virtumonde détecté par spybot

Question

Bonjour,
Depuis qques jours j'avais des pubs intempestives sur mon PC. J'ai installé spybot qui a trouvé virtumonde. J'ai fait tourné Combofix et hijack, voir les deux rapports ci-dessous. Je voudrais être sûre de ce que je dois fixer avec hijack.
Merci de votre aide.

ComboFix 08-07-29.1 - Annaïg 2008-07-30 9:44:46.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1691 [GMT 2:00]
Endroit: C:\Users\Annaïg\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc\9986.exe
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\system32\awwpqudd.ini
C:\Windows\system32\cbgwlerq.dll
C:\Windows\system32\conmusbv.dll
C:\Windows\system32\cujtqoas.dll
C:\Windows\system32\kztyos.dll
C:\Windows\system32\lpvuqsvf.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nhsptrme.dll
C:\Windows\system32\rhlcalff.dll
C:\Windows\system32\rtuEeLRu.ini
C:\Windows\System32\rtuEeLRu.ini2
C:\Windows\system32\saoqtjuc.ini
C:\Windows\system32\uRLeEutr.dll
C:\Windows\system32\vbsumnoc.ini

----- BITS: Possible sites infect‚s -----

https://www.hugedomains.com/domain_profile.cfm?d=theinstalls&e=com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 09:44 . 2008-07-30 09:44 <REP> d-------- C:\327882R2FWJFW
2008-07-30 09:31 . 2008-07-30 09:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 23:43 . 2008-07-28 23:43 91 --a------ C:\Windows\wininit.ini
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 22:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-07-28 11:58 . 2008-07-28 11:59 <REP> d-------- C:\Program Files\uTorrent
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\Users\All Users\eMule
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\PROGRA~2\eMule
2008-07-22 09:08 . 2008-07-22 09:08 268 --ah----- C:\sqmdata01.sqm
2008-07-22 09:08 . 2008-07-22 09:08 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 07:38 . 2008-07-17 07:41 <REP> d-------- C:\Program Files\Norton Internet Security
2008-07-17 07:33 . 2008-07-17 07:55 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-07-17 07:33 . 2008-07-17 07:55 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-07-17 07:33 . 2008-07-17 07:55 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\PROGRA~2\Symantec Temporary Files
2008-07-16 01:00 . 2008-07-16 01:00 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-16 01:00 . 2008-07-16 01:00 1,409 --a------ C:\Windows\QTFont.for
2008-07-15 23:26 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-15 23:26 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-15 23:25 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 08:49 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 08:49 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 08:49 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 08:49 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 08:49 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 08:49 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 08:49 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-09 08:47 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 08:47 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 08:47 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 08:47 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 08:47 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 08:47 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 08:47 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-08 08:31 . 2008-07-08 08:31 244 --ah----- C:\sqmnoopt00.sqm
2008-07-08 08:31 . 2008-07-08 08:31 232 --ah----- C:\sqmdata00.sqm
2008-06-29 22:55 . 2008-07-27 10:04 151 --a------ C:\Windows\PhotoSnapViewer.INI
2008-06-27 20:45 . 2008-06-27 20:45 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-06-27 20:45 . 2008-06-27 20:45 <REP> d-------- C:\PROGRA~2\WindowsSearch
2008-06-27 12:19 . 2008-06-27 12:19 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-25 19:24 . 2008-07-28 10:43 16 --a------ C:\Windows\popcinfo.dat
2008-06-25 19:11 . 2008-06-25 19:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-25 11:58 . 2008-06-25 11:58 <REP> d-------- C:\PerfLogs
2008-06-23 14:21 . 2008-07-30 09:43 69 --a------ C:\Windows\NeroDigital.ini
2008-06-23 14:17 . 2008-06-23 14:17 <REP> d-------- C:\Windows\Sun
2008-06-14 17:12 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:12 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:12 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:12 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 17:12 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 17:12 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 14:14 . 2008-06-13 14:14 24,112 --a------ C:\Windows\System32\drivers\SymIMV.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\Windows\System32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\Windows\System32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\Windows\System32\drivers\symdns.sys
2008-06-11 08:37 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 08:37 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 08:36 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 08:36 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-06 22:20 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-06-06 22:19 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-06 22:18 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-06-06 22:17 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-06 22:16 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-06 22:16 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-06 22:16 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-06 22:16 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-06 22:16 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-06 22:16 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-06 22:16 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-06 22:16 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-06 22:16 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 07:59 --------- d-----w C:\Program Files\Wanadoo
2008-07-28 08:43 --------- d---a-w C:\PROGRA~2\TEMP
2008-07-27 10:52 --------- d-----w C:\Program Files\Azureus
2008-07-24 09:43 --------- d-----w C:\Program Files\eMule
2008-07-17 05:55 --------- d-----w C:\Program Files\Symantec
2008-07-17 05:55 --------- d-----w C:\PROGRA~2\Symantec
2008-07-17 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-10 06:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-25 10:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Journal
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Defender
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Calendar
2008-06-25 09:43 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-06-25 06:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-25 06:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-10 06:44 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 06:44 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2007-06-21 17:13 73,632 ----a-w C:\Users\Rico\Preparation_MSN.exe
2007-06-21 17:10 365,464 ----a-w C:\Users\Rico\emoticones1_5.exe
2007-03-09 19:40 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 14:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 03:41 188416]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 18:11 577536]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 09:31 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 15:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"FTRTSVC"="C:\Windows\System32\FTRTSVC.exe" [2004-08-23 15:49 40960]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-28 13:12:41 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\uRLeEutr

