Gros problème avec Antivirus XP 2008.

Bonsoir,

bien merci ! Je vais faire çà de suite et je t'envoie le rapport !

D'accord. Je poste çà demain car je part travailler tôt demain...

J'ai refais une analyse et j'ai 17 menaces ... J'ai du l'arrêter , j'en referai une demain puis je ferai ce que tu m'a dit juste après ;). Merci pour ton aide !

Impossible à l'installer, j'ai désactiver mon antivirus et quand je lance le programme, il me met une erreur de find.exe et de cmd.exe

Quand j'allume on ordinateur et que je me connecte sur ma session, je doit lancer explorer.exe manuellement en faisant

CTRL + ALT + DELETE et créer une nouvelle tache... Je ne sais plus activer les mises à jour dans panneau de configuration aussi. Bref, ce virus m'a pourri mon ordinateur ... Je reprendrai demain la tête reposée, j'ai vu que tu avais réolus pas mal de personne et je ne veux pas lacher maintenant ! Un grand merci de t'occuper des problèmes des autre comme çà ;).

D'accord, mais je ne sais pas comment supprimer les menaces que lui ne sais pas supprimer (MAM )

Je refais une analyse complète de mes 3 disques dure au cas ou et je supprime ce qui sait faire...

Voici quand même le rapport générer par ComboFix...

Je n'ai pas vu de message (Type 1 to continue, or 2 to abort) pourtant j'ai déposer le script sur ComboFix.exe comme tu m'a dis...



ComboFix 08-08-04.01 - chantal 2008-08-06 12:22:48.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.599 [GMT 2:00]
Endroit: C:\Documents and Settings\chantal\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\chantal\Bureau\cfscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MSXXX1
-------\Legacy_VHACK
-------\Service_Boonty Games
-------\Service_MSXXX1
-------\Service_vhack


