Aide spyware privacy remover m64 - virtumonde

Résolu
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention   -  
 jorginho67 -
Bonjour,

Quand j'allume mon ordi en fond de page j'ai un fond bleu avec un message d'alerte
warning spyware detected on your computer
avec en dessous win 32 adware virtumonde en face DANGER
et en dessous warning win 32 privacy remover 64 avec aussi en face DANGER
et en bas il y a please activate your antivirus software to clean your computer
merci de m'aider !!!
A voir également:

80 réponses

Précédent
Réponse 21 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
destrio as-tu un peu de temps ?
0
Réponse 22 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Oui, je t'ai posté un message.
0
Réponse 23 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ok je le fais
0
Réponse 24 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ça scanne...15 infectés pr le moment
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1089
Windows 5.1.2600 Service Pack 2

18:39:44 27/08/2008
mbam-log-08-27-2008 (18-39-44).txt

Type de recherche: Examen rapide
Eléments examinés: 56845
Temps écoulé: 10 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Internet Explorer\setupapi.dll (PassWordStealer.Tupai) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcarcj0e95r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcarcj0e95r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CcEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmr48 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winmr48 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmr48 (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhcarcj0e95r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcarcj0e95r\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Application Data\rhcarcj0e95r\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\setupapi.dll (PassWordStealer.Tupai) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (PassWordStealer.Tupai) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\outpuk24[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIZ1YBOT\outpuk25[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\1151876196.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\736931760.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\rhcarcj0e95r.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\rhcarcj0e95r.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcarcj0e95r\rhcarcj0e95r.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Céline\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcercj0e95r.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcercj0e95r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winmr48.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 26 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Fais ceci :

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 27 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
je télé combo
par contre, côté antivirus le probl c que j'ai un peu tt essayé aujourdh'ui eet g beaucoup désinstallé.......
bref ilne me reste qu'un vieux avira antivir...
tu me conseilles quoi?
0
Réponse 28 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Il est très bien Antivir.
0
Réponse 29 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ok
0
Réponse 30 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 08-08-26.03 - Céline 2008-08-27 18:52:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.269 [GMT 2:00]
Endroit: C:\Documents and Settings\Céline\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Céline\Application Data\macromedia\Flash Player\#SharedObjects\FBJ4CBDG\bin.clearspring.com
C:\Documents and Settings\Céline\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\LocalService\Application Data\1011751678.exe
C:\Documents and Settings\LocalService\Application Data\1075456558.exe
C:\Documents and Settings\LocalService\Application Data\595365360.exe
C:\Documents and Settings\LocalService\Application Data\648321680.exe
C:\Documents and Settings\LocalService\Application Data\655924320.exe
C:\Program Files\HbTools
C:\WINDOWS\system32\drivers\Uas30.sys
C:\WINDOWS\system32\rtl60.bpl
C:\Documents and Settings\Céline\Cookies\céline@2o7[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@ad.ifrance[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@ad.yieldmanager[9].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@advertising[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@bluestreak[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@edt02[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@edt02[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@erreurchasseur[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@esearchvision[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@fnac[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@linternaute[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@serving-sys[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@specificclick[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@statcounter[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@stats.canalblog[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tracker.affistats[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tracker.affistats[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tradedoubler[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@trafiz[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@trafiz[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tsw0[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@visit.kodak[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@www.pixmania[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@www.pixmania[9].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@wysistat[1].txt . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC
-------\Legacy_CCEVTSVC


