Problème avec un virus

Question

Bonjour,
Voilà, j'aie un  problème avec un certain virus TR/Dldr.FraudLoa.NC . Vue qu'un sujet de ce type à déjà été posté sur le forum, voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:35:26, on 01/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\Ctfdll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ctfdll32] C:\WINDOWS\System32\Ctfdll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
O4 - HKLM\..\Run: [lphc3bej0e3dr] C:\WINDOWS\system32\lphc3bej0e3dr.exe
O4 - HKLM\..\Run: [SMrhc7bej0e3dr] C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BoreTrans] C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mona8547\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: bzzmotg - C:\WINDOWS\SYSTEM32\bzzmotg.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ep44 · Answer

Bonjour et bienvenue sur CCM

Ton PC est lourdement infecté !

ne t'inquiète pas je vais te guider pour la désinfection

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Déconnecte toi d'internet et ferme toutes tes applications.
    * Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
    * Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
    * /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
    * Attends que Combofix ait terminé, un rapport sera créé.
    * réactive ton parefeu, ton antivirus, la garde de ton antispyware
    * copie/colle le rapport, le rapport se trouve dans : C:\Combofix.txt
    * Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

@+

Hadrienen · Answer

Whaou de toute beauté :/

BIen, un petit boulot dans tout ça...

EDIT: je te laisse t'en occuper.

imn12 · Answer

Merci pour ton explication détaillé, mais voilà la fênetre qui m'apparait dès que j'essaie de lancer Combofix.exe :

https://www.imagup.com

Merci d'avance pour ta réponse .

ep44 · Answer

oui 

quand tu le télécharge tu as du essayé de le renommer par combofix 2
as tu déjà télécharger ce logiciel ?

fait ceci 
clicque sur demarrer > executer > dans la boite de dialogue taper > combofix /u 
( en respectant l´espace ) et valider par ok. 



ensuite essye de le retélécharger sans rien changer

imn12 · Answer

Merci encore une fois de ton aide . J'aie désinstaller le logiciel puis je l'ai réinstaller .
Voici le rapport :

ComboFix 08-08-16.01 - iiMAN3 2008-08-17 15:04:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.60 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00033F9A
C:\Program Files\MyWebSearch\bar\Cache\0005D430
C:\Program Files\MyWebSearch\bar\Cache\0005DBB1
C:\Program Files\MyWebSearch\bar\Cache\0008C220
C:\Program Files\MyWebSearch\bar\Cache\0028E898
C:\Program Files\MyWebSearch\bar\Cache\0037C78A
C:\Program Files\MyWebSearch\bar\Cache\004C6782
C:\Program Files\MyWebSearch\bar\Cache\004C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\004C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\004C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\004C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\004C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\00B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\00B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

