Sujet Précédent Sujet Suivant

Win32/Adware.Virtumonde & PrivacyRemover.M64

krendllow -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour, je nage dans le broullar svp aider moi...
Mon fond d'écran est tout blanc et me met un message qui dit que je dois scanner mon ordi car j'ai deux spyware detecter : Win32/Adware.Virtumonde et Win32/PrivacyRemover.M64.j'ai scanner mais ça ne donne rien. il me dit qu'il a réglé soit disant les problèmes, mais mon fond est toujours blanc avec le meme message
es ce que quelqu'un saurait comment je pourrais me débarrasser de ces spyware? merci d'avance

voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31:38, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\DSP24Set.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\lphcc6nj0e9ce.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Antipub\antipub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [AudioDSP24 External Links] EL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [uerscw] C:\Program Files\ErrorSafe Free\uerscw.exe -c
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphcc6nj0e9ce] C:\WINDOWS\system32\lphcc6nj0e9ce.exe
O4 - HKLM\..\Run: [SMrhc96nj0e9ce] C:\Program Files\rhc96nj0e9ce\rhc96nj0e9ce.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "G:\Program Files\BlazeDVD 4 Standard\MediaDetector.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan
O4 - HKCU\..\Run: [Bias camp] C:\DOCUME~1\Ben\APPLIC~1\SLOWOW~1\Eq test build.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: discriminable - {4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} - C:\WINDOWS\system32\kuhmk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Néro\Nero 7\Nero BackItUp\NBService.exe

33 réponses

  • 1
  • 2
Réponse 1 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
Réponse 2 / 33
krendllow
 
youou!! merci de répondre aussi vite..
voici le resultat

--------------------\\ Lop S&D 4.2.3-4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
Phoenix - Award BIOS v6.00PG
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 23-08-2008|10:35 )
Option : [1] ( 26/08/2008| 3:22 )

--------------------\\ Listing des dossiers dans APPLIC~1

[04/04/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
[22/02/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/02/2007|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/05/2007|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/02/2007|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[16/01/2007|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[01/03/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\data audio intra bat
[02/02/2006|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/02/2008|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[13/05/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/01/2007|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[02/03/2007|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[16/06/2008|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[17/07/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/12/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[23/02/2006|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[01/02/2006|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[14/09/2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ringo
[25/08/2008|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[13/10/2006|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
[27/06/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/04/2006|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/07/2008|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/01/2003|13:37] C:\DOCUME~1\Ben\APPLIC~1\$_hpcst$.hpc
[01/02/2008|17:43] C:\DOCUME~1\Ben\APPLIC~1\Ableton
[06/08/2008|13:28] C:\DOCUME~1\Ben\APPLIC~1\Adobe
[26/03/2007|20:40] C:\DOCUME~1\Ben\APPLIC~1\Ahead
[12/02/2008|19:49] C:\DOCUME~1\Ben\APPLIC~1\APLI
[25/08/2008|17:45] C:\DOCUME~1\Ben\APPLIC~1\AVG7
[02/02/2006|02:16] C:\DOCUME~1\Ben\APPLIC~1\desktop.ini
[13/10/2006|02:00] C:\DOCUME~1\Ben\APPLIC~1\DivX
[19/12/2006|18:51] C:\DOCUME~1\Ben\APPLIC~1\DriveCleaner 2006 Free
[09/02/2008|20:17] C:\DOCUME~1\Ben\APPLIC~1\Droppix
[20/05/2008|23:33] C:\DOCUME~1\Ben\APPLIC~1\dvdcss
[09/12/2006|18:27] C:\DOCUME~1\Ben\APPLIC~1\GlobalSCAPE
[28/01/2007|19:45] C:\DOCUME~1\Ben\APPLIC~1\Google
[01/02/2006|19:37] C:\DOCUME~1\Ben\APPLIC~1\Help
[13/01/2007|02:53] C:\DOCUME~1\Ben\APPLIC~1\Identities
[02/02/2006|00:32] C:\DOCUME~1\Ben\APPLIC~1\Install.dat
[01/02/2006|22:22] C:\DOCUME~1\Ben\APPLIC~1\InterTrust
[07/10/2006|00:11] C:\DOCUME~1\Ben\APPLIC~1\Jasc
[02/01/2003|13:29] C:\DOCUME~1\Ben\APPLIC~1\Lavasoft
[27/06/2007|22:27] C:\DOCUME~1\Ben\APPLIC~1\Macromedia
[16/07/2008|00:32] C:\DOCUME~1\Ben\APPLIC~1\Microsoft
[17/02/2007|02:52] C:\DOCUME~1\Ben\APPLIC~1\Mozilla
[06/05/2008|09:36] C:\DOCUME~1\Ben\APPLIC~1\MP-Manager
[17/12/2006|17:50] C:\DOCUME~1\Ben\APPLIC~1\MSN6
[01/05/2007|14:07] C:\DOCUME~1\Ben\APPLIC~1\Nero
[19/12/2006|20:40] C:\DOCUME~1\Ben\APPLIC~1\Nvu
[28/10/2006|13:30] C:\DOCUME~1\Ben\APPLIC~1\OpenOffice.org2
[09/02/2007|02:17] C:\DOCUME~1\Ben\APPLIC~1\Opera
[11/01/2007|20:22] C:\DOCUME~1\Ben\APPLIC~1\Propellerhead Software
[01/03/2007|20:53] C:\DOCUME~1\Ben\APPLIC~1\Slow owns
[02/02/2006|13:24] C:\DOCUME~1\Ben\APPLIC~1\Steinberg
[24/06/2006|15:10] C:\DOCUME~1\Ben\APPLIC~1\Sun
[02/02/2006|02:40] C:\DOCUME~1\Ben\APPLIC~1\Talkback
[17/02/2007|02:52] C:\DOCUME~1\Ben\APPLIC~1\Thunderbird
[20/08/2008|18:55] C:\DOCUME~1\Ben\APPLIC~1\U3
[19/04/2008|12:51] C:\DOCUME~1\Ben\APPLIC~1\vlc
[26/08/2008|02:26] C:\DOCUME~1\Ben\APPLIC~1\WinRAR