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-27 18:26 . 2008-08-27 18:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 18:26 . 2008-08-27 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 18:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 18:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 18:08 . 2008-08-27 18:08 183 --a------ C:\Unit‚ DirectCD (D).lnk
2008-08-27 17:26 . 2008-08-27 17:26 <REP> d-------- C:\Program Files\Avira
2008-08-27 17:26 . 2008-08-27 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 17:06 . 2008-08-27 17:06 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-08-27 17:00 . 2008-08-27 17:00 22,311,160 --a------ C:\Program Files\antivir-personal-edition_antivir_personal_8.1.0.46_anglais_10821.exe
2008-08-27 14:44 . 2008-08-27 14:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 14:42 . 2008-08-27 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-27 14:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-27 14:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-27 14:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-27 14:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-27 14:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-27 14:05 . 2008-08-27 14:05 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-08-27 12:28 . 2008-08-27 12:28 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-08-27 12:28 . 2008-08-27 12:28 3,120 --a------ C:\WINDOWS\118294.78
2008-08-27 12:27 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-08-27 12:27 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-08-27 12:27 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-08-27 12:07 . 2008-08-27 18:41 <REP> d-------- C:\Program Files\Symantec
2008-08-27 12:07 . 2008-08-27 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-27 12:07 . 2008-08-27 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-27 10:10 . 2008-08-27 10:10 108,544 --a------ C:\WINDOWS\system32\CcEvtSvc.exe.vir
2008-08-27 10:10 . 2008-08-27 10:10 29 --a------ C:\WINDOWS\system32\rfiepifo.tmp
2008-08-27 10:07 . 2008-08-27 10:07 25,088 --a------ C:\WINDOWS\system32\CbEvtSvc.exe.vir
2008-08-13 16:08 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:04 . 2008-08-13 11:04 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-08-11 12:52 . 2008-08-11 13:20 <REP> d-------- C:\Program Files\Geneatique2009
2008-08-07 21:51 . 2008-08-07 21:51 7,601,152 --a------ C:\Program Files\Firefox Setup 3.0.1.exe
2008-08-07 21:46 . 2008-08-07 21:46 25,839,688 --a------ C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 17:03 --------- d-----w C:\Program Files\Wanadoo
2008-08-27 15:53 --------- d-----w C:\Program Files\Trend Micro
2008-08-27 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 21:46 --------- d-----w C:\Program Files\eMule
2008-08-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-13 09:04 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-13 09:03 --------- d-----w C:\Program Files\Real
2008-08-11 11:33 --------- d-----w C:\Program Files\Google
2008-08-11 11:18 --------- d-----w C:\Program Files\Protectis
2008-08-07 19:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-10 13:45 --------- d-----w C:\Program Files\Alwil Software
2008-07-10 13:27 24,354,672 ----a-w C:\Program Files\setupfre.exe
2008-07-10 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 22:06 --------- d-----w C:\Program Files\Cool2000
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-31 22:07 6,626,048 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2008-02-24 20:30 616,682 ----a-w C:\Program Files\XnFoto-fr.exe
2007-12-19 22:06 27,483,672 ----a-w C:\Program Files\mindmedleydownload.exe
2007-12-15 22:24 2,351,704 ----a-w C:\Program Files\Photoways.exe