2008-08-17 15:20 . 2008-08-17 15:25 12,800 --------- C:\WINDOWS\system32\WinNt32.dll
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 13:45 192,512 ----a-w C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
2008-06-21 15:53 --------- d-----w C:\Program Files\typelitemeal
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-05-15 11:48 192,512 ----a-w C:\Documents and Settings\Brahim\cbOCR.dll
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-10 18:50 192,512 ----a-w C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
2008-04-07 18:42 192,512 ----a-w C:\Documents and Settings\iiMAN3\cbOCR.dll
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-05-15 17:27 65,536 --sh--r C:\WINDOWS\system32\Ctfdll32.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfdll32"="C:\WINDOWS\System32\Ctfdll32.exe" [2005-05-15 17:27 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe" [2002-01-01 00:04 648192]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bzzmotg]
2008-05-30 15:26 21504 C:\WINDOWS\system32\bzzmotg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bgK61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgi82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgj03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ehk60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flP60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glP60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jmp14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joS50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nqt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsV47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otW72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouY71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Svy61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcf03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydg24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Bfi47;Bfi47;C:\WINDOWS\system32\Drivers\Bfi47.sys []
S0 bgK61;bgK61;C:\WINDOWS\system32\Drivers\bgK61.sys []
S0 Cgi82;Cgi82;C:\WINDOWS\system32\Drivers\Cgi82.sys []
S0 Dgj03;Dgj03;C:\WINDOWS\system32\Drivers\Dgj03.sys []
S0 Ehk60;Ehk60;C:\WINDOWS\system32\Drivers\Ehk60.sys []
S0 flP60;flP60;C:\WINDOWS\system32\Drivers\flP60.sys []
S0 glP60;glP60;C:\WINDOWS\system32\Drivers\glP60.sys []
S0 Jmp14;Jmp14;C:\WINDOWS\system32\Drivers\Jmp14.sys []
S0 joS50;joS50;C:\WINDOWS\system32\Drivers\joS50.sys []
S0 Lqu71;Lqu71;C:\WINDOWS\system32\Drivers\Lqu71.sys []
S0 Nqt03;Nqt03;C:\WINDOWS\system32\Drivers\Nqt03.sys []
S0 nsV47;nsV47;C:\WINDOWS\system32\Drivers\nsV47.sys []
S0 otW72;otW72;C:\WINDOWS\system32\Drivers\otW72.sys []
S0 ouY71;ouY71;C:\WINDOWS\system32\Drivers\ouY71.sys []
S0 Svy61;Svy61;C:\WINDOWS\system32\Drivers\Svy61.sys []
S0 Uyc24;Uyc24;C:\WINDOWS\system32\Drivers\Uyc24.sys []
S0 Uyc68;Uyc68;C:\WINDOWS\system32\Drivers\Uyc68.sys []
S0 Xcf03;Xcf03;C:\WINDOWS\system32\Drivers\Xcf03.sys []
S0 Ydg24;Ydg24;C:\WINDOWS\system32\Drivers\Ydg24.sys []
S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys []
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BoreTrans - C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-lphc3bej0e3dr - C:\WINDOWS\system32\lphc3bej0e3dr.exe
HKLM-Run-SMrhc7bej0e3dr - C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
HKLM-Run-Restart - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\Mozilla\Firefox\Profiles\gntr6tnp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 15:27:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.

ep44 · Answer

très bien ;)

reposte un nouveau rapport HijackThis et je te prépare la suite :)

@+

imn12 · Answer

Voici mon rapport =)) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22, on 2008-08-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\Ctfdll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\pv.cfexe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ctfdll32] C:\WINDOWS\System32\Ctfdll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
O4 - HKLM\..\Run: [lphc3bej0e3dr] C:\WINDOWS\system32\lphc3bej0e3dr.exe
O4 - HKLM\..\Run: [SMrhc7bej0e3dr] C:\Program Files\rhc7bej0e3dr\rhc7bej0e3dr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BoreTrans] C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\Logshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mona8547\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: bzzmotg - C:\WINDOWS\SYSTEM32\bzzmotg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ep44 · Answer

je te prépare une procédure  
vu le boulot je te donne réponse tout à l'heure ;)

@+

ep44 · Answer

re :)

sélectionne le code ci-dessous 



Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Plugin"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"lphc3bej0e3dr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMrhc7bej0e3dr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BoreTrans"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi47.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bgK61.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgi82.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dgj03.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ehk60.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flP60.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glP60.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jmp14.sys]   
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq72.sys]    
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joS50.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu71.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nqt03.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
sV47.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otW72.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouY71.sys]  
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Svy61.sys]   
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa36.sys]   
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc24.sys]    
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc68.sys]    
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcf03.sys]    
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydg24.sys]  

 
Driver::
Bfi47 
bgK61
Cgi82
Dgj03
Ehk60 
flP60
glP60
Jmp14
joS50
Lqu71
Nqt03
nsV47
otW72
ouY71
Svy61
Uyc24
Uyc68
Xcf03
Ydg24
noskrnl.sys
USB2_04