[02/02/2006|02:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/12/2007|02:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/08/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\820233103.exe
[21/10/2006|01:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
[16/01/2007|02:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[16/04/2006|01:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[16/01/2007|02:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/04/2006|00:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

[01/12/2007|02:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[14/09/2006|17:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/08/2008 03:00][--ah-----] C:\WINDOWS\tasks\AB5F22189184D7B4.job
[26/08/2008 01:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AB5F22189184D7B4.job )=( c:\docume~1\ben\applic~1\slowow~1\logoskipjunk.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[04/08/2008|13:00] C:\Program Files\Adobe
[19/10/2006|14:54] C:\Program Files\Ahead
[02/02/2006|02:29] C:\Program Files\AMD
[02/07/2008|10:58] C:\Program Files\Antipub
[02/02/2006|02:33] C:\Program Files\ATI Technologies
[02/02/2006|02:20] C:\Program Files\ComPlus Applications
[25/04/2006|02:28] C:\Program Files\directx
[27/08/2006|21:39] C:\Program Files\ffdshow
[16/07/2008|00:26] C:\Program Files\Fichiers communs
[21/08/2008|11:45] C:\Program Files\Google
[16/01/2007|02:41] C:\Program Files\Grisoft
[16/06/2008|18:31] C:\Program Files\InstallShield Installation Information
[25/08/2008|17:36] C:\Program Files\Internet Explorer
[24/06/2006|15:08] C:\Program Files\Java
[01/07/2008|13:12] C:\Program Files\Macromedia
[16/06/2008|18:30] C:\Program Files\Memeo
[15/05/2008|16:33] C:\Program Files\Messager Wanadoo
[14/08/2008|03:02] C:\Program Files\Messenger
[02/02/2006|02:23] C:\Program Files\microsoft frontpage
[13/02/2006|16:30] C:\Program Files\Microsoft Visual Studio
[17/07/2008|03:05] C:\Program Files\Microsoft Works
[13/02/2006|16:30] C:\Program Files\Microsoft.NET
[03/09/2007|01:14] C:\Program Files\Movie Maker
[26/08/2008|02:08] C:\Program Files\Mozilla Firefox
[26/08/2008|01:47] C:\Program Files\Mozilla Thunderbird
[17/12/2006|17:50] C:\Program Files\MSN
[02/02/2006|02:20] C:\Program Files\MSN Gaming Zone
[01/02/2006|19:44] C:\Program Files\NetMeeting
[14/02/2008|19:49] C:\Program Files\Outlook Express
[16/04/2006|00:27] C:\Program Files\RegCleaner
[25/08/2008|17:42] C:\Program Files\rhc96nj0e9ce
[26/08/2008|02:29] C:\Program Files\Trend Micro
[02/02/2006|02:26] C:\Program Files\Uninstall Information
[16/06/2008|18:27] C:\Program Files\Western Digital
[16/06/2008|18:21] C:\Program Files\Western Digital Technologies
[14/08/2008|01:08] C:\Program Files\Windows Live
[04/06/2008|01:58] C:\Program Files\Windows Media Player
[01/02/2006|19:44] C:\Program Files\Windows NT
[02/02/2006|02:20] C:\Program Files\WindowsUpdate
[02/02/2006|02:23] C:\Program Files\xerox
[27/08/2006|21:39] C:\Program Files\XviD

