Problème avec un virus
imn12
Messages postés
14
Statut
Membre
-
ep44 Messages postés 7415 Date d'inscription Statut Contributeur Dernière intervention -
ep44 Messages postés 7415 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
Voilà, j'aie un problème avec un certain virus TR/Dldr.FraudLoa.NC . Vue qu'un sujet de ce type à déjà été posté sur le forum, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:35:26, on 01/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\Ctfdll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ctfdll32] C:\WINDOWS\System32\Ctfdll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
O4 - HKLM\..\Run: [lphc3bej0e3dr] C:\WINDOWS\system32\lphc3bej0e3dr.exe
O4 - HKLM\..\Run: [SMrhc7bej0e3dr] C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BoreTrans] C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mona8547\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: bzzmotg - C:\WINDOWS\SYSTEM32\bzzmotg.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7896 bytes
Merci d'avance de vos réponses que j'espère nombreuses =) !
Voilà, j'aie un problème avec un certain virus TR/Dldr.FraudLoa.NC . Vue qu'un sujet de ce type à déjà été posté sur le forum, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:35:26, on 01/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\Ctfdll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ctfdll32] C:\WINDOWS\System32\Ctfdll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
O4 - HKLM\..\Run: [lphc3bej0e3dr] C:\WINDOWS\system32\lphc3bej0e3dr.exe
O4 - HKLM\..\Run: [SMrhc7bej0e3dr] C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BoreTrans] C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mona8547\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: bzzmotg - C:\WINDOWS\SYSTEM32\bzzmotg.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7896 bytes
Merci d'avance de vos réponses que j'espère nombreuses =) !
Configuration: Windows XP Firefox 2.0.0.14
23 réponses
- 1
- 2
Suivant
-
Bonjour et bienvenue sur CCM
Ton PC est lourdement infecté !
ne t'inquiète pas je vais te guider pour la désinfection
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:\Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
@+
-
Whaou de toute beauté :/
BIen, un petit boulot dans tout ça...
EDIT: je te laisse t'en occuper. -
Merci pour ton explication détaillé, mais voilà la fênetre qui m'apparait dès que j'essaie de lancer Combofix.exe :
https://www.imagup.com
Merci d'avance pour ta réponse . -
oui
quand tu le télécharge tu as du essayé de le renommer par combofix 2
as tu déjà télécharger ce logiciel ?
fait ceci
clicque sur demarrer > executer > dans la boite de dialogue taper > combofix /u
( en respectant l´espace ) et valider par ok.
ensuite essye de le retélécharger sans rien changer -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Merci encore une fois de ton aide . J'aie désinstaller le logiciel puis je l'ai réinstaller .
Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 15:04:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.60 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00033F9A
C:\Program Files\MyWebSearch\bar\Cache\0005D430
C:\Program Files\MyWebSearch\bar\Cache\0005DBB1
C:\Program Files\MyWebSearch\bar\Cache\0008C220
C:\Program Files\MyWebSearch\bar\Cache\0028E898
C:\Program Files\MyWebSearch\bar\Cache\0037C78A
C:\Program Files\MyWebSearch\bar\Cache\004C6782
C:\Program Files\MyWebSearch\bar\Cache\004C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\004C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\004C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\004C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\004C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.