File::
C:\WINDOWS\SYSTEM32\bzzmotg.dll  
C:\WINDOWS\system32\lphc3bej0e3dr.exe       
C:\WINDOWS\system32\WinNt32.dll       
C:\WINDOWS\system32\Ctfdll32.exe  
C:\Documents and Settings\iiMAN3\cbOCR.dll  
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll  
C:\Documents and Settings\Brahim\cbOCR.dll  
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll  
C:\WINDOWS\system32\Drivers\Bfi47.sys 
C:\WINDOWS\system32\Drivers\bgK61.sys   
C:\WINDOWS\system32\Drivers\Cgi82.sys   
C:\WINDOWS\system32\Drivers\Dgj03.sys  
C:\WINDOWS\system32\Drivers\Ehk60.sys  
C:\WINDOWS\system32\Drivers\flP60.sys   
C:\WINDOWS\system32\Drivers\glP60.sys 
C:\WINDOWS\system32\Drivers\Jmp14.sys   
C:\WINDOWS\system32\Drivers\joS50.sys   
C:\WINDOWS\system32\Drivers\Lqu71.sys   
C:\WINDOWS\system32\Drivers\Nqt03.sys  
C:\WINDOWS\system32\Drivers
sV47.sys   
C:\WINDOWS\system32\Drivers\otW72.sys  
C:\WINDOWS\system32\Drivers\ouY71.sys  
C:\WINDOWS\system32\Drivers\Svy61.sys  
C:\WINDOWS\system32\Drivers\Uyc24.sys  
C:\WINDOWS\system32\Drivers\Uyc68.sys   
C:\WINDOWS\system32\Drivers\Xcf03.sys   
C:\WINDOWS\system32\Drivers\Ydg24.sys 
C:\WINDOWS\system32
oskrnl.sys   
C:\WINDOWS\system32\drivers
kv2.sys 

  
Folder::
C:\Program Fileshc7bej0e3dr
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\Program Files\mywebsearch
C:\Program Files	ypelitemeal  


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci 
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+

imn12 · Answer

Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

------- Sigcheck -------

2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll

2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll

2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys"

imn12 · Answer

Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

------- Sigcheck -------

2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll

2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll

2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys"