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/02/2008|14:29] C:\Program Files\Fichiers communs\Adobe
[08/02/2007|19:00] C:\Program Files\Fichiers communs\Adobe Systems Shared
[20/10/2006|23:40] C:\Program Files\Fichiers communs\Ahead
[16/01/2007|02:39] C:\Program Files\Fichiers communs\BOONTY Shared
[13/02/2006|16:30] C:\Program Files\Fichiers communs\DESIGNER
[19/12/2006|18:41] C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
[16/06/2008|18:30] C:\Program Files\Fichiers communs\eSellerate
[08/02/2007|17:55] C:\Program Files\Fichiers communs\InstallShield
[24/06/2006|15:05] C:\Program Files\Fichiers communs\Java
[11/02/2008|16:01] C:\Program Files\Fichiers communs\LightScribe
[08/02/2007|18:15] C:\Program Files\Fichiers communs\Macromedia
[08/02/2007|18:13] C:\Program Files\Fichiers communs\Macromedia Shared
[17/07/2008|04:38] C:\Program Files\Fichiers communs\Microsoft Shared
[02/02/2006|02:21] C:\Program Files\Fichiers communs\MSSoap
[02/02/2006|02:16] C:\Program Files\Fichiers communs\ODBC
[27/08/2006|21:39] C:\Program Files\Fichiers communs\Real
[02/02/2006|02:21] C:\Program Files\Fichiers communs\Services
[02/02/2006|02:16] C:\Program Files\Fichiers communs\SpeechEngines
[14/06/2007|02:14] C:\Program Files\Fichiers communs\System
[25/04/2006|02:28] C:\Program Files\Fichiers communs\Vbox
[16/07/2008|00:31] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 44 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\Ben\APPLIC~1\SLOWOW~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Ben\APPLIC~1\slowow~1
C:\WINDOWS\Tasks\AB5F22189184D7B4.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\messplaysixth]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Ben\\APPLIC~1\\SLOWOW~1\\Eq test build.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bias camp"="C:\\DOCUME~1\\Ben\\APPLIC~1\\SLOWOW~1\\Eq test build.exe"
"Bias camp"="C:\\DOCUME~1\\Ben\\APPLIC~1\\SLOWOW~1\\Eq test build.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 03:23:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\Ben\APPLIC~1\DriveCleaner 2006 Free
C:\PROGRA~1\FICHIE~1\DriveCleaner 2006 Free

Aucune autre infection trouvée !

[F:59][D:3]-> C:\DOCUME~1\Ben\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Ben\Cookies
[F:27][D:4]-> C:\DOCUME~1\Ben\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 3:25:04
0
Réponse 3 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Réponse 4 / 33
krendllow
 