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 21:52 . 2008-08-05 21:52 <REP> d-------- C:\Documents and Settings\chris\Application Data\Malwarebytes
2008-08-05 21:11 . 2008-08-05 21:11 <REP> d-------- C:\Documents and Settings\josé
2008-08-05 21:11 . <REP> C:\Documents and Settings\josÚ\Local Settings
2008-08-05 21:11 . <REP> C:\Documents and Settings\josÚ\Local Settings
2008-08-05 19:36 . 2008-08-05 19:36 2,048 --a------ C:\WINDOWS\system32\fwywflqo.exe
2008-08-04 18:35 . 2008-08-04 18:35 <REP> d-------- C:\Documents and Settings\chantal\VAIO Information FLOW
2008-08-04 18:00 . 2008-08-04 18:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 18:00 . 2008-08-04 18:00 <REP> d-------- C:\Documents and Settings\chantal\Application Data\Malwarebytes
2008-08-04 18:00 . 2008-08-04 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 18:00 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 18:00 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 16:31 . 2008-08-04 16:31 <REP> d-------- C:\Documents and Settings\chantal\Application Data\Apple Computer
2008-08-04 12:07 . 2008-08-04 12:07 92 --a------ C:\WINDOWS\system32\test.html
2008-08-04 12:07 . 2008-08-04 12:07 92 --a------ C:\WINDOWS\system32\OLD1A.tmp
2008-08-04 11:58 . 2008-08-04 11:58 283 --a------ C:\Raccourci vers VAIO (C).lnk
2008-08-02 17:17 . 2008-08-02 17:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-01 21:54 . 2008-08-01 21:54 45,000 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-01 17:27 . 2008-08-01 17:28 <REP> d-------- C:\Program Files\Safari
2008-07-31 17:28 . 2008-07-31 18:18 <REP> d-------- C:\Documents and Settings\chris\Application Data\Pro Cycling Manager 2008 - Demo
2008-07-31 17:28 . 2008-07-31 17:28 87,680 --a------ C:\WINDOWS\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
2008-07-31 17:19 . 2008-07-31 17:19 <REP> d-------- C:\Program Files\Cyanide
2008-07-31 17:06 . 2001-07-15 13:15 3,428,115 --------- C:\WINDOWS\LittleCS.CAB
2008-07-31 17:06 . 2008-07-31 17:06 253,952 --------- C:\WINDOWS\Setup1.exe
2008-07-31 17:06 . 2008-07-31 17:06 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-31 17:06 . 2008-07-31 17:06 1,732 --a------ C:\WINDOWS\ST6UNST.000
2008-07-29 20:59 . 2008-07-29 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-29 18:14 . 2008-07-29 18:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-24 20:06 . 2008-07-24 20:10 <REP> d-------- C:\Program Files\Inkscape
2008-07-24 20:01 . 2008-07-24 20:01 <REP> d-------- C:\Documents and Settings\chris\Application Data\Stellarium
2008-07-24 20:00 . 2008-07-24 20:43 <REP> d-------- C:\Program Files\Stellarium
2008-07-23 14:53 . 2008-07-23 14:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-07-23 14:36 . 2008-07-23 14:39 <REP> d-------- C:\Program Files\Perfect Macro Recorder
2008-07-23 14:36 . 2006-01-26 04:43 282,624 --a------ C:\WINDOWS\system32\acomte445.ocx
2008-07-23 14:36 . 2005-08-24 17:25 221,184 --a------ C:\WINDOWS\system32\jbet33.ocx
2008-07-23 14:36 . 2004-02-23 00:00 150,528 --a------ C:\WINDOWS\system32\TLBINF32.DLL
2008-07-23 14:36 . 2005-02-01 03:46 20,480 --a------ C:\WINDOWS\system32\re324224.exe
2008-07-19 16:51 . 2008-07-19 16:51 <REP> d-------- C:\Program Files\ALLCapture 3.0 Essai
2008-07-19 16:51 . 2008-07-19 17:02 <REP> d-------- C:\Documents and Settings\chris\Application Data\ALLCapture
2008-07-18 15:41 . 2008-07-18 15:41 <REP> d-------- C:\Documents and Settings\chantal\Application Data\Symantec
2008-07-17 20:35 . 2008-07-17 20:35 <REP> d-------- C:\Program Files\Inno Setup 5
2008-07-17 16:56 . 2008-07-17 18:24 <REP> d-------- C:\Documents and Settings\chris\Application Data\Dev-Cpp
2008-07-17 16:55 . 2008-07-18 12:52 <REP> d-------- C:\Dev-Cpp
2008-07-16 15:53 . 2008-07-18 12:26 <REP> d-------- C:\Documents and Settings\chris\Application Data\codeblocks
2008-07-16 13:18 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-15 11:08 . 2008-07-15 11:11 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2008-07-14 22:08 . 2008-07-14 22:08 468 --a------ C:\WINDOWS\rsagent.ini
2008-07-14 17:01 . 2008-07-18 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-14 16:42 . 2008-07-14 16:42 <REP> d-------- C:\WINDOWS\system32\3Planesoft
2008-07-14 16:42 . 2008-07-14 16:42 <REP> d-------- C:\Program Files\Watermill 3D Screensaver
2008-07-14 16:42 . 2008-07-14 16:42 <REP> d-------- C:\Program Files\3Planesoft Screensaver Manager
2008-07-14 16:35 . 2008-07-14 16:35 <REP> d-------- C:\Program Files\Fichiers communs\Totem Shared
2008-07-12 20:21 . 2008-07-12 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 01:17 . 2008-07-09 01:58 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-07-08 19:34 . 2008-07-08 19:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-08 19:27 . 2004-08-10 14:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2008-07-08 19:27 . 2004-08-10 14:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-07-08 19:27 . 2004-08-10 14:00 12,173 --a------ C:\WINDOWS\system32\ftpctrs.ini
2008-07-08 19:27 . 2004-08-10 14:00 7,680 --a------ C:\WINDOWS\system32\ftpctrs2.dll
2008-07-08 19:27 . 2004-08-10 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\ftpctrs2.dll
2008-07-08 19:27 . 2004-08-10 14:00 2,549 --a------ C:\WINDOWS\system32\ftpctrs.h
2008-07-06 23:55 . 2008-07-06 23:55 20 --a------ C:\WINDOWS\TemplateWizard.INI
2008-07-06 23:01 . 2001-11-14 20:19 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-06 23:00 . 2008-07-06 23:00 <REP> d-------- C:\Program Files\Namo
2008-07-06 15:45 . 2008-07-06 15:50 <REP> d-------- C:\Documents and Settings\chris\dwhelper