2008-08-17 15:20 . 2008-08-17 15:25 12,800 --------- C:\WINDOWS\system32\WinNt32.dll
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 13:45 192,512 ----a-w C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
2008-06-21 15:53 --------- d-----w C:\Program Files\typelitemeal
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-05-15 11:48 192,512 ----a-w C:\Documents and Settings\Brahim\cbOCR.dll
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-10 18:50 192,512 ----a-w C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
2008-04-07 18:42 192,512 ----a-w C:\Documents and Settings\iiMAN3\cbOCR.dll
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-05-15 17:27 65,536 --sh--r C:\WINDOWS\system32\Ctfdll32.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfdll32"="C:\WINDOWS\System32\Ctfdll32.exe" [2005-05-15 17:27 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe" [2002-01-01 00:04 648192]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bzzmotg]
2008-05-30 15:26 21504 C:\WINDOWS\system32\bzzmotg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bgK61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgi82.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgj03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ehk60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flP60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glP60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jmp14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joS50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nqt03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsV47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otW72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouY71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Svy61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc24.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc68.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcf03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydg24.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Bfi47;Bfi47;C:\WINDOWS\system32\Drivers\Bfi47.sys []
S0 bgK61;bgK61;C:\WINDOWS\system32\Drivers\bgK61.sys []
S0 Cgi82;Cgi82;C:\WINDOWS\system32\Drivers\Cgi82.sys []
S0 Dgj03;Dgj03;C:\WINDOWS\system32\Drivers\Dgj03.sys []
S0 Ehk60;Ehk60;C:\WINDOWS\system32\Drivers\Ehk60.sys []
S0 flP60;flP60;C:\WINDOWS\system32\Drivers\flP60.sys []
S0 glP60;glP60;C:\WINDOWS\system32\Drivers\glP60.sys []
S0 Jmp14;Jmp14;C:\WINDOWS\system32\Drivers\Jmp14.sys []
S0 joS50;joS50;C:\WINDOWS\system32\Drivers\joS50.sys []
S0 Lqu71;Lqu71;C:\WINDOWS\system32\Drivers\Lqu71.sys []
S0 Nqt03;Nqt03;C:\WINDOWS\system32\Drivers\Nqt03.sys []
S0 nsV47;nsV47;C:\WINDOWS\system32\Drivers\nsV47.sys []
S0 otW72;otW72;C:\WINDOWS\system32\Drivers\otW72.sys []
S0 ouY71;ouY71;C:\WINDOWS\system32\Drivers\ouY71.sys []
S0 Svy61;Svy61;C:\WINDOWS\system32\Drivers\Svy61.sys []
S0 Uyc24;Uyc24;C:\WINDOWS\system32\Drivers\Uyc24.sys []
S0 Uyc68;Uyc68;C:\WINDOWS\system32\Drivers\Uyc68.sys []
S0 Xcf03;Xcf03;C:\WINDOWS\system32\Drivers\Xcf03.sys []
S0 Ydg24;Ydg24;C:\WINDOWS\system32\Drivers\Ydg24.sys []
S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys []
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BoreTrans - C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-lphc3bej0e3dr - C:\WINDOWS\system32\lphc3bej0e3dr.exe
HKLM-Run-SMrhc7bej0e3dr - C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
HKLM-Run-Restart - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\Mozilla\Firefox\Profiles\gntr6tnp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 15:27:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
. -
très bien ;)
reposte un nouveau rapport HijackThis et je te prépare la suite :)
@+ -
Voici mon rapport =)) :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22, on 2008-08-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\Ctfdll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\pv.cfexe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ctfdll32] C:\WINDOWS\System32\Ctfdll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
O4 - HKLM\..\Run: [lphc3bej0e3dr] C:\WINDOWS\system32\lphc3bej0e3dr.exe
O4 - HKLM\..\Run: [SMrhc7bej0e3dr] C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BoreTrans] C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mona8547\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: bzzmotg - C:\WINDOWS\SYSTEM32\bzzmotg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-
je te prépare une procédure
vu le boulot je te donne réponse tout à l'heure ;)
@+ -
re :)
sélectionne le code ci-dessousRegistry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MyWebSearch Plugin"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "bend logo clock film"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "lphc3bej0e3dr"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SMrhc7bej0e3dr"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BoreTrans"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi47.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bgK61.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgi82.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgj03.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ehk60.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flP60.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glP60.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jmp14.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq72.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joS50.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu71.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nqt03.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsV47.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otW72.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouY71.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Svy61.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa36.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc24.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc68.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcf03.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydg24.sys] Driver:: Bfi47 bgK61 Cgi82 Dgj03 Ehk60 flP60 glP60 Jmp14 joS50 Lqu71 Nqt03 nsV47 otW72 ouY71 Svy61 Uyc24 Uyc68 Xcf03 Ydg24 noskrnl.sys USB2_04 File:: C:\WINDOWS\SYSTEM32\bzzmotg.dll C:\WINDOWS\system32\lphc3bej0e3dr.exe C:\WINDOWS\system32\WinNt32.dll C:\WINDOWS\system32\Ctfdll32.exe C:\Documents and Settings\iiMAN3\cbOCR.dll C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll C:\Documents and Settings\Brahim\cbOCR.dll C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll C:\WINDOWS\system32\Drivers\Bfi47.sys C:\WINDOWS\system32\Drivers\bgK61.sys C:\WINDOWS\system32\Drivers\Cgi82.sys C:\WINDOWS\system32\Drivers\Dgj03.sys C:\WINDOWS\system32\Drivers\Ehk60.sys C:\WINDOWS\system32\Drivers\flP60.sys C:\WINDOWS\system32\Drivers\glP60.sys C:\WINDOWS\system32\Drivers\Jmp14.sys C:\WINDOWS\system32\Drivers\joS50.sys C:\WINDOWS\system32\Drivers\Lqu71.sys C:\WINDOWS\system32\Drivers\Nqt03.sys C:\WINDOWS\system32\Drivers\nsV47.sys C:\WINDOWS\system32\Drivers\otW72.sys C:\WINDOWS\system32\Drivers\ouY71.sys C:\WINDOWS\system32\Drivers\Svy61.sys C:\WINDOWS\system32\Drivers\Uyc24.sys C:\WINDOWS\system32\Drivers\Uyc68.sys C:\WINDOWS\system32\Drivers\Xcf03.sys C:\WINDOWS\system32\Drivers\Ydg24.sys C:\WINDOWS\system32\noskrnl.sys C:\WINDOWS\system32\drivers\nkv2.sys Folder:: C:\Program Files\rhc7bej0e3dr C:\Documents and Settings\All Users\Application Data\Frag great bend logo C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1 C:\Program Files\mywebsearch C:\Program Files\typelitemeal
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
@+
-
Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.