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAC5A3FC-8AE7-42B8-8245-4F30B695AC76}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{A8A0685B-21C2-451E-BFFC-903D6198E143}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{F84D263D-A7EF-4567-9716-DDC099B6A361}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{00A42D02-D487-48C3-8A20-0944B71697CA}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{078F997F-ED23-4D7A-9D64-23E4A61E01AA}"= UDP:54481:TCPe
"{5FE329A7-EB25-4C2D-BBE7-9E398B153043}"= TCP:16038:UDPe
"{FF7655C6-310C-47EF-A9FB-153946B5DE72}"= UDP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{9B6EF159-059D-4944-9FF0-3B671B7E3E19}"= TCP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{3268A891-7DC6-4B2F-B9A0-90A97DBB8E4B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{93211A1A-7EFD-41B4-A688-BC5E64971C1D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BAF74B77-6CF5-4B08-8766-2DF0CAC38581}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D770DB57-D660-449B-9229-FD04B7D9FB79}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9C26F211-C564-43EB-975D-5FF57D51F4D1}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EE0F63F5-C2AF-4135-BC14-0781A18AACD5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{75045E26-DB3A-43E8-814E-AD55FD4719D5}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F731003D-72FE-4019-983B-F8A0EB8A5D4A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B637B5B1-EE34-4504-99C4-E4FD6AF3DD15}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3FB83BCC-8F15-43B7-BC07-C2B481ED3E06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F7EDED03-9679-4BB1-A986-C853AF953E11}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{109AF6EC-C4DB-4D07-AE32-48CE616008A2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{83F40017-6953-4739-B1C2-C51FE9812DDE}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{B8256FD3-ADAE-439B-B4C6-2A1AEA9CB5A8}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080725.002\IDSvix86.sys [2008-03-20 22:37]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-BM5f1b891c - C:\Windows\system32\cbgwlerq.dll
HKCU-Run-5c28ba80 - C:\Windows\system32\cujtqoas.dll
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKLM-Run-MSServer - C:\Windows\system32\ljJCttTn.dll
HKLM-Run-5c28ba80 - C:\Windows\system32\cujtqoas.dll
HKLM-Run-BM5f1b891c - C:\Windows\system32\cbgwlerq.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
C:\Windows\Downloaded Program Files\CERTDGI1.dll

