 2008-07-11 20:45 <REP> d-------- C:\Program Files\Unlocker
2008-07-11 20:45 . 2008-07-13 22:36 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Application Data\Desktopicon
2008-07-10 14:47 . 2008-07-10 14:47 <REP> d-------- C:\Program Files\Lopxp
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Voisinage r‚seau
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Voisinage d'impression
2008-07-10 13:27 . 2005-06-22 01:47 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\ModŠles
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Mes documents
2008-07-10 13:27 . 2008-07-11 20:45 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Menu D‚marrer
2008-07-10 13:27 . 2005-02-15 07:42 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Favoris
2008-07-10 13:27 . 2008-07-11 21:13 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Bureau
2008-07-10 13:27 . 2008-07-12 00:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59
2008-07-09 11:29 . 2008-07-09 11:29 101,888 --a------ C:\WINDOWS\system32\fbycbvav.dll
2008-07-09 11:27 . 2008-07-09 11:27 92,160 --a------ C:\WINDOWS\system32\rxbcjbss.dll
2008-07-08 19:26 . 2008-07-08 19:28 51 --a------ C:\WINDOWS\npornap.INI
2008-07-08 19:24 . 2008-07-08 19:24 <REP> d-------- C:\Program Files\Orange
2008-07-06 10:49 . 2008-07-06 10:49 101,888 --a------ C:\WINDOWS\system32\dmwmfelf.dll
2008-07-05 21:43 . 2008-07-07 11:52 134 --a------ C:\Documents and Settings\Seddiq\Application Data\wklnhst.dat
2008-07-05 10:28 . 2008-07-05 10:28 101,888 --a------ C:\WINDOWS\system32\sukrlcpb.dll
2008-07-05 10:22 . 2008-07-05 10:22 101,888 --a------ C:\WINDOWS\system32\xfybnudd.dll
2008-07-04 22:39 . 2008-07-04 22:46 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-04 21:20 . 2008-07-11 00:22 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\LimeWire
2008-07-03 23:56 . 2008-07-04 22:58 345 --ahs---- C:\WINDOWS\system32\MnmVwyxx.ini
2008-07-03 23:55 . 2008-07-03 23:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-07-03 20:36 . 2008-07-03 20:36 <REP> d-------- C:\Documents and Settings\soi meme\michael jackson
2008-07-03 20:33 . 2008-07-08 21:25 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\LimeWire
2008-07-03 20:33 . 2008-07-03 20:34 <REP> d-------- C:\Documents and Settings\lui meme\.limewire
2008-07-03 20:32 . 2008-07-04 21:19 <REP> d-------- C:\Program Files\LimeWire
2008-07-01 15:52 . 2008-07-11 23:23 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\SPAMfighter
2008-07-01 11:57 . 2008-07-01 11:57 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\SPAMfighter
2008-06-29 22:07 . 2008-06-29 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-06-29 22:06 . 2008-06-29 22:06 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-06-29 22:05 . 2008-06-29 22:05 <REP> d-------- C:\Program Files\BoontyGames
2008-06-29 22:05 . 2008-06-29 22:05 <REP> d-------- C:\Program Files\Boonty
2008-06-29 22:00 . 2008-07-12 18:04 <REP> d-------- C:\Program Files\Yahoo!
2008-06-28 14:36 . 2008-06-28 14:43 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-28 14:36 . 2008-06-28 14:37 681 --a------ C:\WINDOWS\mozver.dat
2008-06-22 20:33 . 2008-06-22 20:33 <REP> d-------- C:\Program Files\VoipBuster.com
2008-06-21 21:42 . 2008-06-21 21:42 <REP> d-------- C:\Program Files\Google
2008-06-18 12:42 . 2008-06-18 12:42 244 --ah----- C:\sqmnoopt19.sqm
2008-06-18 12:42 . 2008-06-18 12:42 232 --ah----- C:\sqmdata19.sqm
2008-06-18 12:40 . 2008-06-18 12:40 244 --ah----- C:\sqmnoopt18.sqm
2008-06-18 12:40 . 2008-06-18 12:40 232 --ah----- C:\sqmdata18.sqm
2008-06-18 12:21 . 2008-06-18 12:21 <REP> d---s---- C:\Documents and Settings\lui meme\UserData
2008-06-18 12:21 . 2008-06-18 12:21 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\Viewpoint
2008-06-18 00:20 . 2008-06-18 00:20 268 --ah----- C:\sqmdata17.sqm
2008-06-18 00:20 . 2008-06-18 00:20 244 --ah----- C:\sqmnoopt17.sqm
2008-06-17 22:37 . 2008-06-17 22:37 244 --ah----- C:\sqmnoopt16.sqm
2008-06-17 22:37 . 2008-06-17 22:37 232 --ah----- C:\sqmdata16.sqm
2008-06-17 22:19 . 2008-06-17 22:19 244 --ah----- C:\sqmnoopt15.sqm
2008-06-17 22:19 . 2008-06-17 22:19 232 --ah----- C:\sqmdata15.sqm
2008-06-17 22:18 . 2008-07-08 15:11 208 --ah----- C:\sqmdata14.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Documents and Settings\moi meme\Application Data\OpenOffice.org2
2008-07-13 16:39 --------- d-----w C:\Program Files\Alwil Software