2007-11-23 23:44 7,190,896 ----a-w C:\Program Files\setup-aubert.exe
2007-07-23 12:13 5,170,176 -c--a-w C:\Program Files\WindowsDefender.msi
2007-04-17 17:35 1,803,952 ----a-w C:\Program Files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
2007-03-29 18:37 9,049,719 ----a-w C:\Program Files\jigsaw_lite.exe
2007-03-13 21:43 5,732,328 ----a-w C:\Program Files\STUFFITF702.EXE
2007-03-04 10:26 4,485,212 ----a-w C:\Program Files\Snapfish-livrephoto-Setup.exe
2007-02-22 14:19 1,410,680 ----a-w C:\Program Files\install_flash_player.exe
2007-01-01 12:17 1,235,232 ----a-w C:\Program Files\WLToolbarSetup_fr.exe
2006-08-10 22:35 51,007 ----a-w C:\Program Files\Uninstal.exe
2006-01-14 21:03 2,748,015 ----a-w C:\Program Files\install.exe
2005-05-01 21:45 141,744 ----a-w C:\Program Files\winamp508e_full_emusic-7plus.exe
2005-02-14 22:34 2,458 -c--a-w C:\Program Files\AppletExample.html
2005-02-13 21:42 3,419 -c--a-w C:\Program Files\readme.txt
2005-02-13 21:40 134 -c--a-w C:\Program Files\javadoc.bat
2003-04-02 13:38 630,784 ----a-w C:\Program Files\UsinePreparationv1_04.exe
2003-03-02 19:09 6,698,876 -c--a-w C:\Program Files\AIDEUSINEPREPS.HLP
2003-03-02 07:21 978 -c--a-w C:\Program Files\AideUsinePreps.cnt
2003-02-26 12:21 75 -c--a-w C:\Program Files\UsinePreps.ini
2003-02-25 08:02 5,560 -c--a-w C:\Program Files\fiche_exemple.xml
2003-02-25 07:28 30,636 -c--a-w C:\Program Files\CompDN0III.upt
2003-02-25 07:25 14,685 -c--a-w C:\Program Files\CompTIII.upt
2003-02-25 07:24 18,145 -c--a-w C:\Program Files\CompTTous.upt
2003-02-25 07:09 7,351 -c--a-w C:\Program Files\CompDN1III.upt
2003-02-25 07:09 2,314 -c--a-w C:\Program Files\CompDN3III.upt
2003-02-25 07:09 15,876 -c--a-w C:\Program Files\CompDN2III.upt
2003-02-25 07:09 1,040 -c--a-w C:\Program Files\CompDN4III.upt
2003-02-24 21:53 1,648 -c--a-w C:\Program Files\CompTI.upt
2003-02-24 21:53 1,609 -c--a-w C:\Program Files\CompTII.upt
2003-02-24 21:05 738 -c--a-w C:\Program Files\CompDN2II.upt
2003-02-24 21:05 7,848 -c--a-w C:\Program Files\CompDN3II.upt
2003-02-24 21:05 3,272 ----a-w C:\Program Files\CompDN1II.upt
2003-02-24 21:05 20,389 -c--a-w C:\Program Files\CompDN0II.upt
2003-02-24 21:04 977 -c--a-w C:\Program Files\CompDN7II.upt
2003-02-24 21:04 3,498 -c--a-w C:\Program Files\CompDN4II.upt
2003-02-24 21:04 1,841 -c--a-w C:\Program Files\CompDN6II.upt
2003-02-24 21:04 1,034 -c--a-w C:\Program Files\CompDN5II.upt
2003-02-24 20:03 16,767 -c--a-w C:\Program Files\CompDN0I.upt
2003-02-24 20:01 3,811 -c--a-w C:\Program Files\CompDN1I.upt
2003-02-24 19:58 4,954 -c--a-w C:\Program Files\CompDN4I.upt
2003-02-24 19:58 2,194 -c--a-w C:\Program Files\CompDN5I.upt
2003-02-24 19:57 5,057 -c--a-w C:\Program Files\CompDN3I.upt
2003-02-24 19:56 375 -c--a-w C:\Program Files\CompDN2I.upt
2003-02-18 21:55 577 -c--a-w C:\Program Files\DomainesTous.upt
2003-02-17 22:16 10,408 -c--a-w C:\Program Files\modele.xsl
2003-02-08 22:42 3,116 -c--a-w C:\Program Files\CompDN5III.upt
2003-02-08 21:09 136 -c--a-w C:\Program Files\DomainesIII.upt
2003-02-08 20:23 1,054 -c--a-w C:\Program Files\Discipline.upt
2003-02-07 21:30 122 -c--a-w C:\Program Files\DomainesI.upt
2003-02-07 20:52 30 -c--a-w C:\Program Files\NiveauI.upt
2003-02-07 20:51 274 -c--a-w C:\Program Files\NiveauTous.upt
2003-02-07 20:49 42 -c--a-w C:\Program Files\NiveauIII.upt
2003-02-07 19:56 46 -c--a-w C:\Program Files\NiveauII.upt
2003-02-07 16:18 189 -c--a-w C:\Program Files\DomainesII.upt
2003-01-15 19:32 83 -c--a-w C:\Program Files\DureeW.upt
2003-01-15 19:31 301 -c--a-w C:\Program Files\TypeW.upt
2003-01-15 19:31 150 -c--a-w C:\Program Files\ModW.upt
2003-01-15 19:29 341 -c--a-w C:\Program Files\Phase.upt
2003-01-03 19:01 42 -c--a-w C:\Program Files\Niveau.upt
.