------- Sigcheck -------
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys" -
Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.
------- Sigcheck -------
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys" -
Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.
------- Sigcheck -------
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys" -
très bien :)
on refais un autre tour
sélectionne ceci
selectionne ceciRegistry:: [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cgi82] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ctl_w32] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dgj03] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ehk60] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\flP60] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glP60] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Jmp14] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\joS50] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Lqu71] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\noskrnl.sys] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nqt03] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\nsV47] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\otW72] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ouY71] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Svy61] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\USB2_04] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Uyc24] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Uyc68] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Xcf03] [-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ydg24] File:: C:\WINDOWS\system32\cbOCR.dll C:\WINDOWS\system32\dllcache\svchost.exe C:\WINDOWS\system32\dllcache\winlogon.exe C:\WINDOWS\system32\dllcache\services.exe C:\WINDOWS\system32\dllcache\spoolsv.exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme ceci
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
@+
-
Voici le rapport =) :
ComboFix 08-08-17.03 - iiMAN3 2008-08-18 11:26:45.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.86 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\dllcache\services.exe
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\dllcache\svchost.exe
C:\WINDOWS\system32\dllcache\winlogon.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brahim\UserData
C:\Documents and Settings\Brahim\UserData\[u]0[/u]JCN0BQ1\historySitePos[1].xml
C:\Documents and Settings\Brahim\UserData\G7WZYJUX\historySearchPos[1].xml
C:\Documents and Settings\Brahim\UserData\G7WZYJUX\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\Brahim\UserData\index.dat
C:\Documents and Settings\Brahim\UserData\ITUXY7YN\advstNetId[1].xml
C:\Documents and Settings\Brahim\UserData\ITUXY7YN\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\index.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\WX234163\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET\UserData
C:\Documents and Settings\iiMAN3.INTERNET\UserData\index.dat
C:\Documents and Settings\iiMAN3\UserData
C:\Documents and Settings\iiMAN3\UserData\index.dat
C:\Documents and Settings\Invité\UserData
C:\Documents and Settings\Invité\UserData\index.dat
C:\Documents and Settings\mona81096\UserData
C:\Documents and Settings\mona81096\UserData\index.dat
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\dllcache\services.exe
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\dllcache\svchost.exe
C:\WINDOWS\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
2008-08-17 20:53 . 2008-08-17 20:53 <REP> d-------- C:\Documents and Settings\InvitÚ
2008-08-17 15:18 . 2008-08-17 15:18 <REP> d-------- C:\WINDOWS\erdnt.--0
2008-08-17 15:06 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\nircmd.ex0
2008-08-17 15:02 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\swreg.ex0
2008-08-17 15:02 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\sed.ex0
2008-08-17 15:02 . 2000-08-31 08:00 89,504 --a------ C:\WINDOWS\fdsv.ex0
2008-08-17 15:02 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\grep.ex0
2008-08-17 15:02 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\zip.ex0
2008-08-17 15:02 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\VFIND.EX0
2008-08-17 15:02 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\NIRCMD.EX1
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-13 20:26 192,512 ----a-w C:\Documents and Settings\Invité\cbOCR.dll
2008-05-13 20:26 192,512 ----a-w C:\Documents and Settings\Invité\cbOCR.dll
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-17_20.51.24.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt.--0\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 11:39:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 11:45:39
ComboFix-quarantined-files.txt 2008-08-18 11:45:24
ComboFix2.txt 2008-08-17 20:53:14
Pre-Run: 1,590,345,728 octets libres
Post-Run: 1,528,438,784 octets libres
155 --- E O F --- 2008-08-18 11:44:03 -
slt. je te conseille de telecharger l'antivirus "AVIRA ANTIVIR" par le site www.touslesdrivers.com
-
Merci =), c'est déja celui que j'utilise !