ta ta ta tan !!!
--------------------\\ Lop S&D 4.2.3-4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
Phoenix - Award BIOS v6.00PG
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 23-08-2008|10:35 )
Option : [2] ( 26/08/2008| 3:30 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\AB5F22189184D7B4.job
Supprime! - C:\DOCUME~1\Ben\APPLIC~1\slowow~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[04/04/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
[22/02/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/02/2007|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/05/2007|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/02/2007|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[16/01/2007|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[01/03/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\data audio intra bat
[02/02/2006|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[11/02/2008|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[13/05/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/01/2007|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[02/03/2007|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[16/06/2008|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[17/07/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/12/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[23/02/2006|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[01/02/2006|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[14/09/2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ringo
[25/08/2008|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[13/10/2006|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
[27/06/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/04/2006|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/07/2008|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/01/2003|13:37] C:\DOCUME~1\Ben\APPLIC~1\$_hpcst$.hpc
[01/02/2008|17:43] C:\DOCUME~1\Ben\APPLIC~1\Ableton
[06/08/2008|13:28] C:\DOCUME~1\Ben\APPLIC~1\Adobe
[26/03/2007|20:40] C:\DOCUME~1\Ben\APPLIC~1\Ahead
[12/02/2008|19:49] C:\DOCUME~1\Ben\APPLIC~1\APLI
[25/08/2008|17:45] C:\DOCUME~1\Ben\APPLIC~1\AVG7
[02/02/2006|02:16] C:\DOCUME~1\Ben\APPLIC~1\desktop.ini
[13/10/2006|02:00] C:\DOCUME~1\Ben\APPLIC~1\DivX
[19/12/2006|18:51] C:\DOCUME~1\Ben\APPLIC~1\DriveCleaner 2006 Free
[09/02/2008|20:17] C:\DOCUME~1\Ben\APPLIC~1\Droppix
[20/05/2008|23:33] C:\DOCUME~1\Ben\APPLIC~1\dvdcss
[09/12/2006|18:27] C:\DOCUME~1\Ben\APPLIC~1\GlobalSCAPE
[28/01/2007|19:45] C:\DOCUME~1\Ben\APPLIC~1\Google
[01/02/2006|19:37] C:\DOCUME~1\Ben\APPLIC~1\Help
[13/01/2007|02:53] C:\DOCUME~1\Ben\APPLIC~1\Identities
[02/02/2006|00:32] C:\DOCUME~1\Ben\APPLIC~1\Install.dat
[01/02/2006|22:22] C:\DOCUME~1\Ben\APPLIC~1\InterTrust
[07/10/2006|00:11] C:\DOCUME~1\Ben\APPLIC~1\Jasc
[02/01/2003|13:29] C:\DOCUME~1\Ben\APPLIC~1\Lavasoft
[27/06/2007|22:27] C:\DOCUME~1\Ben\APPLIC~1\Macromedia
[16/07/2008|00:32] C:\DOCUME~1\Ben\APPLIC~1\Microsoft
[17/02/2007|02:52] C:\DOCUME~1\Ben\APPLIC~1\Mozilla
[06/05/2008|09:36] C:\DOCUME~1\Ben\APPLIC~1\MP-Manager
[17/12/2006|17:50] C:\DOCUME~1\Ben\APPLIC~1\MSN6
[01/05/2007|14:07] C:\DOCUME~1\Ben\APPLIC~1\Nero
[19/12/2006|20:40] C:\DOCUME~1\Ben\APPLIC~1\Nvu
[28/10/2006|13:30] C:\DOCUME~1\Ben\APPLIC~1\OpenOffice.org2
[09/02/2007|02:17] C:\DOCUME~1\Ben\APPLIC~1\Opera
[11/01/2007|20:22] C:\DOCUME~1\Ben\APPLIC~1\Propellerhead Software
[02/02/2006|13:24] C:\DOCUME~1\Ben\APPLIC~1\Steinberg
[24/06/2006|15:10] C:\DOCUME~1\Ben\APPLIC~1\Sun
[02/02/2006|02:40] C:\DOCUME~1\Ben\APPLIC~1\Talkback
[17/02/2007|02:52] C:\DOCUME~1\Ben\APPLIC~1\Thunderbird
[20/08/2008|18:55] C:\DOCUME~1\Ben\APPLIC~1\U3
[19/04/2008|12:51] C:\DOCUME~1\Ben\APPLIC~1\vlc
[26/08/2008|02:26] C:\DOCUME~1\Ben\APPLIC~1\WinRAR