------- Sigcheck -------

2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2004-06-17 19:42 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe

2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-29 21:25 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 18:36 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1999-12-14 11:12 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 11:42 23040]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-13 11:03 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 11:42 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
"msacm.divxa32"= DivXa32.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc48.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 21:15]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2004-02-25 12:21]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 08:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9177ac-0a99-11dc-8b7e-0016ced833bd}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d4fdc40-0555-11db-89df-000c6ee97372}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a629c10e-4479-11dd-8d11-000c6ee97372}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6181580-31ad-11d8-859d-4d6564696130}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-adiras - adiras.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Céline\Application Data\Mozilla\Firefox\Profiles\5r04sj6m.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 19:01:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\OLIFAXVX\TOOLBAR.EXE
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 19:08:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 17:08:35

Pre-Run: 8,926,736,384 octets libres
Post-Run: 9,511,084,032 octets libres

332 --- E O F --- 2008-08-14 00:17:32
0
Réponse 31 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Je mange et je te fais un script.

Supprime tes cookies dans Internet Explorer.
0
Réponse 32 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
destrio, es-tu tjrs par là??
0
Réponse 33 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ok je te laisse manger bien sûr!!!!lol
0
Réponse 34 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
pfff je trouve pas où st les cookies...
0
Réponse 35 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Du coup, je mange après.

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :




KillAll::

File::
F:\UFO.exe
G:\UFO.exe
C:\WINDOWS\system32\CcEvtSvc.exe.vir
C:\WINDOWS\system32\CbEvtSvc.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"=-
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=-
"SunJavaUpdateSched"=-
"nwiz"=-
"TkBellExe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr48.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9177ac-0a99-11dc-8b7e-0016ced833bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d4fdc40-0555-11db-89df-000c6ee97372}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a629c10e-4479-11dd-8d11-000c6ee97372}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6181580-31ad-11d8-859d-4d6564696130}]




---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 36 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
ce fut long! désolé