2008-07-13 14:40 --------- d-----w C:\Program Files\Java
2008-07-12 16:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-11 17:44 --------- d-----w C:\Program Files\CA
2008-07-11 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 17:11 --------- d-----w C:\Program Files\eMule
2008-07-04 20:35 --------- d-----w C:\Program Files\Windows Media Connect
2008-06-27 18:56 13,718 ----a-w C:\Documents and Settings\moi meme\Application Data\wklnhst.dat
2008-06-18 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 17:20 --------- d-----w C:\Program Files\Universalis 9
2008-06-17 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 10:40 --------- d-----w C:\Documents and Settings\elle meme\Application Data\Talkback
2008-06-08 11:20 --------- d-----w C:\Program Files\Windows Live
2008-06-06 21:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-06 20:45 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-06 20:35 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-05 05:57 --------- d-----w C:\Documents and Settings\lui meme\Application Data\MSNInstaller
2008-06-03 14:10 --------- d-----w C:\Documents and Settings\lui meme\Application Data\Talkback
2008-06-03 06:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-02 18:02 --------- d-----w C:\Program Files\Free
2008-06-02 14:48 --------- d-----w C:\Documents and Settings\moi meme\Application Data\MSNInstaller
2008-06-01 18:35 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-05-31 18:46 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-30 18:40 --------- d-----w C:\Program Files\Neuf
2008-05-23 15:05 --------- d-----w C:\Program Files\SnapKids
2008-05-18 14:54 --------- d-----w C:\Documents and Settings\moi meme\Application Data\gtk-2.0
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-06-06 12:33 88,152 ----a-w C:\Documents and Settings\moi meme\Application Data\GDIPFONTCACHEV1.DAT
2006-03-02 10:46 162 ---ha-w C:\Documents and Settings\lui meme\hpothb07.dat
2005-12-24 20:44 0 ----a-w C:\Documents and Settings\lui meme\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"E06FDXRC_1355979"="C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 18:03 301776]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage RW"="C:\Program Files\USB Storage RW\DskWatch.exe" [2004-12-23 16:00 208896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 16:09 458752]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-02-18 02:49 110744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-21 00:49 26112]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 12:33 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 07:18 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 16:21 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 17:43 270336]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-07-07 14:53 1158472]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-07-04 14:38 435528]
"VTTimer"="VTTimer.exe" [2004-10-01 17:31 53248 C:\WINDOWS\system32\VTTimer.exe]
"CARPService"="carpserv.exe" [2003-03-19 01:13 4608 C:\WINDOWS\system32\carpserv.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 17:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"VTtrayp"="VTtrayp.exe" [2004-06-22 03:57 143360 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Midnight Racing\\racing.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Roady Racer\\Roady Racer.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-04 16:56]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-07-04 14:38]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe []
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 17:16]
R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 17:16]
R3 dskwatch;Disk Watch Filter;C:\WINDOWS\system32\drivers\dskwatch.sys [2004-11-30 12:19]
S3 adxapie;adxapie;C:\DOCUME~1\moi meme\LOCALS~1\Temp\adxapie.sys []
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-04 16:57]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-29 22:06]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-10 16:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-13 18:33:11 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-fssui - C:\Program Files\Windows Live\Contrôle parental\fssui.exe
HKLM-Run-OEM-Reset - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 23:17:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-13 23:34:47 - machine was rebooted [moi meme]
ComboFix-quarantined-files.txt 2008-07-13 21:33:31