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 10:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-06 10:14 --------- d-----w C:\Documents and Settings\chantal\Application Data\skypePM
2008-08-06 10:04 --------- d-----w C:\Program Files\Crawler
2008-08-05 19:13 --------- d-----w C:\Documents and Settings\chantal\Application Data\VMNTOOLBAR
2008-08-05 19:00 --------- d-----w C:\Documents and Settings\chantal\Application Data\Skype
2008-08-05 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 12:59 --------- d-----w C:\Documents and Settings\chris\Application Data\FileZilla
2008-08-04 10:08 --------- d-----w C:\Program Files\Notepad++
2008-08-01 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 19:39 --------- d-----w C:\Documents and Settings\chris\Application Data\Apple Computer
2008-08-01 17:16 --------- d-----w C:\Documents and Settings\chris\Application Data\vmntoolbar
2008-08-01 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-08-01 16:00 --------- d-----w C:\Program Files\QuickTime
2008-07-30 18:07 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-22 16:57 --------- d-----w C:\Program Files\Virtual Creatures
2008-07-22 15:49 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-22 15:49 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-22 15:49 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-22 15:49 --------- d-----w C:\Program Files\Symantec
2008-07-22 15:47 --------- d-----w C:\Documents and Settings\chris\Application Data\Skype
2008-07-22 14:01 --------- d-----w C:\Documents and Settings\chris\Application Data\skypePM
2008-07-18 15:14 --------- d-----w C:\Program Files\HyCam2
2008-07-16 12:26 --------- d-----w C:\Program Files\Google
2008-07-16 10:28 --------- d-----w C:\Program Files\MSN Messenger
2008-07-15 09:10 --------- d-----w C:\Program Files\Macromedia
2008-07-14 18:28 --------- d-----w C:\Documents and Settings\chris\Application Data\gtk-2.0
2008-07-12 14:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-09 20:21 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-07-08 23:12 --------- d-----w C:\Documents and Settings\chris\Application Data\Vso
2008-07-08 18:38 --------- d-----w C:\Program Files\No-IP
2008-07-06 14:16 --------- d-----w C:\Program Files\Norton 360
2008-07-04 19:04 --------- d-----w C:\Documents and Settings\chris\Application Data\Symantec
2008-07-04 16:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 19:13 --------- d-----w C:\Program Files\Samsung
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 13:11 --------- d-----w C:\Documents and Settings\chris\Application Data\Shareaza
2008-06-18 12:06 --------- d-----w C:\Program Files\LAVClock
2008-06-17 16:51 --------- d-----w C:\Documents and Settings\chris\Application Data\Blender Foundation
2008-06-17 12:04 --------- d-----w C:\Program Files\SWiSH Max2
2008-06-15 20:12 --------- d-----w C:\Documents and Settings\chris\Application Data\Inkscape
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 10:22 --------- d-----w C:\Program Files\Vista Buttons Trial
2008-06-13 16:52 --------- d-----w C:\Program Files\DynDNS Updater
2008-06-13 16:52 --------- d-----w C:\Documents and Settings\chris\Application Data\Kana Solution
2008-06-13 16:19 --------- d-----w C:\Program Files\Super macro
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-06-12 14:04 --------- d-----w C:\Program Files\Seagrand
2008-01-20 15:02 2,830 ----a-w C:\Documents and Settings\chris\Application Data\wklnhst.dat
2007-08-20 14:40 47,360 ----a-w C:\Documents and Settings\chris\Application Data\pcouffin.sys
2007-07-30 11:16 5,548 ----a-w C:\Documents and Settings\chris\ymwued.exe
2007-07-30 11:10 5,548 ----a-w C:\Documents and Settings\chris\zztazb.exe
2007-07-30 10:56 5,548 ----a-w C:\Documents and Settings\chris\vjhmyh.exe
2007-07-30 10:50 5,548 ----a-w C:\Documents and Settings\chris\tbwzqj.exe
2007-07-30 10:43 5,547 ----a-w C:\Documents and Settings\chris\uzdztr.exe
2007-07-30 10:36 5,548 ----a-w C:\Documents and Settings\chris\znbyki.exe
2007-07-30 10:30 5,548 ----a-w C:\Documents and Settings\chris\gjpehl.exe
2007-07-30 10:16 5,548 ----a-w C:\Documents and Settings\chris\hoakpf.exe
2007-07-30 10:03 5,548 ----a-w C:\Documents and Settings\chris\ajzdbb.exe
2007-07-30 09:57 5,548 ----a-w C:\Documents and Settings\chris\yujzyk.exe
2007-07-30 09:50 5,548 ----a-w C:\Documents and Settings\chris\mfqila.exe
2007-07-30 09:43 5,548 ----a-w C:\Documents and Settings\chris\xgxrhf.exe
2007-07-30 09:36 5,548 ----a-w C:\Documents and Settings\chris\yeqvki.exe
2007-07-30 09:30 5,548 ----a-w C:\Documents and Settings\chris\rcjueh.exe
2007-07-30 09:23 5,548 ----a-w C:\Documents and Settings\chris\rwdxhe.exe
2007-07-30 09:16 5,548 ----a-w C:\Documents and Settings\chris\flrdkx.exe
2007-07-30 09:10 5,548 ----a-w C:\Documents and Settings\chris\qmzwwz.exe
2007-07-30 09:03 5,548 ----a-w C:\Documents and Settings\chris\glenog.exe
2007-07-30 08:56 5,548 ----a-w C:\Documents and Settings\chris\hntcje.exe
2007-07-30 08:50 5,548 ----a-w C:\Documents and Settings\chris\aksjoj.exe
2007-07-30 08:36 5,548 ----a-w C:\Documents and Settings\chris\etxjjg.exe
2007-07-30 08:23 5,546 ----a-w C:\Documents and Settings\chris\vkdglw.exe
2007-07-30 08:16 5,548 ----a-w C:\Documents and Settings\chris\bysecm.exe
2007-07-30 08:10 5,547 ----a-w C:\Documents and Settings\chris\edagle.exe
2007-07-30 08:03 5,548 ----a-w C:\Documents and Settings\chris\xijgax.exe
2007-07-30 07:57 5,548 ----a-w C:\Documents and Settings\chris\goxkpx.exe
2007-07-30 07:50 5,548 ----a-w C:\Documents and Settings\chris\gptbue.exe
2007-07-30 07:43 5,548 ----a-w C:\Documents and Settings\chris\xhiazc.exe
2007-07-30 07:37 5,548 ----a-w C:\Documents and Settings\chris\chioeo.exe
2007-02-19 06:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-12-13 21:43 88 --sh--r C:\WINDOWS\system32\72AB846474.sys
2007-12-13 21:43 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 19:20 9,104 --sh--r C:\WINDOWS\system32\msivs10.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_21.10.39.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 17:09:59 86,815 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-08-05 21:39:35 86,968 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-08-06 10:28:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat
+ 2008-08-06 10:29:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 16:57 68856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:33 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-31 12:47 1836544]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14 344064]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-07-08 11:10 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-07-08 11:41 36864]
"SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 15:31 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 16:11 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.CDVC"= cdvccodc.dll
"vids.CDVC"= cdvccodc.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chris3191007\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chris3191007\\dedicated server\\hlds.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\maury844\\dedicated server\\hlds.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\PHPEdit\\DBG\\DbgListener.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chris3191007\\condition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chris3191007\\condition zero deleted scenes\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:80 TCP
"80:UDP"= 80:UDP:UDP
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 13:37]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:55]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 22:12]
S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 22:12]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 22:12]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 22:12]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:34]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:34]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:34]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:34]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 01:37]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 12:29:46
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-06 12:36:15 - machine was rebooted [chantal]
ComboFix-quarantined-files.txt 2008-08-06 10:36:05
ComboFix2.txt 2008-08-05 19:11:09