O16 -: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
C:\Windows\Downloaded Program Files\ImageUploader3.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\ImageUploader3.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 10:01:29
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28, on 2008-07-30
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\VistaCodecPack\QT\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJCttTn.dll,#1
O4 - HKLM\..\Run: [5c28ba80] rundll32.exe "C:\Windows\system32\cujtqoas.dll",b
O4 - HKLM\..\Run: [BM5f1b891c] Rundll32.exe "C:\Windows\system32\cbgwlerq.dll",s
O4 - HKLM\..\RunServices: [FTRTSVC] C:\Windows\System32\FTRTSVC.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM5f1b891c] Rundll32.exe "C:\Windows\system32\cbgwlerq.dll",s
O4 - HKCU\..\Run: [5c28ba80] rundll32.exe "C:\Windows\system32\cujtqoas.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Afficher la suite

anthony5151 · Answer

Bonjour,

Spybot ne pourra pas supprimer totalement l'infection Vundo/Virtumonde, ne te fatigue pas à faire des scans avec ce logiciel. 
Pour ce type d'infection, il serait préférable de commencer par utiliser MalwareByte's Anti-malware avant combofix :


Télécharge et installe Malwarebyte's Anti-Malware :  http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée 
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lance Malwarebyte's Anti-Malware 
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen" 
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection 
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

nanakik · Answer

Voilà le rapport après scan de Malwarebytes :
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 6.0.6001 Service Pack 1

17:30:44 2008-07-30
mbam-log-7-30-2008 (17-30-37).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 145353
Temps écoulé: 54 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Users\Annaïg\AppData\Roaming\Microsoft\dtsc\9986.exe.vir (Trojan.Downloader) -> No action taken.
C:\Users\Rico\AppData\Local\Temp\rqRKcaWQ.dll (Trojan.Vundo) -> No action taken.

Par contre qd le pc démarre j'ai des messages d'erreur où apparaissent les noms des virus détectés par combofix

Merci.

anthony5151 · Answer

"Par contre qd le pc démarre j'ai des messages d'erreur où apparaissent les noms des virus détectés par combofix"
==> c'est normal ;)  On verra pour t'en débarrasser après.

Le rapport de MalwareByte's indique "No action taken", tu as bien tout coché et cliqué sur supprimer ?  Sinon il faut recommencer.


Ensuite, j'aurai besoin d'un nouveau rapport Combofix, utilisé correctement. Pour cela, supprime le Combofix que tu as téléchargé et fais exactement ce qui suit : 

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- 
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES le temps de la manipulation, en particulier le TeaTimer de Spybot. Pour cela, ouvre Spybot --> Mode --> Mode Avancé --> Outils --> Résident --> décoche TeaTimer : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! 
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ... 
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

UAC pour Vista : Désactive le contrôle des comptes utilisateurs : Menu démarrer -->  panneau de configuration --> Comptes d'utilisateur --> clique sur désactiver le controle des comptes utilisateurs

--------------------------------------------------------------------------------------------------------------------------------- 

Ensuite : 