imn12 · Answer

Voici le rapport :
ComboFix 08-08-16.01 - iiMAN3 2008-08-17 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
C:\WINDOWS\system32\Drivers\Bfi47.sys
C:\WINDOWS\system32\Drivers\bgK61.sys
C:\WINDOWS\system32\Drivers\Cgi82.sys
C:\WINDOWS\system32\Drivers\Dgj03.sys
C:\WINDOWS\system32\Drivers\Ehk60.sys
C:\WINDOWS\system32\Drivers\flP60.sys
C:\WINDOWS\system32\Drivers\glP60.sys
C:\WINDOWS\system32\Drivers\Jmp14.sys
C:\WINDOWS\system32\Drivers\joS50.sys
C:\WINDOWS\system32\Drivers\Lqu71.sys
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\Drivers\Nqt03.sys
C:\WINDOWS\system32\Drivers\nsV47.sys
C:\WINDOWS\system32\Drivers\otW72.sys
C:\WINDOWS\system32\Drivers\ouY71.sys
C:\WINDOWS\system32\Drivers\Svy61.sys
C:\WINDOWS\system32\Drivers\Uyc24.sys
C:\WINDOWS\system32\Drivers\Uyc68.sys
C:\WINDOWS\system32\Drivers\Xcf03.sys
C:\WINDOWS\system32\Drivers\Ydg24.sys
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\WinNt32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\[u]0[/u]
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\ckzpaknq.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\hoyrynol.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\plwpbazf.exe
C:\DOCUME~1\IIMAN3~1.000\APPLIC~1\TYPELI~1\SectOkayModeSixth.exe
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy logo.exe
C:\Documents and Settings\Brahim\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Brahim\cbOCR.dll
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\cbOCR.dll
C:\Documents and Settings\iiMAN3.INTERNET\cbOCR.dll
C:\Documents and Settings\iiMAN3\cbOCR.dll
C:\Program Files\typelitemeal
C:\WINDOWS\SYSTEM32\bzzmotg.dll
C:\WINDOWS\system32\Ctfdll32.exe
.
---- Previous Run -------
.
C:\DEL.bat
C:\Documents and Settings\Administrateur\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrateur\Cookies\administrateur@promobenef[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@seriestreaming[2].txt
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Brahim\Application Data\rhc7bej0e3dr
C:\Documents and Settings\Brahim\Cookies\brahim@a[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@bluestreak[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@edt02[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@mywebsearch[2].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.clubteenpix[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.pixmania[1].txt
C:\Documents and Settings\Brahim\Cookies\brahim@www.toutpourlamicro[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\FunWebProducts\Data\iiMAN3\avatar.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\Application Data\rhc7bej0e3dr
C:\Documents and Settings\iiMAN3.INTERNET\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3.INTERNET\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\iiMAN3\Cookies\iiman3@promobenef[2].txt
C:\Documents and Settings\iiMAN3\Cookies\iiman3@www.toutpourlamicro[2].txt
C:\Documents and Settings\Invité\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
C:\Documents and Settings\Invité\Cookies\invité@edt02[2].txt
C:\Documents and Settings\Invité\Cookies\invité@promobenef[1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\mona81096\Cookies\mona81096@promobenef[2].txt
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0033F9A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005D430
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]005DBB1
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]008C220
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]028E898
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]037C78A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C6782
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7136.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C74D0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7760.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C7D6B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]04C9B73.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A6D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1A9A0.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1AE25.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B384.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B1B549.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9BF64.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C1E4.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0B9C3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\rhc7bej0e3dr
C:\WINDOWS\doll104.exe
C:\WINDOWS\doll119.exe
C:\WINDOWS\doll120.exe
C:\WINDOWS\doll123.exe
C:\WINDOWS\doll126.exe
C:\WINDOWS\doll128.exe
C:\WINDOWS\doll132.exe
C:\WINDOWS\doll137.exe
C:\WINDOWS\doll138.exe
C:\WINDOWS\doll143.exe
C:\WINDOWS\doll144.exe
C:\WINDOWS\doll148.exe
C:\WINDOWS\doll151.exe
C:\WINDOWS\doll152.exe
C:\WINDOWS\doll154.exe
C:\WINDOWS\doll155.exe
C:\WINDOWS\doll157.exe
C:\WINDOWS\doll159.exe
C:\WINDOWS\doll161.exe
C:\WINDOWS\doll166.exe
C:\WINDOWS\doll167.exe
C:\WINDOWS\doll176.exe
C:\WINDOWS\doll181.exe
C:\WINDOWS\doll185.exe
C:\WINDOWS\doll191.exe
C:\WINDOWS\doll194.exe
C:\WINDOWS\doll196.exe
C:\WINDOWS\doll197.exe
C:\WINDOWS\drabste.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\glok+3ca-59fa.sys
C:\WINDOWS\glok+serv.config
C:\WINDOWS\ksacre.exe
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\blphc3bej0e3dr.scr
C:\WINDOWS\system32\drivers\ctl_w32.sys
c:\windows\system32\Drivers\Jnq72.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lphc3bej0e3dr.exe
C:\WINDOWS\system32\phc3bej0e3dr.bmp
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pphc3bej0e3dr.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CTL_W32
-------\Legacy_ICF
-------\Legacy_JNQ72
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NTIO256
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_SMTPDRV
-------\Legacy_TCPSR
-------\Legacy_XLAVBA8
-------\Service_ICF
-------\Service_Jnq72
-------\Service_kprof
-------\Service_MyWebSearchService
-------\Service_ntio256
-------\Service_poof
-------\Service_runtime
-------\Service_tcpsr
-------\Service_xlavba8
-------\Legacy_LQU71
-------\Legacy_USB2_04
-------\Legacy_UYC24
-------\Service_Bfi47
-------\Service_bgK61
-------\Service_Cgi82
-------\Service_ctl_w32
-------\Service_Dgj03
-------\Service_Ehk60
-------\Service_flP60
-------\Service_glP60
-------\Service_Jmp14
-------\Service_joS50
-------\Service_Lqu71
-------\Service_noskrnl.sys
-------\Service_Nqt03
-------\Service_nsV47
-------\Service_otW72
-------\Service_ouY71
-------\Service_Svy61
-------\Service_USB2_04
-------\Service_Uyc24
-------\Service_Uyc68
-------\Service_Xcf03
-------\Service_Ydg24

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-29 13:15 192,512 ----a-w C:\WINDOWS\system32\cbOCR.dll
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

------- Sigcheck -------

2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 15:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 18:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 15:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 18:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll

2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 05:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 00:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 09:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 06:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 06:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 06:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 15:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2gdr\wininet.dll
2008-06-23 16:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp2qfe\wininet.dll
2008-06-23 15:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3gdr\wininet.dll
2008-06-23 14:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]8226861086a18779ae960326e29c1a3\sp3qfe\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-10-11 06:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 01:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 09:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2007-08-22 13:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-04-21 07:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll

2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 18:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 16:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-19 16:20 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 16:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2005-03-02 18:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 16:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-22 22:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\dllcache\services.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 23:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 00:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ctfdll32 - C:\WINDOWS\System32\Ctfdll32.exe
Notify-bzzmotg - bzzmotg.dll
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:48:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]
"ImagePath"="System32\Drivers\Bfi47.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]
"ImagePath"="System32\Drivers\bgK61.sys"

ep44 · Answer

très bien :)


on refais un autre tour 


sélectionne ceci 


selectionne ceci

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Bfi47]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bgK61]   
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cgi82]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ctl_w32]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dgj03]   
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ehk60]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\flP60]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glP60]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Jmp14]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\joS50]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Lqu71]   
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services
oskrnl.sys]   
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nqt03]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services
sV47]   
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\otW72]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ouY71]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Svy61]    
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\USB2_04]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Uyc24]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Uyc68]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Xcf03]  
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ydg24]  



File::
C:\WINDOWS\system32\cbOCR.dll       
C:\WINDOWS\system32\dllcache\svchost.exe          
C:\WINDOWS\system32\dllcache\winlogon.exe       
C:\WINDOWS\system32\dllcache\services.exe       
C:\WINDOWS\system32\dllcache\spoolsv.exe       



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme ceci 
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+

imn12 · Answer

Voici le rapport =) :

ComboFix 08-08-17.03 - iiMAN3 2008-08-18 11:26:45.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.86 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\dllcache\services.exe
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\dllcache\svchost.exe
C:\WINDOWS\system32\dllcache\winlogon.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brahim\UserData
C:\Documents and Settings\Brahim\UserData\[u]0[/u]JCN0BQ1\historySitePos[1].xml
C:\Documents and Settings\Brahim\UserData\G7WZYJUX\historySearchPos[1].xml
C:\Documents and Settings\Brahim\UserData\G7WZYJUX\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\Brahim\UserData\index.dat
C:\Documents and Settings\Brahim\UserData\ITUXY7YN\advstNetId[1].xml
C:\Documents and Settings\Brahim\UserData\ITUXY7YN\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\index.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\WX234163\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET\UserData
C:\Documents and Settings\iiMAN3.INTERNET\UserData\index.dat
C:\Documents and Settings\iiMAN3\UserData
C:\Documents and Settings\iiMAN3\UserData\index.dat
C:\Documents and Settings\Invité\UserData
C:\Documents and Settings\Invité\UserData\index.dat
C:\Documents and Settings\mona81096\UserData
C:\Documents and Settings\mona81096\UserData\index.dat
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\dllcache\services.exe
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\dllcache\svchost.exe
C:\WINDOWS\system32\dllcache\winlogon.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.

2008-08-17 20:53 . 2008-08-17 20:53 <REP> d-------- C:\Documents and Settings\InvitÚ
2008-08-17 15:18 . 2008-08-17 15:18 <REP> d-------- C:\WINDOWS\erdnt.--0
2008-08-17 15:06 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\nircmd.ex0
2008-08-17 15:02 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\swreg.ex0
2008-08-17 15:02 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\sed.ex0
2008-08-17 15:02 . 2000-08-31 08:00 89,504 --a------ C:\WINDOWS\fdsv.ex0
2008-08-17 15:02 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\grep.ex0
2008-08-17 15:02 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\zip.ex0
2008-08-17 15:02 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\VFIND.EX0
2008-08-17 15:02 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\NIRCMD.EX1
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093
2008-07-19 17:49 . 2008-07-19 17:49 <REP> d--hs---- C:\FOUND.092

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-13 20:26 192,512 ----a-w C:\Documents and Settings\Invité\cbOCR.dll
2008-05-13 20:26 192,512 ----a-w C:\Documents and Settings\Invité\cbOCR.dll
2008-04-19 11:24 2,402,832 ----a-w C:\Program Files\WLinstaller.exe1.exe
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-17_20.51.24.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt.--0\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
S0 Twa36;Twa36;C:\WINDOWS\system32\Drivers\Twa36.sys []

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-17 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 11:39:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-18 11:45:39
ComboFix-quarantined-files.txt 2008-08-18 11:45:24
ComboFix2.txt 2008-08-17 20:53:14

Pre-Run: 1,590,345,728 octets libres
Post-Run: 1,528,438,784 octets libres

155 --- E O F --- 2008-08-18 11:44:03

lyonnel10 · Answer

slt. je te conseille de telecharger l'antivirus "AVIRA ANTIVIR" par le site www.touslesdrivers.com

imn12 · Answer

Merci =), c'est déja celui que j'utilise !

Epp44, j'ai encore un problème un autre virus c'est infiltré   ===>  TR/Captcha.D
                                        Merci d'avance !

ep44 · Answer

Bonsoir 


oui malheureusement ce n'est pas fini 

on continu un autre fois avec combofix 



selectionne ceci




Driver::
Twa36

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Glock Suite 1.1"=-


File::
C:\WINDOWS\system32\Drivers\Twa36.sys 
C:\Documents and Settings\Invité\cbOCR.dll 
C:\Program Files\WLinstaller.exe1.exe 



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme ceci 
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  
ensuite 

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+

imn12 · Answer

Resalut =D !

==> Mon rapport avec Combofix :

ComboFix 08-08-17.03 - iiMAN3 2008-08-20 20:31:09.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.92 [GMT 0:00]
Endroit: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\iiMAN3.INTERNET.000\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Invité\cbOCR.dll
C:\Program Files\WLinstaller.exe1.exe
C:\WINDOWS\system32\Drivers\Twa36.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brahim\Local Settings\Temporary Internet Files\
C:\Documents and Settings\iiMAN3.INTERNET.000\Cookies\iiman3@a[1].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\Cookies\iiman3@edt02[2].txt
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\43MZY36D\historySitePos[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\E58DG1Q5\Tdy58[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\index.dat
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\O1H9JMQ3\advstNetId[1].xml
C:\Documents and Settings\iiMAN3.INTERNET.000\UserData\O1H9JMQ3\historySearchPos[1].xml
C:\Documents and Settings\Invité\cbOCR.dll
C:\Program Files\WLinstaller.exe1.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TWA36
-------\Service_Twa36