Pre-Run: 102,385,713,152 octets libres
Post-Run: 102,362,279,936 octets libres

332 --- E O F --- 2008-07-01 08:11:50
0
Réponse 35 / 69
antish
 
Bon ben bonne nuit.......................................
0
Réponse 36 / 69
antish
 
Bonne nuit à toi aussi ! (je soliloque)
0
Réponse 37 / 69
Utilisateur anonyme
 
Copie le texte ci-dessous :


File::
C:\WINDOWS\system32\fbycbvav.dll
C:\WINDOWS\system32\rxbcjbss.dll
C:\WINDOWS\system32\dmwmfelf.dll
C:\WINDOWS\system32\MnmVwyxx.ini
C:\Program Files\CA\Etrust Antivirus\Register.exe

Folder::
C:\_OTMoveIt
C:\Program Files\Navilog1
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\BoontyGames
C:\Program Files\Boonty
C:\Program Files\Alwil Software
C:\Program Files\CA

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntivirusRegistration"=-



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


0
Réponse 38 / 69
antish Messages postés 19 Date d'inscription   Statut Membre Dernière intervention  
 
rapport combofix

ComboFix 08-07-13.9 - moi meme 2008-07-14 10:23:25.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.146 [GMT 2:00]
Endroit: C:\Documents and Settings\moi meme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\moi meme\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Program Files\CA\Etrust Antivirus\Register.exe
C:\WINDOWS\system32\dmwmfelf.dll
C:\WINDOWS\system32\fbycbvav.dll
C:\WINDOWS\system32\MnmVwyxx.ini
C:\WINDOWS\system32\rxbcjbss.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436.log
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436.res
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\ayFiQXbc.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\kmpYIkkj.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\LUxGQXyb.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\TDehQqss.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\UuDfPXbc.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\VxxHPXyb.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\wvvyGfhk.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]7132008_180436\WINDOWS\system32\ycMnmnmp.ini2
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B43C7000.dat
C:\Program Files\Alwil Software
C:\Program Files\Boonty
C:\Program Files\Boonty\Components\DTM_Race_Driver_3_(codemasters)_Telecharger(fr_3815){327910}.exe
C:\Program Files\BoontyGames
C:\Program Files\CA
C:\Program Files\CA\Etrust Antivirus\Bottom.bmp
C:\Program Files\CA\Etrust Antivirus\Config.ini
C:\Program Files\CA\Etrust Antivirus\Lang-DA.ini
C:\Program Files\CA\Etrust Antivirus\Lang-DE.ini
C:\Program Files\CA\Etrust Antivirus\Lang-EN.ini
C:\Program Files\CA\Etrust Antivirus\Lang-ES.ini
C:\Program Files\CA\Etrust Antivirus\Lang-FI.ini
C:\Program Files\CA\Etrust Antivirus\Lang-FR.ini
C:\Program Files\CA\Etrust Antivirus\Lang-IT.ini
C:\Program Files\CA\Etrust Antivirus\Lang-NL.ini
C:\Program Files\CA\Etrust Antivirus\Lang-NO.ini
C:\Program Files\CA\Etrust Antivirus\Lang-SE.ini
C:\Program Files\CA\Etrust Antivirus\Lang\French\iShellRes.dll
C:\Program Files\CA\Etrust Antivirus\Middle.bmp
C:\Program Files\CA\Etrust Antivirus\Register.exe
C:\Program Files\CA\Etrust Antivirus\Settings.xml
C:\Program Files\CA\Etrust Antivirus\Top.bmp
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\gasiu.dat
C:\Program Files\Navilog1\Backupnavi\gasiu.exe
C:\Program Files\Navilog1\Backupnavi\gasiu_nav.dat
C:\Program Files\Navilog1\Backupnavi\gasiu_navps.dat
C:\Program Files\Navilog1\Backupnavi\qcoeg.dat
C:\Program Files\Navilog1\Backupnavi\qcoeg.exe
C:\Program Files\Navilog1\Backupnavi\qcoeg_nav.dat
C:\Program Files\Navilog1\Backupnavi\qcoeg_navps.dat
C:\Program Files\Navilog1\Backupnavi\wsiooky.dat
C:\Program Files\Navilog1\Backupnavi\wsiooky_nav.dat
C:\Program Files\Navilog1\Backupnavi\wsiooky_navps.dat
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Startupreg.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\WINDOWS\system32\dmwmfelf.dll
C:\WINDOWS\system32\fbycbvav.dll
C:\WINDOWS\system32\MnmVwyxx.ini
C:\WINDOWS\system32\rxbcjbss.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 23:35 . 2008-07-13 23:35 <REP> d-------- C:\Documents and Settings\Invité
2008-07-13 19:05 . 2008-07-13 19:05 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\Malwarebytes
2008-07-13 19:05 . 2008-07-13 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 19:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 19:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 19:04 . 2008-07-13 19:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 18:26 . 2008-07-13 18:26 <REP> d-------- C:\Program Files\Trend Micro
2008-07-13 16:12 . 2008-06-30 17:16 234,640 --a------ C:\WINDOWS\system32\drivers\afwcore.sys
2008-07-13 16:12 . 2007-10-25 19:17 49 --a------ C:\WINDOWS\transp.gif
2008-07-13 16:11 . 2008-07-13 16:20 <REP> d-------- C:\WINDOWS\system32\Filt
2008-07-13 16:11 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Agnitum
2008-07-13 16:11 . 2008-07-04 16:56 672,928 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2008-07-13 16:11 . 2008-06-30 17:16 30,864 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-07-13 16:09 . 2008-07-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-07-12 19:42 . 2008-07-12 19:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 19:42 . 2008-07-12 19:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 18:51 . 2008-07-12 18:51 <REP> d-------- C:\Documents and Settings\soi meme\systeme ne pas toucher
2008-07-12 18:22 . 2008-07-12 18:22 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\iolo
2008-07-12 18:22 . 2008-07-12 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-07-12 17:45 . 2008-07-12 17:45 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\Bitdefender
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\RealMedia
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\DScaler5
2008-07-12 17:25 . 2008-07-12 17:25 <REP> d-------- C:\Program Files\CD Audio Reader Filter
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\SHOUTcast Source
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\Haali
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\ffdshow
2008-07-12 17:24 . 2008-07-12 17:24 <REP> d-------- C:\Program Files\DSP-worx
2008-07-12 17:24 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-12 17:24 . 2007-12-03 16:34 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-12 17:24 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-12 17:23 . 2008-07-12 20:06 <REP> d-------- C:\Program Files\Zoom Player
2008-07-12 17:23 . 2008-07-12 17:23 <REP> d-------- C:\Program Files\DirectVobSub
2008-07-12 17:19 . 2008-07-12 17:30 1,208 --a------ C:\WINDOWS\Radio_Fr.ini
2008-07-12 17:17 . 2008-07-12 19:13 <REP> d-------- C:\Program Files\Radio Fr Solo
2008-07-12 17:01 . 2008-07-12 17:02 <REP> d-------- C:\Program Files\BillardGL 1.75
2008-07-12 16:56 . 2008-07-12 16:56 <REP> d-------- C:\Program Files\Mousotron
2008-07-12 16:52 . 2008-07-12 16:55 <REP> d-------- C:\Program Files\ZGuideTV
2008-07-12 16:52 . 1998-06-24 00:00 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-12 16:52 . 2004-08-10 09:00 200,704 --a------ C:\WINDOWS\system32\msadox.dll
2008-07-12 16:41 . 2008-07-12 16:41 <REP> d-------- C:\Program Files\ClocX
2008-07-12 16:28 . 2008-07-12 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-12 16:27 . 2008-07-12 19:58 <REP> d-------- C:\Program Files\ABAEnglishCourse
2008-07-12 16:27 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-12 16:27 . 2008-07-12 16:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-12 16:23 . 2008-07-12 19:06 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-12 14:16 . 2008-07-12 14:16 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\Bitdefender
2008-07-12 14:13 . 2008-07-14 10:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-12 14:08 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Softwin
2008-07-12 14:08 . 2008-07-12 14:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-12 14:04 . 2008-07-13 16:11 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-07-12 13:20 . 2008-07-12 17:40 <REP> d-------- C:\Program Files\Avira
2008-07-12 13:20 . 2008-07-12 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-12 00:16 . 2008-07-12 00:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-12 00:16 . 2008-07-12 00:16 262,144 --a------ C:\Documents and Settings\ADAMLE~3
2008-07-12 00:16 . 2008-07-12 00:16 262,144 --a------ C:\Documents and Settings\1612~3.199
2008-07-12 00:13 . 2008-07-12 00:13 262,144 --a------ C:\Documents and Settings\ADAMLE~2
2008-07-12 00:13 . 2008-07-12 00:13 262,144 --a------ C:\Documents and Settings\1612~2.199
2008-07-12 00:00 . 2008-07-12 00:00 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\AVGTOOLBAR
2008-07-11 23:58 . 2008-07-12 00:01 8,192 --a------ C:\Documents and Settings\ADAMLE~1
2008-07-11 23:58 . 2008-07-12 00:01 8,192 --a------ C:\Documents and Settings\1612~1.199
2008-07-11 23:44 . 2008-07-11 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 23:36 . 2008-07-11 23:36 <REP> d-------- C:\Program Files\Opera
2008-07-11 21:11 . 2008-07-11 21:13 <REP> d-------- C:\totalcmd
2008-07-11 21:11 . 2008-07-11 21:13 570 --a------ C:\WINDOWS\wincmd.ini
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-11 21:11 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-11 20:50 . 2008-07-11 20:50 <REP> d-------- C:\Program Files\SafeSoft
2008-07-11 20:45 . 2008-07-11 20:45 <REP> d-------- C:\Program Files\Unlocker
2008-07-11 20:45 . 2008-07-13 22:36 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Application Data\Desktopicon
2008-07-10 14:47 . 2008-07-10 14:47 <REP> d-------- C:\Program Files\Lopxp
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Voisinage r‚seau
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Voisinage d'impression
2008-07-10 13:27 . 2005-06-22 01:47 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\ModŠles
2008-07-10 13:27 . 2005-02-15 08:35 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Mes documents
2008-07-10 13:27 . 2008-07-11 20:45 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Menu D‚marrer
2008-07-10 13:27 . 2005-02-15 07:42 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Favoris
2008-07-10 13:27 . 2008-07-11 21:13 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59\Bureau
2008-07-10 13:27 . 2008-07-12 00:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EE41446DB59
2008-07-08 19:26 . 2008-07-08 19:28 51 --a------ C:\WINDOWS\npornap.INI
2008-07-08 19:24 . 2008-07-08 19:24 <REP> d-------- C:\Program Files\Orange
2008-07-05 21:43 . 2008-07-07 11:52 134 --a------ C:\Documents and Settings\Seddiq\Application Data\wklnhst.dat
2008-07-05 10:28 . 2008-07-05 10:28 101,888 --a------ C:\WINDOWS\system32\sukrlcpb.dll
2008-07-05 10:22 . 2008-07-05 10:22 101,888 --a------ C:\WINDOWS\system32\xfybnudd.dll
2008-07-04 22:39 . 2008-07-04 22:46 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-04 21:20 . 2008-07-11 00:22 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\LimeWire
2008-07-03 23:55 . 2008-07-03 23:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-07-03 20:36 . 2008-07-03 20:36 <REP> d-------- C:\Documents and Settings\soi meme\michael jackson
2008-07-03 20:33 . 2008-07-08 21:25 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\LimeWire
2008-07-03 20:33 . 2008-07-03 20:34 <REP> d-------- C:\Documents and Settings\lui meme\.limewire
2008-07-03 20:32 . 2008-07-04 21:19 <REP> d-------- C:\Program Files\LimeWire
2008-07-01 15:52 . 2008-07-11 23:23 <REP> d-------- C:\Documents and Settings\moi meme\Application Data\SPAMfighter
2008-07-01 11:57 . 2008-07-01 11:57 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\SPAMfighter
2008-06-29 22:00 . 2008-07-12 18:04 <REP> d-------- C:\Program Files\Yahoo!
2008-06-28 14:36 . 2008-06-28 14:43 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-28 14:36 . 2008-06-28 14:37 681 --a------ C:\WINDOWS\mozver.dat
2008-06-22 20:33 . 2008-06-22 20:33 <REP> d-------- C:\Program Files\VoipBuster.com
2008-06-21 21:42 . 2008-06-21 21:42 <REP> d-------- C:\Program Files\Google
2008-06-18 12:42 . 2008-06-18 12:42 244 --ah----- C:\sqmnoopt19.sqm
2008-06-18 12:42 . 2008-06-18 12:42 232 --ah----- C:\sqmdata19.sqm
2008-06-18 12:40 . 2008-06-18 12:40 244 --ah----- C:\sqmnoopt18.sqm
2008-06-18 12:40 . 2008-06-18 12:40 232 --ah----- C:\sqmdata18.sqm
2008-06-18 12:21 . 2008-06-18 12:21 <REP> d---s---- C:\Documents and Settings\lui meme\UserData
2008-06-18 12:21 . 2008-06-18 12:21 <REP> d-------- C:\Documents and Settings\lui meme\Application Data\Viewpoint
2008-06-18 00:20 . 2008-06-18 00:20 268 --ah----- C:\sqmdata17.sqm
2008-06-18 00:20 . 2008-06-18 00:20 244 --ah----- C:\sqmnoopt17.sqm
2008-06-17 22:37 . 2008-06-17 22:37 244 --ah----- C:\sqmnoopt16.sqm
2008-06-17 22:37 . 2008-06-17 22:37 232 --ah----- C:\sqmdata16.sqm
2008-06-17 22:19 . 2008-06-17 22:19 244 --ah----- C:\sqmnoopt15.sqm
2008-06-17 22:19 . 2008-06-17 22:19 232 --ah----- C:\sqmdata15.sqm
2008-06-17 22:18 . 2008-07-08 15:11 208 --ah----- C:\sqmdata14.sqm
2008-06-17 22:18 . 2008-07-08 15:11 172 --ah----- C:\sqmnoopt14.sqm
2008-06-17 21:50 . 2008-07-08 12:43 268 --ah----- C:\sqmdata13.sqm
2008-06-17 21:50 . 2008-07-08 12:43 244 --ah----- C:\sqmnoopt13.sqm
2008-06-17 21:00 . 2008-07-02 02:09 268 --ah----- C:\sqmdata12.sqm
2008-06-17 21:00 . 2008-07-02 02:09 244 --ah----- C:\sqmnoopt12.sqm
2008-06-17 20:22 . 2008-06-23 01:32 268 --ah----- C:\sqmdata11.sqm
2008-06-17 20:22 . 2008-06-23 01:32 244 --ah----- C:\sqmnoopt11.sqm
2008-06-17 20:08 . 2008-06-18 18:53 244 --ah----- C:\sqmnoopt10.sqm
2008-06-17 20:08 . 2008-06-18 18:53 232 --ah----- C:\sqmdata10.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Documents and Settings\moi meme\Application Data\OpenOffice.org2
2008-07-13 14:40 --------- d-----w C:\Program Files\Java
2008-07-12 16:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-11 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 17:11 --------- d-----w C:\Program Files\eMule
2008-07-04 20:35 --------- d-----w C:\Program Files\Windows Media Connect
2008-06-27 18:56 13,718 ----a-w C:\Documents and Settings\moi meme\Application Data\wklnhst.dat
2008-06-18 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 17:20 --------- d-----w C:\Program Files\Universalis 9
2008-06-17 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 10:40 --------- d-----w C:\Documents and Settings\elle meme\Application Data\Talkback
2008-06-08 11:20 --------- d-----w C:\Program Files\Windows Live
2008-06-06 21:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-06 20:45 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-06 20:35 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-05 05:57 --------- d-----w C:\Documents and Settings\lu meme\Application Data\MSNInstaller
2008-06-03 14:10 --------- d-----w C:\Documents and Settings\luo meme\Application Data\Talkback
2008-06-03 06:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-02 18:02 --------- d-----w C:\Program Files\Free
2008-06-02 14:48 --------- d-----w C:\Documents and Settings\moi meme\Application Data\MSNInstaller
2008-06-01 18:35 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-05-31 18:46 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-30 18:40 --------- d-----w C:\Program Files\Neuf
2008-05-23 15:05 --------- d-----w C:\Program Files\SnapKids
2008-05-18 14:54 --------- d-----w C:\Documents and Settings\moi meme\Application Data\gtk-2.0
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-06-06 12:33 88,152 ----a-w C:\Documents and Settings\moi meme\Application Data\GDIPFONTCACHEV1.DAT
2006-03-02 10:46 162 ---ha-w C:\Documents and Settings\lui meme\hpothb07.dat
2005-12-24 20:44 0 ----a-w C:\Documents and Settings\elle meme\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_23.32.53.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-18 19:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 14:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-10-18 19:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-25 07:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"E06FDXRC_1355979"="C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 18:03 301776]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage RW"="C:\Program Files\USB Storage RW\DskWatch.exe" [2004-12-23 16:00 208896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-02-18 02:49 110744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-21 00:49 26112]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 12:33 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 07:18 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 16:21 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 17:43 270336]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-07-07 14:53 1158472]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-07-04 14:38 435528]
"VTTimer"="VTTimer.exe" [2004-10-01 17:31 53248 C:\WINDOWS\system32\VTTimer.exe]
"CARPService"="carpserv.exe" [2003-03-19 01:13 4608 C:\WINDOWS\system32\carpserv.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 17:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"VTtrayp"="VTtrayp.exe" [2004-06-22 03:57 143360 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Midnight Racing\\racing.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Roady Racer\\Roady Racer.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-04 16:56]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-07-04 14:38]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe []
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 17:16]
R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 17:16]
R3 dskwatch;Disk Watch Filter;C:\WINDOWS\system32\drivers\dskwatch.sys [2004-11-30 12:19]
S3 adxapie;adxapie;C:\DOCUME~1\moi meme\LOCALS~1\Temp\adxapie.sys []
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-04 16:57]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-10 16:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-13 22:33:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 10:29:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 10:45:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 08:43:58
ComboFix2.txt 2008-07-13 21:34:50

Pre-Run: 107,546,324,992 octets libres
Post-Run: 107,526,643,712 octets libres

371 --- E O F --- 2008-07-13 21:44:20
0
Réponse 39 / 69
antish Messages postés 19 Date d'inscription   Statut Membre Dernière intervention  
 
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:03, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VTtrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06FDXRC_1355979] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108507380937
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 40 / 69
Utilisateur anonyme
 
désinstal soit antivir soit bitdefender

car 2 antivirus = conflits et ralentissement ensuite dis moi si tu connais ces programmes :

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

C:\Program Files\USB Storage RW\DskWatch.exe
0