[02/02/2006|02:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/12/2007|02:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/08/2008|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\820233103.exe
[21/10/2006|01:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
[16/01/2007|02:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[16/04/2006|01:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[16/01/2007|02:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/04/2006|00:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

[01/12/2007|02:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[14/09/2006|17:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/08/2008 01:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[04/08/2008|13:00] C:\Program Files\Adobe
[19/10/2006|14:54] C:\Program Files\Ahead
[02/02/2006|02:29] C:\Program Files\AMD
[02/07/2008|10:58] C:\Program Files\Antipub
[02/02/2006|02:33] C:\Program Files\ATI Technologies
[02/02/2006|02:20] C:\Program Files\ComPlus Applications
[25/04/2006|02:28] C:\Program Files\directx
[27/08/2006|21:39] C:\Program Files\ffdshow
[16/07/2008|00:26] C:\Program Files\Fichiers communs
[21/08/2008|11:45] C:\Program Files\Google
[16/01/2007|02:41] C:\Program Files\Grisoft
[16/06/2008|18:31] C:\Program Files\InstallShield Installation Information
[25/08/2008|17:36] C:\Program Files\Internet Explorer
[24/06/2006|15:08] C:\Program Files\Java
[01/07/2008|13:12] C:\Program Files\Macromedia
[16/06/2008|18:30] C:\Program Files\Memeo
[15/05/2008|16:33] C:\Program Files\Messager Wanadoo
[14/08/2008|03:02] C:\Program Files\Messenger
[02/02/2006|02:23] C:\Program Files\microsoft frontpage
[13/02/2006|16:30] C:\Program Files\Microsoft Visual Studio
[17/07/2008|03:05] C:\Program Files\Microsoft Works
[13/02/2006|16:30] C:\Program Files\Microsoft.NET
[03/09/2007|01:14] C:\Program Files\Movie Maker
[26/08/2008|02:08] C:\Program Files\Mozilla Firefox
[26/08/2008|01:47] C:\Program Files\Mozilla Thunderbird
[17/12/2006|17:50] C:\Program Files\MSN
[02/02/2006|02:20] C:\Program Files\MSN Gaming Zone
[01/02/2006|19:44] C:\Program Files\NetMeeting
[14/02/2008|19:49] C:\Program Files\Outlook Express
[16/04/2006|00:27] C:\Program Files\RegCleaner
[25/08/2008|17:42] C:\Program Files\rhc96nj0e9ce
[26/08/2008|02:29] C:\Program Files\Trend Micro
[02/02/2006|02:26] C:\Program Files\Uninstall Information
[16/06/2008|18:27] C:\Program Files\Western Digital
[16/06/2008|18:21] C:\Program Files\Western Digital Technologies
[14/08/2008|01:08] C:\Program Files\Windows Live
[04/06/2008|01:58] C:\Program Files\Windows Media Player
[01/02/2006|19:44] C:\Program Files\Windows NT
[02/02/2006|02:20] C:\Program Files\WindowsUpdate
[02/02/2006|02:23] C:\Program Files\xerox
[27/08/2006|21:39] C:\Program Files\XviD

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/02/2008|14:29] C:\Program Files\Fichiers communs\Adobe
[08/02/2007|19:00] C:\Program Files\Fichiers communs\Adobe Systems Shared
[20/10/2006|23:40] C:\Program Files\Fichiers communs\Ahead
[16/01/2007|02:39] C:\Program Files\Fichiers communs\BOONTY Shared
[13/02/2006|16:30] C:\Program Files\Fichiers communs\DESIGNER
[19/12/2006|18:41] C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
[16/06/2008|18:30] C:\Program Files\Fichiers communs\eSellerate
[08/02/2007|17:55] C:\Program Files\Fichiers communs\InstallShield
[24/06/2006|15:05] C:\Program Files\Fichiers communs\Java
[11/02/2008|16:01] C:\Program Files\Fichiers communs\LightScribe
[08/02/2007|18:15] C:\Program Files\Fichiers communs\Macromedia
[08/02/2007|18:13] C:\Program Files\Fichiers communs\Macromedia Shared
[17/07/2008|04:38] C:\Program Files\Fichiers communs\Microsoft Shared
[02/02/2006|02:21] C:\Program Files\Fichiers communs\MSSoap
[02/02/2006|02:16] C:\Program Files\Fichiers communs\ODBC
[27/08/2006|21:39] C:\Program Files\Fichiers communs\Real
[02/02/2006|02:21] C:\Program Files\Fichiers communs\Services
[02/02/2006|02:16] C:\Program Files\Fichiers communs\SpeechEngines
[14/06/2007|02:14] C:\Program Files\Fichiers communs\System
[25/04/2006|02:28] C:\Program Files\Fichiers communs\Vbox
[16/07/2008|00:31] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 45 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 03:30:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\Ben\APPLIC~1\DriveCleaner 2006 Free
C:\PROGRA~1\FICHIE~1\DriveCleaner 2006 Free