Clic droit sur C-Fix.exe --> exécuter en tant qu’administrateur

Appuie sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

nanakik · Answer

voici enfin le rapport !
ComboFix 08-08-10.05 - Annaïg 2008-08-11 19:14:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1220 [GMT 2:00]
Endroit: C:\Users\Annaïg\Desktop\C-fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
.
---- Previous Run -------
.
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc\9986.exe
C:\Users\Annaïg\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\system32\awwpqudd.ini
C:\Windows\system32\cbgwlerq.dll
C:\Windows\system32\conmusbv.dll
C:\Windows\system32\cujtqoas.dll
C:\Windows\system32\kztyos.dll
C:\Windows\system32\lpvuqsvf.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nhsptrme.dll
C:\Windows\system32\rhlcalff.dll
C:\Windows\system32\rtuEeLRu.ini
C:\Windows\System32\rtuEeLRu.ini2
C:\Windows\system32\saoqtjuc.ini
C:\Windows\system32\uRLeEutr.dll
C:\Windows\system32\vbsumnoc.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 16:20 . 2008-07-30 16:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-30 16:20 . 2008-07-30 16:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-30 11:22 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-07-30 11:22 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-07-30 11:22 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-07-30 11:22 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-07-30 09:44 . 2008-07-30 10:09 <REP> d-------- C:\ComboFix
2008-07-30 09:44 . 2008-08-11 19:13 <REP> d-------- C:\327882R2FWJFW
2008-07-30 09:31 . 2008-07-30 09:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 23:43 . 2008-07-28 23:43 91 --a------ C:\Windows\wininit.ini
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 22:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 11:58 . 2008-07-28 11:59 <REP> d-------- C:\Program Files\uTorrent
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\Users\All Users\eMule
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\ProgramData\eMule
2008-07-22 09:08 . 2008-07-22 09:08 268 --ah----- C:\sqmdata01.sqm
2008-07-22 09:08 . 2008-07-22 09:08 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 22:48 . 2008-07-17 22:48 <REP> d-------- C:\Users\Rico\AppData\Roaming\Symantec
2008-07-17 07:38 . 2008-07-17 07:41 <REP> d-------- C:\Program Files\Norton Internet Security
2008-07-17 07:33 . 2008-07-17 07:55 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-07-17 07:33 . 2008-07-17 07:55 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-07-17 07:33 . 2008-07-17 07:55 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\ProgramData\Symantec Temporary Files
2008-07-16 01:00 . 2008-07-16 01:00 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-16 01:00 . 2008-07-16 01:00 1,409 --a------ C:\Windows\QTFont.for
2008-07-15 23:26 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-15 23:26 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-15 23:25 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 17:21 --------- d-----w C:\Program Files\Wanadoo
2008-08-05 17:06 --------- d---a-w C:\ProgramData\TEMP
2008-08-05 07:26 --------- d-----w C:\ProgramData\Symantec
2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-27 10:52 --------- d-----w C:\Program Files\Azureus
2008-07-25 05:59 12,978 ----a-w C:\Users\Rico\AppData\Roaming\nvModes.dat
2008-07-24 09:43 --------- d-----w C:\Program Files\eMule
2008-07-17 05:55 --------- d-----w C:\Program Files\Symantec
2008-07-17 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-10 06:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-27 18:45 --------- d-----w C:\ProgramData\WindowsSearch
2008-06-27 10:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-25 17:11 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-25 10:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Journal
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Defender
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Calendar
2008-06-25 09:43 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-06-13 12:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 12:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 12:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2007-06-21 17:13 73,632 ----a-w C:\Users\Rico\Preparation_MSN.exe
2007-06-21 17:10 365,464 ----a-w C:\Users\Rico\emoticones1_5.exe
2007-03-09 19:40 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-30_10.07.48.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-30 07:40:29 558,608 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-11 17:19:15 560,368 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-07-30 07:58:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-11 17:20:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-11 17:20:53 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-25 10:16:07 2,634,570 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-30 09:31:21 2,634,570 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-07-30 07:58:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-11 17:20:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-01-19 07:34:37 1,671,168 ----a-w C:\Windows\System32\chsbrkr.dll
+ 2008-05-27 05:17:13 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
- 2008-01-19 07:34:40 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
+ 2008-05-27 05:17:16 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
- 2008-07-30 07:38:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-11 16:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-30 07:38:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-11 16:57:02 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-30 07:38:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-11 16:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 22:57:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-11 17:14:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-01-19 07:34:42 42,496 ----a-w C:\Windows\System32\korwbrkr.dll
+ 2008-05-27 05:17:16 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
- 2008-01-19 07:34:49 35,328 ----a-w C:\Windows\System32\mimefilt.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\System32\mimefilt.dll
- 2008-01-19 07:35:12 51,200 ----a-w C:\Windows\System32\msscntrs.dll
+ 2008-05-27 05:17:25 60,416 ----a-w C:\Windows\System32\msscntrs.dll
- 2008-01-19 07:35:13 248,832 ----a-w C:\Windows\System32\msshsq.dll
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\System32\msshsq.dll
- 2008-01-19 07:35:13 98,304 ----a-w C:\Windows\System32\mssitlb.dll
+ 2008-05-27 05:17:25 87,552 ----a-w C:\Windows\System32\mssitlb.dll
- 2008-01-19 07:35:13 333,824 ----a-w C:\Windows\System32\mssph.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\System32\mssph.dll
- 2008-01-19 07:35:13 167,936 ----a-w C:\Windows\System32\mssphtb.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\System32\mssphtb.dll
- 2008-01-19 07:35:13 32,256 ----a-w C:\Windows\System32\mssprxy.dll
+ 2008-05-27 05:17:26 32,768 ----a-w C:\Windows\System32\mssprxy.dll
- 2008-01-19 07:36:08 1,400,832 ----a-w C:\Windows\System32\mssrch.dll
+ 2008-05-27 05:21:24 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
- 2008-01-19 07:35:13 52,224 ----a-w C:\Windows\System32\msstrc.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\System32\msstrc.dll
- 2008-01-19 07:35:13 1,696,768 ----a-w C:\Windows\System32\mssvp.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\System32\mssvp.dll
- 2008-01-19 07:35:38 122,368 ----a-w C:\Windows\System32\nlhtml.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\System32\nlhtml.dll
- 2008-01-19 07:36:00 194,560 ----a-w C:\Windows\System32\offfilt.dll
+ 2008-05-27 05:17:23 194,560 ----a-w C:\Windows\System32\offfilt.dll
- 2008-07-25 05:57:42 124,434 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-07-30 09:31:00 124,434 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-07-25 05:57:42 672,334 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-07-30 09:31:00 672,322 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-19 07:36:11 65,536 ----a-w C:\Windows\System32\propdefs.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\System32\propdefs.dll
- 2008-01-19 07:36:11 750,080 ----a-w C:\Windows\System32\propsys.dll
+ 2008-05-27 05:17:46 754,176 ----a-w C:\Windows\System32\propsys.dll
- 2008-01-19 07:36:17 26,624 ----a-w C:\Windows\System32\rtffilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\System32\rtffilt.dll
- 2008-01-19 07:33:28 76,800 ----a-w C:\Windows\System32\SearchFilterHost.exe
+ 2008-05-27 05:17:55 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
- 2008-01-19 07:33:28 302,080 ----a-w C:\Windows\System32\SearchIndexer.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
- 2008-01-19 07:33:28 179,200 ----a-w C:\Windows\System32\SearchProtocolHost.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
- 2008-07-16 21:47:30 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-07-30 14:26:12 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-01-19 07:36:35 258,048 ----a-w C:\Windows\System32\srchadmin.dll
+ 2008-05-27 05:17:28 301,568 ----a-w C:\Windows\System32\srchadmin.dll
- 2006-11-02 09:46:13 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
+ 2008-05-27 05:17:16 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
- 2008-01-19 07:36:42 1,505,792 ----a-w C:\Windows\System32\tquery.dll
+ 2008-05-27 05:21:07 1,582,592 ----a-w C:\Windows\System32\tquery.dll
- 2008-07-30 06:34:30 13,392 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1000_UserData.bin
+ 2008-08-11 16:41:30 13,952 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1000_UserData.bin
- 2008-07-27 13:30:15 8,712 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1001_UserData.bin
+ 2008-08-04 05:38:14 8,712 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1001_UserData.bin
- 2008-07-30 06:34:30 63,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-11 16:41:29 65,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-28 22:33:41 2,902 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-08-07 21:53:59 2,902 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-07-30 08:00:02 52,390 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-11 16:41:27 53,078 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-07-19 15:15:48 266,812 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-08-11 14:52:21 271,796 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-07-17 05:33:19 142,234 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-08-11 08:40:06 166,630 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2008-01-19 07:37:11 27,136 ----a-w C:\Windows\System32\wsepno.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\System32\wsepno.dll
- 2008-01-19 07:37:12 110,592 ----a-w C:\Windows\System32\xmlfilter.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
- 2008-07-16 19:32:07 135,345,229 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-30 09:22:55 136,158,576 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-27 05:17:28 301,568 ----a-w C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.6001.16503_none_13fcab3737a334c2\srchadmin.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\nlhtml.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
+ 2008-05-27 05:17:23 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.6001.16503_none_fab3f42bbfadf408\offfilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
+ 2008-05-27 05:17:46 754,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
+ 2008-05-27 05:17:16 6,103,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.6001.16503_none_df2000cce0d8c017\chtbrkr.dll
+ 2008-05-27 05:17:16 313,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
+ 2008-05-27 05:17:16 143,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
+ 2008-05-27 05:17:13 1,671,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.6001.16503_none_4cbdb704b61543d2\chsbrkr.dll
+ 2008-05-27 05:18:43 13,824 ----a-w C:\Windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
+ 2008-05-27 04:59:39 106,605 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
+ 2008-05-27 04:59:40 18,904 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
+ 2008-05-27 05:17:42 34,816 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
+ 2008-05-27 05:17:25 60,416 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
+ 2008-05-27 05:17:36 11,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
+ 2008-05-27 05:17:25 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
+ 2008-05-27 05:17:26 32,768 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
+ 2008-05-27 05:21:24 1,418,240 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssrch.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
+ 2008-05-27 05:17:55 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
+ 2008-05-27 05:21:07 1,582,592 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\tquery.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BM5f1b891c"="C:\Windows\system32\cbgwlerq.dll" [BU]
"5c28ba80"="C:\Windows\system32\cujtqoas.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 14:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 03:41 188416]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 18:11 577536]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 09:31 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"5c28ba80"="C:\Windows\system32\cujtqoas.dll" [BU]
"BM5f1b891c"="C:\Windows\system32\cbgwlerq.dll" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 15:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"FTRTSVC"="C:\Windows\System32\FTRTSVC.exe" [2004-08-23 15:49 40960]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-28 13:12:41 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAC5A3FC-8AE7-42B8-8245-4F30B695AC76}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{A8A0685B-21C2-451E-BFFC-903D6198E143}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{F84D263D-A7EF-4567-9716-DDC099B6A361}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{00A42D02-D487-48C3-8A20-0944B71697CA}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{078F997F-ED23-4D7A-9D64-23E4A61E01AA}"= UDP:54481:TCPe
"{5FE329A7-EB25-4C2D-BBE7-9E398B153043}"= TCP:16038:UDPe
"{FF7655C6-310C-47EF-A9FB-153946B5DE72}"= UDP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{9B6EF159-059D-4944-9FF0-3B671B7E3E19}"= TCP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{3268A891-7DC6-4B2F-B9A0-90A97DBB8E4B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{93211A1A-7EFD-41B4-A688-BC5E64971C1D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BAF74B77-6CF5-4B08-8766-2DF0CAC38581}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D770DB57-D660-449B-9229-FD04B7D9FB79}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9C26F211-C564-43EB-975D-5FF57D51F4D1}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EE0F63F5-C2AF-4135-BC14-0781A18AACD5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{75045E26-DB3A-43E8-814E-AD55FD4719D5}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F731003D-72FE-4019-983B-F8A0EB8A5D4A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B637B5B1-EE34-4504-99C4-E4FD6AF3DD15}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3FB83BCC-8F15-43B7-BC07-C2B481ED3E06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F7EDED03-9679-4BB1-A986-C853AF953E11}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{109AF6EC-C4DB-4D07-AE32-48CE616008A2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{83F40017-6953-4739-B1C2-C51FE9812DDE}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{B8256FD3-ADAE-439B-B4C6-2A1AEA9CB5A8}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080808.007\IDSvix86.sys [2008-03-20 22:37]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-10 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
C:\Windows\Downloaded Program Files\CERTDGI1.dll

O16 -: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.aubertphotos.com/Components/Upload/ImageUploader3.cab
C:\Windows\Downloaded Program Files\ImageUploader3.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\ImageUploader3.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 19:22:40
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\conime.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-11 19:29:57 - machine was rebooted [Anna‹g]
ComboFix-quarantined-files.txt 2008-08-11 17:29:41

Pre-Run: 16,741,232,640 octets libres
Post-Run: 16,559,992,832 octets libres

391 --- E O F --- 2008-07-30 09:24:09

anthony5151 · Answer

Bien !  (je pars en vacances demain, ce serait bien si on finissait ce soir)

Toujours avec toutes les protections désactivées, fais ceci :

Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File:: 
C:\Windows\system32\cujtqoas.dll
 C:\Windows\system32\cbgwlerq.dll

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5f1b891c"= 
"5c28ba80"=

------------------------------------------------------------------

- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes 

·  Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide. 
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal ! 
Ne touche à rien tant que le scan n'est pas terminé. 
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

nanakik · Answer

Voici le résultat.
On verra donc à ton retour de vacances, bonnes vacances d'ailleurs !
ComboFix 08-08-10.05 - Annaïg 2008-08-13 9:17:09.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1132 [GMT 2:00]
Endroit: C:\Users\Annaïg\Desktop\C-fix.exe
Command switches used :: C:\Users\Annaïg\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\cbgwlerq.dll
C:\Windows\system32\cujtqoas.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 16:20 . 2008-07-30 16:20 <REP> d-------- C:\Users\Annaïg\AppData\Roaming\Malwarebytes
2008-07-30 16:20 . 2008-07-30 16:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-30 16:20 . 2008-07-30 16:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-30 11:22 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-07-30 11:22 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-07-30 11:22 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-07-30 11:22 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-07-30 09:44 . 2008-07-30 10:09 <REP> d-------- C:\ComboFix
2008-07-30 09:31 . 2008-07-30 09:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 23:43 . 2008-07-28 23:43 91 --a------ C:\Windows\wininit.ini
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 23:19 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-28 22:45 . 2008-07-28 22:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 11:58 . 2008-07-28 11:59 <REP> d-------- C:\Program Files\uTorrent
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\Users\All Users\eMule
2008-07-24 11:46 . 2008-07-24 11:46 <REP> d-------- C:\ProgramData\eMule
2008-07-22 09:08 . 2008-07-22 09:08 268 --ah----- C:\sqmdata01.sqm
2008-07-22 09:08 . 2008-07-22 09:08 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 22:48 . 2008-07-17 22:48 <REP> d-------- C:\Users\Rico\AppData\Roaming\Symantec
2008-07-17 07:42 . 2008-07-17 07:42 <REP> d-------- C:\Users\Annaïg\AppData\Roaming\Symantec
2008-07-17 07:38 . 2008-07-17 07:41 <REP> d-------- C:\Program Files\Norton Internet Security
2008-07-17 07:33 . 2008-07-17 07:55 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-07-17 07:33 . 2008-07-17 07:55 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-07-17 07:33 . 2008-07-17 07:55 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-07-16 21:27 . 2008-07-16 21:27 <REP> d-------- C:\ProgramData\Symantec Temporary Files
2008-07-16 01:00 . 2008-07-16 01:00 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-16 01:00 . 2008-07-16 01:00 1,409 --a------ C:\Windows\QTFont.for
2008-07-15 23:26 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-15 23:26 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-15 23:25 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 07:21 6,029,312 --sha-w C:\Users\Annaïg\ntuser.dat
2008-08-13 07:21 6,029,312 --sha-w C:\Users\Annaïg\ntuser.dat
2008-08-13 06:39 --------- d-----w C:\Program Files\Wanadoo
2008-08-12 22:22 25,248 ----a-w C:\Users\Annaïg\AppData\Roaming\nvModes.dat
2008-08-12 22:22 --------- d---a-w C:\ProgramData\TEMP
2008-08-05 07:26 --------- d-----w C:\ProgramData\Symantec
2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-30 14:20 --------- d-----w C:\Users\Annaïg\AppData\Roaming\Malwarebytes
2008-07-30 07:48 --------- d-s---w C:\Users\Annaïg\AppData\Roaming\Microsoft
2008-07-28 10:01 --------- d-----w C:\Users\Annaïg\AppData\Roaming\Azureus
2008-07-27 10:52 --------- d-----w C:\Program Files\Azureus
2008-07-25 05:59 12,978 ----a-w C:\Users\Rico\AppData\Roaming\nvModes.dat
2008-07-24 09:43 --------- d-----w C:\Program Files\eMule
2008-07-17 05:55 --------- d-----w C:\Program Files\Symantec
2008-07-17 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-17 05:42 --------- d-----w C:\Users\Annaïg\AppData\Roaming\Symantec
2008-07-10 06:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-29 14:44 --------- d-----w C:\Users\Annaïg\AppData\Roaming\WinRAR
2008-06-27 18:45 --------- d-----w C:\ProgramData\WindowsSearch
2008-06-27 10:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-26 09:06 --------- d-----w C:\Users\Annaïg\AppData\Roaming\Real
2008-06-25 17:11 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-25 10:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Journal
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Defender
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-25 10:01 --------- d-----w C:\Program Files\Windows Calendar