Pre-Run: 5,898,219,520 octets libres
Post-Run: 5,881,466,880 octets libres

343 --- E O F --- 2008-07-09 20:31:51

Voici :



C:\WINDOWS\system32\fwywflqo.exe moved successfully.
C:\Documents and Settings\chris\ymwued.exe moved successfully.
C:\Documents and Settings\chris\zztazb.exe moved successfully.
C:\Documents and Settings\chris\vjhmyh.exe moved successfully.
C:\Documents and Settings\chris\tbwzqj.exe moved successfully.
C:\Documents and Settings\chris\uzdztr.exe moved successfully.
C:\Documents and Settings\chris\znbyki.exe moved successfully.
C:\Documents and Settings\chris\gjpehl.exe moved successfully.
C:\Documents and Settings\chris\hoakpf.exe moved successfully.
C:\Documents and Settings\chris\ajzdbb.exe moved successfully.
C:\Documents and Settings\chris\yujzyk.exe moved successfully.
C:\Documents and Settings\chris\mfqila.exe moved successfully.
C:\Documents and Settings\chris\xgxrhf.exe moved successfully.
C:\Documents and Settings\chris\yeqvki.exe moved successfully.
C:\Documents and Settings\chris\rcjueh.exe moved successfully.
C:\Documents and Settings\chris\rwdxhe.exe moved successfully.
C:\Documents and Settings\chris\flrdkx.exe moved successfully.
C:\Documents and Settings\chris\qmzwwz.exe moved successfully.
C:\Documents and Settings\chris\glenog.exe moved successfully.
C:\Documents and Settings\chris\hntcje.exe moved successfully.
C:\Documents and Settings\chris\aksjoj.exe moved successfully.
C:\Documents and Settings\chris\etxjjg.exe moved successfully.
C:\Documents and Settings\chris\vkdglw.exe moved successfully.
C:\Documents and Settings\chris\bysecm.exe moved successfully.
C:\Documents and Settings\chris\edagle.exe moved successfully.
C:\Documents and Settings\chris\xijgax.exe moved successfully.
C:\Documents and Settings\chris\goxkpx.exe moved successfully.
C:\Documents and Settings\chris\gptbue.exe moved successfully.
C:\Documents and Settings\chris\xhiazc.exe moved successfully.
C:\Documents and Settings\chris\chioeo.exe moved successfully.
C:\WINDOWS\system32\72AB846474.sys moved successfully.
File/Folder C:\DOCUME~1\chris\LOCALS~1\Temp\Rar$EX00.859\IfoundnoNameforit Hack v0.1 Beta\IfoundnoNameforit Hack v0.1 Beta\IfnNfiH.sys not found.
File/Folder C:\DOCUME~1\chris\LOCALS~1\Temp\Rar$EX00.797\vhack.sys not found.
C:\Program Files\Crawler\Update moved successfully.
C:\Program Files\Crawler\TempDir moved successfully.
C:\Program Files\Crawler\TBR5LanguageAct moved successfully.
C:\Program Files\Crawler\Languages moved successfully.
C:\Program Files\Crawler\firefox\components moved successfully.
Folder move failed. C:\Program Files\Crawler\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Crawler\firefox scheduled to be moved on reboot.
C:\Program Files\Crawler\Cache\COMMON moved successfully.
C:\Program Files\Crawler\Cache moved successfully.
Folder move failed. C:\Program Files\Crawler scheduled to be moved on reboot.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08062008_170711

Files moved on Reboot...
C:\Program Files\Crawler\firefox\chrome moved successfully.
C:\Program Files\Crawler\firefox moved successfully.
C:\Program Files\Crawler moved successfully.