Aucune autre infection trouvée !

[F:59][D:3]-> C:\DOCUME~1\Ben\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Ben\Cookies
[F:27][D:4]-> C:\DOCUME~1\Ben\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 3:31:49
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
T'as encore un dossier Lop mais on s'en occupera après.

---> Désinstalle Lop S&D

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
0
Réponse 6 / 33
krendllow
 
il me demande de redemarrer mon ordi parce que certains fichiers non pas etait supprimé,es ce que je dois redemarrer?

voici le rapport:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

03:47:14 26/08/2008
mbam-log-08-26-2008 (03-47-14).txt

Type de recherche: Examen rapide
Eléments examinés: 43591
Temps écoulé: 2 minute(s), 26 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcc6nj0e9ce.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc96nj0e9ce (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc96nj0e9ce (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sdr6v_check (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UERScw (Rogue.ErrorSafe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcc6nj0e9ce (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc96nj0e9ce (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\rhc96nj0e9ce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe (Rogue.DriveCleaner) -> Delete on reboot.
C:\Program Files\rhc96nj0e9ce\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc96nj0e9ce\rhc96nj0e9ce.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcc6nj0e9ce.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcc6nj0e9ce.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
0
Réponse 7 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, redémarre.
0
Réponse 8 / 33
krendllow
 
ok je suis de retour mon fond est bleu a present et il n'y a plus de message
0
Réponse 9 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
0
Réponse 10 / 33
krendllow
 
SmitFraudFix v2.339

Rapport fait à 4:08:48,28, 26/08/2008
Executé à partir de C:\Documents and Settings\Ben\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\system32\DSP24Set.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Antipub\antipub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\toolbar.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application Data

C:\Documents and Settings\Ben\Application Data\Install.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008 PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ben\Favoris

C:\DOCUME~1\Ben\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"

[HKEY_CLASSES_ROOT\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 11 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix
0
Réponse 12 / 33
krendllow
 
SmitFraudFix v2.339

Rapport fait à 4:19:11,65, 26/08/2008
Executé à partir de C:\Documents and Settings\Ben\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"

[HKEY_CLASSES_ROOT\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\toolbar.exe supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\Documents and Settings\Ben\Application Data\Install.dat supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008 supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Antivirus XP 2008.lnk supprimé
C:\DOCUME~1\Ben\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{42AD9EEF-81B9-4829-9690-4352B2B3D3AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 13 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 14 / 33
krendllow
 
ComboFix 08-08-24.03 - Ben 2008-08-26 4:34:03.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.637 [GMT 2:00]
Endroit: C:\Documents and Settings\Ben\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ben\err.log
C:\Documents and Settings\LocalService\Application Data\820233103.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 04:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-26 04:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-26 04:08 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-26 04:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-26 04:08 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-26 04:08 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-26 04:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 04:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-26 04:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-26 04:08 . 2008-08-26 04:19 2,278 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-26 03:43 . 2008-08-26 03:43 <REP> d-------- C:\Documents and Settings\Ben\Application Data\Malwarebytes
2008-08-26 03:43 . 2008-08-26 03:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 03:43 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:43 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 03:21 . 2008-08-26 03:31 <REP> d-------- C:\Lop SD
2008-08-26 02:29 . 2008-08-26 02:29 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 01:45 . 2008-08-26 01:43 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-26 01:42 . 2008-08-26 01:45 <REP> d-------- C:\Documents and Settings\Ben\.housecall6.6
2008-08-23 11:14 . 2008-08-26 01:46 <REP> dr-h----- C:\$VAULT$.AVG