ComboFix 08-08-26.03 - Céline 2008-08-27 19:51:56.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.252 [GMT 2:00]
Endroit: C:\Documents and Settings\Céline\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Céline\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\CcEvtSvc.exe.vir
F:\UFO.exe
G:\UFO.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\CcEvtSvc.exe.vir
C:\Documents and Settings\Céline\Cookies\céline@2o7[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@ad.ifrance[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@ad.yieldmanager[9].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@advertising[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@bluestreak[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@edt02[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@edt02[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@erreurchasseur[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@esearchvision[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@fnac[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@linternaute[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@serving-sys[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@specificclick[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@statcounter[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@stats.canalblog[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tracker.affistats[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tracker.affistats[3].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tradedoubler[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@trafiz[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@trafiz[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@tsw0[2].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@visit.kodak[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@www.pixmania[1].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@www.pixmania[9].txt . . . . Echec de suppression
C:\Documents and Settings\Céline\Cookies\céline@wysistat[1].txt . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-27 19:08 . 2008-08-27 19:08 <REP> d-------- C:\Documents and Settings\Céline
2008-08-27 19:08 . <REP> C:\Documents and Settings\CÚline\Local Settings
2008-08-27 19:08 . <REP> C:\Documents and Settings\CÚline\Local Settings
2008-08-27 18:26 . 2008-08-27 18:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 18:26 . 2008-08-27 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 18:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 18:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 18:08 . 2008-08-27 18:08 183 --a------ C:\Unit‚ DirectCD (D).lnk
2008-08-27 17:26 . 2008-08-27 17:26 <REP> d-------- C:\Program Files\Avira
2008-08-27 17:26 . 2008-08-27 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 17:06 . 2008-08-27 17:06 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe
2008-08-27 17:00 . 2008-08-27 17:00 22,311,160 --a------ C:\Program Files\antivir-personal-edition_antivir_personal_8.1.0.46_anglais_10821.exe
2008-08-27 14:44 . 2008-08-27 14:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 14:42 . 2008-08-27 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-27 14:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-27 14:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-27 14:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-27 14:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-27 14:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-27 14:05 . 2008-08-27 14:05 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-08-27 12:28 . 2008-08-27 12:28 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-08-27 12:28 . 2008-08-27 12:28 3,120 --a------ C:\WINDOWS\118294.78
2008-08-27 12:27 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-08-27 12:27 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-08-27 12:27 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-08-27 12:07 . 2008-08-27 18:41 <REP> d-------- C:\Program Files\Symantec
2008-08-27 12:07 . 2008-08-27 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-27 12:07 . 2008-08-27 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-27 10:10 . 2008-08-27 10:10 29 --a------ C:\WINDOWS\system32\rfiepifo.tmp
2008-08-27 10:07 . 2008-08-27 10:07 25,088 --a------ C:\WINDOWS\system32\CbEvtSvc.exe.vir
2008-08-13 16:08 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:04 . 2008-08-13 11:04 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-08-11 12:52 . 2008-08-11 13:20 <REP> d-------- C:\Program Files\Geneatique2009
2008-08-07 21:51 . 2008-08-07 21:51 7,601,152 --a------ C:\Program Files\Firefox Setup 3.0.1.exe
2008-08-07 21:46 . 2008-08-07 21:46 25,839,688 --a------ C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 17:59 --------- d-----w C:\Program Files\Wanadoo
2008-08-27 15:53 --------- d-----w C:\Program Files\Trend Micro
2008-08-27 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 21:46 --------- d-----w C:\Program Files\eMule
2008-08-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-13 09:04 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-13 09:03 --------- d-----w C:\Program Files\Real
2008-08-11 11:33 --------- d-----w C:\Program Files\Google
2008-08-11 11:18 --------- d-----w C:\Program Files\Protectis
2008-08-07 19:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-10 13:45 --------- d-----w C:\Program Files\Alwil Software
2008-07-10 13:27 24,354,672 ----a-w C:\Program Files\setupfre.exe
2008-07-10 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 22:06 --------- d-----w C:\Program Files\Cool2000
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-31 22:07 6,626,048 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2008-02-24 20:30 616,682 ----a-w C:\Program Files\XnFoto-fr.exe
2007-12-19 22:06 27,483,672 ----a-w C:\Program Files\mindmedleydownload.exe
2007-12-15 22:24 2,351,704 ----a-w C:\Program Files\Photoways.exe
2007-11-23 23:44 7,190,896 ----a-w C:\Program Files\setup-aubert.exe
2007-07-23 12:13 5,170,176 -c--a-w C:\Program Files\WindowsDefender.msi
2007-04-17 17:35 1,803,952 ----a-w C:\Program Files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
2007-03-29 18:37 9,049,719 ----a-w C:\Program Files\jigsaw_lite.exe
2007-03-13 21:43 5,732,328 ----a-w C:\Program Files\STUFFITF702.EXE
2007-03-04 10:26 4,485,212 ----a-w C:\Program Files\Snapfish-livrephoto-Setup.exe
2007-02-22 14:19 1,410,680 ----a-w C:\Program Files\install_flash_player.exe
2007-01-01 12:17 1,235,232 ----a-w C:\Program Files\WLToolbarSetup_fr.exe
2006-08-10 22:35 51,007 ----a-w C:\Program Files\Uninstal.exe
2006-01-14 21:03 2,748,015 ----a-w C:\Program Files\install.exe
2005-05-01 21:45 141,744 ----a-w C:\Program Files\winamp508e_full_emusic-7plus.exe
2005-02-14 22:34 2,458 -c--a-w C:\Program Files\AppletExample.html
2005-02-13 21:42 3,419 -c--a-w C:\Program Files\readme.txt
2005-02-13 21:40 134 -c--a-w C:\Program Files\javadoc.bat
2003-04-02 13:38 630,784 ----a-w C:\Program Files\UsinePreparationv1_04.exe
2003-03-02 19:09 6,698,876 -c--a-w C:\Program Files\AIDEUSINEPREPS.HLP
2003-03-02 07:21 978 -c--a-w C:\Program Files\AideUsinePreps.cnt
2003-02-26 12:21 75 -c--a-w C:\Program Files\UsinePreps.ini
2003-02-25 08:02 5,560 -c--a-w C:\Program Files\fiche_exemple.xml
2003-02-25 07:28 30,636 -c--a-w C:\Program Files\CompDN0III.upt
2003-02-25 07:25 14,685 -c--a-w C:\Program Files\CompTIII.upt
2003-02-25 07:24 18,145 -c--a-w C:\Program Files\CompTTous.upt
2003-02-25 07:09 7,351 -c--a-w C:\Program Files\CompDN1III.upt
2003-02-25 07:09 2,314 -c--a-w C:\Program Files\CompDN3III.upt
2003-02-25 07:09 15,876 -c--a-w C:\Program Files\CompDN2III.upt
2003-02-25 07:09 1,040 -c--a-w C:\Program Files\CompDN4III.upt
2003-02-24 21:53 1,648 -c--a-w C:\Program Files\CompTI.upt
2003-02-24 21:53 1,609 -c--a-w C:\Program Files\CompTII.upt
2003-02-24 21:05 738 -c--a-w C:\Program Files\CompDN2II.upt
2003-02-24 21:05 7,848 -c--a-w C:\Program Files\CompDN3II.upt
2003-02-24 21:05 3,272 ----a-w C:\Program Files\CompDN1II.upt
2003-02-24 21:05 20,389 -c--a-w C:\Program Files\CompDN0II.upt
2003-02-24 21:04 977 -c--a-w C:\Program Files\CompDN7II.upt
2003-02-24 21:04 3,498 -c--a-w C:\Program Files\CompDN4II.upt
2003-02-24 21:04 1,841 -c--a-w C:\Program Files\CompDN6II.upt
2003-02-24 21:04 1,034 -c--a-w C:\Program Files\CompDN5II.upt
2003-02-24 20:03 16,767 -c--a-w C:\Program Files\CompDN0I.upt
2003-02-24 20:01 3,811 -c--a-w C:\Program Files\CompDN1I.upt
2003-02-24 19:58 4,954 -c--a-w C:\Program Files\CompDN4I.upt
2003-02-24 19:58 2,194 -c--a-w C:\Program Files\CompDN5I.upt
2003-02-24 19:57 5,057 -c--a-w C:\Program Files\CompDN3I.upt
2003-02-24 19:56 375 -c--a-w C:\Program Files\CompDN2I.upt
2003-02-18 21:55 577 -c--a-w C:\Program Files\DomainesTous.upt
2003-02-17 22:16 10,408 -c--a-w C:\Program Files\modele.xsl
2003-02-08 22:42 3,116 -c--a-w C:\Program Files\CompDN5III.upt
2003-02-08 21:09 136 -c--a-w C:\Program Files\DomainesIII.upt
2003-02-08 20:23 1,054 -c--a-w C:\Program Files\Discipline.upt
2003-02-07 21:30 122 -c--a-w C:\Program Files\DomainesI.upt
2003-02-07 20:52 30 -c--a-w C:\Program Files\NiveauI.upt
2003-02-07 20:51 274 -c--a-w C:\Program Files\NiveauTous.upt
2003-02-07 20:49 42 -c--a-w C:\Program Files\NiveauIII.upt
2003-02-07 19:56 46 -c--a-w C:\Program Files\NiveauII.upt
2003-02-07 16:18 189 -c--a-w C:\Program Files\DomainesII.upt
2003-01-15 19:32 83 -c--a-w C:\Program Files\DureeW.upt
2003-01-15 19:31 301 -c--a-w C:\Program Files\TypeW.upt
2003-01-15 19:31 150 -c--a-w C:\Program Files\ModW.upt
2003-01-15 19:29 341 -c--a-w C:\Program Files\Phase.upt
2003-01-03 19:01 42 -c--a-w C:\Program Files\Niveau.upt
.

------- Sigcheck -------

2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2004-06-17 19:42 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe

2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe

2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe

2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-29 21:25 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1999-12-14 11:12 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 11:42 23040]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 11:42 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
"msacm.divxa32"= DivXa32.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc48.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 21:15]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2004-02-25 12:21]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 08:57]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 19:56:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\OLIFAXVX\TOOLBAR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 20:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 18:05:01
ComboFix2.txt 2008-08-27 17:08:41

Pre-Run: 9,488,777,216 octets libres
Post-Run: 9,497,116,672 octets libres

291 --- E O F --- 2008-08-14 00:17:32
0
Réponse 37 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
je reste connectée en espérant que tu repasses par là!
0
Réponse 38 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Tu utilises Internet Explorer ?
0
Réponse 39 / 80
cf33 Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
oui
0
Réponse 40 / 80
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
http://www.noelshack.com/uploads/ie020366.jpg
0

Discussions similaires

Privacy shield ???
DYLLEN76 -
stam18 -

13 réponses