2008-06-25 09:43 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-06-25 06:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-25 06:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 12:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 12:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 12:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2007-06-21 17:13 73,632 ----a-w C:\Users\Rico\Preparation_MSN.exe
2007-06-21 17:10 365,464 ----a-w C:\Users\Rico\emoticones1_5.exe
2007-04-06 12:16 3,814 ----a-w C:\Users\Annaïg\DVDthequeAnnaig.zip
2007-04-06 12:16 3,814 ----a-w C:\Users\Annaïg\DVDthequeAnnaig.zip
2007-03-30 19:35 53,394,464 ----a-w C:\Users\Annaïg\jdk-1_5_0_11-windows-i586-p.exe
2007-03-30 19:35 53,394,464 ----a-w C:\Users\Annaïg\jdk-1_5_0_11-windows-i586-p.exe
2007-03-09 19:40 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-11_19.28.26.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-11 17:19:15 560,368 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-12 22:24:07 560,448 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-13 06:36:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-13 06:36:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-11 17:20:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-13 06:38:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-13 06:38:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-11 17:20:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-13 07:21:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-08-11 16:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-13 06:54:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-11 16:57:02 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-13 06:54:26 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-11 16:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-13 06:54:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-11 16:41:30 13,952 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1000_UserData.bin
+ 2008-08-13 06:39:53 14,128 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2221938826-1693025978-2702225135-1000_UserData.bin
- 2008-08-11 16:41:29 65,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-13 06:39:52 65,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-11 16:41:27 53,078 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-13 06:39:47 53,078 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-11 14:52:21 271,796 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-08-12 22:01:09 271,900 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BM5f1b891c"="C:\Windows\system32\cbgwlerq.dll" [BU]
"5c28ba80"="C:\Windows\system32\cujtqoas.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 14:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 03:41 188416]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 18:11 577536]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 09:31 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"5c28ba80"="C:\Windows\system32\cujtqoas.dll" [BU]
"BM5f1b891c"="C:\Windows\system32\cbgwlerq.dll" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 15:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"FTRTSVC"="C:\Windows\System32\FTRTSVC.exe" [2004-08-23 15:49 40960]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-28 13:12:41 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAC5A3FC-8AE7-42B8-8245-4F30B695AC76}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{A8A0685B-21C2-451E-BFFC-903D6198E143}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus
"{F84D263D-A7EF-4567-9716-DDC099B6A361}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{00A42D02-D487-48C3-8A20-0944B71697CA}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{078F997F-ED23-4D7A-9D64-23E4A61E01AA}"= UDP:54481:TCPe
"{5FE329A7-EB25-4C2D-BBE7-9E398B153043}"= TCP:16038:UDPe
"{FF7655C6-310C-47EF-A9FB-153946B5DE72}"= UDP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{9B6EF159-059D-4944-9FF0-3B671B7E3E19}"= TCP:C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe:Accessibilité
"{3268A891-7DC6-4B2F-B9A0-90A97DBB8E4B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{93211A1A-7EFD-41B4-A688-BC5E64971C1D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BAF74B77-6CF5-4B08-8766-2DF0CAC38581}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D770DB57-D660-449B-9229-FD04B7D9FB79}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9C26F211-C564-43EB-975D-5FF57D51F4D1}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EE0F63F5-C2AF-4135-BC14-0781A18AACD5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{75045E26-DB3A-43E8-814E-AD55FD4719D5}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F731003D-72FE-4019-983B-F8A0EB8A5D4A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B637B5B1-EE34-4504-99C4-E4FD6AF3DD15}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3FB83BCC-8F15-43B7-BC07-C2B481ED3E06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F7EDED03-9679-4BB1-A986-C853AF953E11}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{109AF6EC-C4DB-4D07-AE32-48CE616008A2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{83F40017-6953-4739-B1C2-C51FE9812DDE}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{B8256FD3-ADAE-439B-B4C6-2A1AEA9CB5A8}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080811.001\IDSvix86.sys [2008-03-20 22:37]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-04 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Annaïg.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]

2008-08-12 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 09:21:52
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-13 9:23:49
ComboFix-quarantined-files.txt 2008-08-13 07:23:37
ComboFix2.txt 2008-08-11 17:29:59

Pre-Run: 18,499,801,088 octets libres
Post-Run: 18,252,660,736 octets libres

252 --- E O F --- 2008-07-30 09:24:09

Virtumonde détecté par spybot

6 réponses

Votre réponse

Discussions similaires

Newsletters