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 23:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 15:45 --------- d-----w C:\Documents and Settings\Ben\Application Data\AVG7
2008-08-21 09:45 --------- d-----w C:\Program Files\Google
2008-08-20 16:55 --------- d-----w C:\Documents and Settings\Ben\Application Data\U3
2008-08-13 23:08 --------- d-----w C:\Program Files\Windows Live
2008-07-17 01:05 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 22:31 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-15 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 08:58 --------- d-----w C:\Program Files\Antipub
2008-07-01 11:12 --------- d-----w C:\Program Files\Macromedia
2008-06-27 15:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-04 19:37 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 17:47 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-28 11:50 580096]
"Adobe Reader Speed Launcher"="G:\Program Files\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AudioDSP24 External Links"="EL.EXE" [2001-12-01 07:07 20480 C:\WINDOWS\system32\EL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:20 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.MJPG"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.oggDS"= oggDS.dll
"vidc.ogg"= ogg.dll
"vidc.mpng"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.mvjp"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.444p"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"midi2"= rddv1027.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"G:\\Program Files\\FileZilla\\FileZilla.exe"=

R3 ADSP24WDM;Service for AudioDSP24 Driver (WDM);C:\WINDOWS\system32\drivers\ADSPWDM.sys [2003-02-25 09:08]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-01-16 02:39]
S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-04-11 13:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b8e15a8-1b7d-11dd-9314-0015f24d4124}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac29c4d-1b3d-11dd-9313-0015f24d4124}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f889ebf2-3edb-11dd-935f-0015f24d4124}]
\Shell\AutoRun\command - N:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-BlazeServoTool - G:\Program Files\BlazeDVD 4 Standard\MediaDetector.exe
HKCU-Run-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE
HKCU-Run-Error Safe Free - C:\Program Files\ErrorSafe Free\uers.exe
HKCU-Run-LightScribe Control Panel - C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-NoSpam - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PayTime - C:\WINDOWS\system32\paytime.exe
MSConfigStartUp-SpeedTouch USB Diagnostics - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
MSConfigStartUp-SpyFalcon - C:\Program Files\SpyFalcon\SpyFalcon.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nc8olh5k.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 04:37:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\DSP24SET.exe
C:\Program Files\Antipub\antipub.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-26 4:39:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 02:39:15

Pre-Run: 199,389,184 octets libres
Post-Run: 122,388,480 octets libres

156 --- E O F --- 2008-08-14 01:02:36
0
Réponse 15 / 33
krendllow
 
mon probleme a une solution?
0
Réponse 16 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, je vais te faire un script.
0
Réponse 17 / 33
krendllow
 
ok
ça m'ennuie de te demander ça mais je devrais dormir depuis un bon bout de temps deja, crois tu en avoir pour longtemps, et si c'est le cas peut on remette ça à plus tard?
0
Réponse 18 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\WINDOWS\System32\CbEvtSvc.exe
C:\WINDOWS\system32\kuhmk.dll
C:\WINDOWS\system32\paytime.exe

Driver::
Boonty Games

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\data audio intra bat
C:\Program Files\Video ActiveX Object
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
C:\DOCUME~1\Ben\APPLIC~1\SLOWOW~1
C:\Program Files\ErrorSafe Free
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Winsos
C:\Lop SD
C:\Program Files\SpyFalcon

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b8e15a8-1b7d-11dd-9314-0015f24d4124}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac29c4d-1b3d-11dd-9313-0015f24d4124}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f889ebf2-3edb-11dd-935f-0015f24d4124}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 19 / 33
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
On peut continuer demain si tu le souhaites.
0
Réponse 20 / 33
krendllow
 