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-18 22:49 . 2008-08-18 22:49 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-18 21:30 . 2008-08-18 21:30 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 21:30 . 2008-08-18 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 19:31 . 2008-08-18 19:31 <REP> d--hs---- C:\FOUND.099
2008-08-17 20:53 . 2008-08-17 20:53 <REP> d-------- C:\Documents and Settings\Invité
2008-08-17 15:18 . 2008-08-17 15:18 <REP> d-------- C:\WINDOWS\erdnt.--0
2008-08-17 15:06 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\nircmd.ex0
2008-08-17 15:02 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\swreg.ex0
2008-08-17 15:02 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\sed.ex0
2008-08-17 15:02 . 2000-08-31 08:00 89,504 --a------ C:\WINDOWS\fdsv.ex0
2008-08-17 15:02 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\grep.ex0
2008-08-17 15:02 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\zip.ex0
2008-08-17 15:02 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\VFIND.EX0
2008-08-17 15:02 . 2000-08-31 08:00 28,672 --a------ C:\WINDOWS\NIRCMD.EX1
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d--hs---- C:\FOUND.098
2008-08-13 15:47 . 2008-08-13 15:47 <REP> d--hs---- C:\FOUND.097
2008-08-13 10:00 . 2008-08-13 10:00 <REP> d--hs---- C:\FOUND.096
2008-07-21 20:29 . 2008-07-21 20:29 <REP> d--hs---- C:\FOUND.093

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 14:40 --------- d-----w C:\Program Files\Bitmanagement Software
2008-06-25 16:55 979 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 23:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 15:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-06 18:04 6,116,304 ----a-w C:\Program Files\Firefox Setup 2.0.0.13.exe
2005-02-19 10:20 490 ----a-r C:\Program Files\mIRC32.lnk
2002-01-05 05:11 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2002-01-05 05:09 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2002-01-05 04:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-17_20.51.24.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt.--0\subs\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-07-18 22:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 22:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 22:35 266497]
"Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-19 16:09 13312]
"Restart"="" [BU]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 20:04 190696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-20 C:\WINDOWS\Tasks\B853381C9188DEB8.job
- c:\docume~1\iiman3~1.000\applic~1\typeli~1\Web more loud.exe []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 20:45:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 20:53:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 20:52:58
ComboFix3.txt 2008-08-17 20:53:14
ComboFix2.txt 2008-08-18 11:45:48

Pre-Run: 1,335,689,216 octets libres
Post-Run: 1,341,308,928 octets libres

180 --- E O F --- 2008-08-18 11:44:03

ep44 · Answer

Connait tu ceci 
C:\Documents and Settings\Invité 


e,suite 

Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\FOUND.099 
C:\Documents and Settings\Invité 
C:\WINDOWS\erdnt.--0 
C:\WINDOWS
ircmd.ex0 
C:\WINDOWS\swreg.ex0 
C:\WINDOWS\sed.ex0 
C:\WINDOWS\fdsv.ex0 
C:\WINDOWS\grep.ex0 
C:\WINDOWS\zip.ex0 
C:\WINDOWS\VFIND.EX0 
C:\WINDOWS\NIRCMD.EX1 
C:\FOUND.098 
C:\FOUND.097 
C:\FOUND.096 
C:\FOUND.093 
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression. 




ensuite n'oublie pas bitdefender en ligne

imn12 · Answer

Bonjour,

Voilà, depuis hier j'essaie de faire ce fameux scanner en lige (bitdefender), de plus en haut dans le page sur une barre jaune on m'indique qu'il y' aurai peut-être besoin d'installer un module et pour ça il faut que je clique dessus, je clique donc dessus mais rien ne ce passe .  Voici ce qui s'affiche :

https://www.imagup.com

Merci d'avance ! !

ep44 · Answer

Bonsoir 

oui fait un clique droit sur cette barre est accepte l'activex

imn12 · Answer

C'est bien ce que j'ai fait, mais cette barre réapparait quand même !

ep44 · Answer

ok on laisse pour le moment 

as tu fait la manip avec OTMoveIt.exe ?

ensuite 

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+

Problème avec un virus

23 réponses

Votre réponse

Discussions similaires

Newsletters