Epp44, j'ai encore un problème un autre virus c'est infiltré ===> TR/Captcha.D
Merci d'avance ! -
Bonsoir
oui malheureusement ce n'est pas fini
on continu un autre fois avec combofix
selectionne ceciDriver:: Twa36 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Glock Suite 1.1"=- File:: C:\WINDOWS\system32\Drivers\Twa36.sys C:\Documents and Settings\Invité\cbOCR.dll C:\Program Files\WLinstaller.exe1.exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme ceci
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
ensuite
fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite un nouveau rapport hijack stp
@+
-
Resalut =D !
==> Mon rapport avec Combofix :
ComboFix 08-08-17.03 - iiMAN3 2008-08-20 20:31:09.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.92 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Invité\cbOCR.dll
C:\Program Files\WLinstaller.exe1.exe
C:\WINDOWS\system32\Drivers\Twa36.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brahim\Local Settings\Temporary Internet Files\
C:\Documents and Settings\iiMAN3.INTERNET.000\Cookies\iiman3@a[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Cookies\iiman3@edt02[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\43MZY36D\historySitePos[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\E58DG1Q5\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\index.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\O1H9JMQ3\advstNetId[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\O1H9JMQ3\historySearchPos[1].xml
C:\Documents and Settings\Invité\cbOCR.dll
C:\Program Files\WLinstaller.exe1.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TWA36
-------\Service_Twa36
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.
2008-08-18 22:49 . 2008-08-18 22:49 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-18 21:30 . 2008-08-18 21:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 21:30 . 2008-08-18 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 19:31 . 2008-08-18 19:31 <REP> d--hs---- C:\FOUND.099
2008-08-17 20:53 . 2008-08-17 20:53 <REP> d-------- C:\Documents and Settings\Invité
2008-08-17 15:18 . 2008-08-17 15:18 <REP> d-------- C:\WINDOWS\erdnt.--0
2008-08-17 15:06 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\nircmd.ex0
2008-08-17 15:02 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\swreg.ex0
2008-08-17 15:02 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\sed.ex0
2008-08-17 15:02 . 2000-08-31 08:00 89,504 --a------ C:\WINDOWS\fdsv.ex0
2008-08-17 15:02 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\grep.ex0
2008-08-17 15:02 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\zip.ex0
2008-08-17 15:02 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\VFIND.EX0
2008-08-17 15:02 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\NIRCMD.EX1
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-17_20.51.24.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt.--0\subs\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-07-18 22:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 22:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-20 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 20:45:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 20:53:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 20:52:58
ComboFix3.txt 2008-08-17 20:53:14
ComboFix2.txt 2008-08-18 11:45:48
Pre-Run: 1,335,689,216 octets libres
Post-Run: 1,341,308,928 octets libres
180 --- E O F --- 2008-08-18 11:44:03 -
Connait tu ceci
C:\Documents and Settings\Invité
e,suite
Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\FOUND.099
C:\Documents and Settings\Invité
C:\WINDOWS\erdnt.--0
C:\WINDOWS\nircmd.ex0
C:\WINDOWS\swreg.ex0
C:\WINDOWS\sed.ex0
C:\WINDOWS\fdsv.ex0
C:\WINDOWS\grep.ex0
C:\WINDOWS\zip.ex0
C:\WINDOWS\VFIND.EX0
C:\WINDOWS\NIRCMD.EX1
C:\FOUND.098
C:\FOUND.097
C:\FOUND.096
C:\FOUND.093
EmptyTemp
clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.
ensuite n'oublie pas bitdefender en ligne
-
Bonjour,
Voilà, depuis hier j'essaie de faire ce fameux scanner en lige (bitdefender), de plus en haut dans le page sur une barre jaune on m'indique qu'il y' aurai peut-être besoin d'installer un module et pour ça il faut que je clique dessus, je clique donc dessus mais rien ne ce passe . Voici ce qui s'affiche :
https://www.imagup.com
Merci d'avance ! !
- 1
- 2
Suivant