ComboFix 08-08-24.03 - Ben 2008-08-26 5:29:52.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.649 [GMT 2:00]
Endroit: C:\Documents and Settings\Ben\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\System32\CbEvtSvc.exe
C:\WINDOWS\system32\kuhmk.dll
C:\WINDOWS\system32\paytime.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\data audio intra bat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\data audio intra bat\defy about sign
C:\Lop SD
C:\Lop SD\App-Prog.lsd
C:\Lop SD\AuDoss.lsd
C:\Lop SD\AutrInf.cmd
C:\Lop SD\AWF.cmd
C:\Lop SD\Back.cmd
C:\Lop SD\Backup-Lop\Hosts\hosts
C:\Lop SD\Backup-Lop\Reg\HKCU_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Uninstall.reg
C:\Lop SD\Backup-Lop\WINDOWS\Tasks\AB5F22189184D7B4.job
C:\Lop SD\Boo.reg
C:\Lop SD\BooFix.cmd
C:\Lop SD\catchme.exe
C:\Lop SD\Changelog Lop SD.txt
C:\Lop SD\DirectFix.cmd
C:\Lop SD\Discl_en.vbs
C:\Lop SD\Discl_fr.vbs
C:\Lop SD\Doss.lsd
C:\Lop SD\exist.txt
C:\Lop SD\Icon_Lop.ico
C:\Lop SD\KILL.cmd
C:\Lop SD\Langues.cmd
C:\Lop SD\LopScript.cmd
C:\Lop SD\LopSD.cmd
C:\Lop SD\lsTasks.exe
C:\Lop SD\Orph.egd
C:\Lop SD\OS_v.vbs
C:\Lop SD\paths.bat
C:\Lop SD\Proc.txt
C:\Lop SD\Process.exe
C:\Lop SD\Rapport-Lop.txt
C:\Lop SD\RegLop.reg
C:\Lop SD\RKit.lsd
C:\Lop SD\RoG.txt
C:\Lop SD\RoGUeS.lsd
C:\Lop SD\S_LopV.cmd
C:\Lop SD\S_LopX.cmd
C:\Lop SD\sed.exe
C:\Lop SD\setpath.exe
C:\Lop SD\task.txt
C:\Lop SD\Uninstal.exe
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 04:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-26 04:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-26 04:08 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-26 04:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-26 04:08 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-26 04:08 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-26 04:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 04:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-26 04:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-26 04:08 . 2008-08-26 04:19 2,278 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-26 03:43 . 2008-08-26 03:43 <REP> d-------- C:\Documents and Settings\Ben\Application Data\Malwarebytes
2008-08-26 03:43 . 2008-08-26 03:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 03:43 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 03:43 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 02:29 . 2008-08-26 02:29 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 01:45 . 2008-08-26 01:43 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-26 01:42 . 2008-08-26 01:45 <REP> d-------- C:\Documents and Settings\Ben\.housecall6.6
2008-08-23 11:14 . 2008-08-26 01:46 <REP> dr-h----- C:\$VAULT$.AVG

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 02:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 15:45 --------- d-----w C:\Documents and Settings\Ben\Application Data\AVG7
2008-08-21 09:45 --------- d-----w C:\Program Files\Google
2008-08-20 16:55 --------- d-----w C:\Documents and Settings\Ben\Application Data\U3
2008-08-13 23:08 --------- d-----w C:\Program Files\Windows Live
2008-07-17 01:05 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 22:31 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-15 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-02 08:58 --------- d-----w C:\Program Files\Antipub
2008-07-01 11:12 --------- d-----w C:\Program Files\Macromedia
2008-06-27 15:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 17:47 32768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-28 11:50 580096]
"AudioDSP24 External Links"="EL.EXE" [2001-12-01 07:07 20480 C:\WINDOWS\system32\EL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 12:20 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.MJPG"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.oggDS"= oggDS.dll
"vidc.ogg"= ogg.dll
"vidc.mpng"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.mvjp"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"vidc.444p"= G:\Program Files\t@b\[u]0[/u].956\686\tabdec.dll
"midi2"= rddv1027.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"G:\\Program Files\\FileZilla\\FileZilla.exe"=

R3 ADSP24WDM;Service for AudioDSP24 Driver (WDM);C:\WINDOWS\system32\drivers\ADSPWDM.sys [2003-02-25 09:08]
S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-04-11 13:40]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 05:33:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Documents and Settings\Ben\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\DSP24SET.exe
C:\Program Files\Antipub\antipub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-26 5:36:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 03:35:39
ComboFix2.txt 2008-08-26 02:39:39

Pre-Run: 88,657,920 octets libres
Post-Run: 105,336,832 octets libres

177 --- E O F --- 2008-08-14 01:02:36
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses