Virtumonde encore et toujours

titi -
afideg Messages postés 10970 Statut Contributeur sécurité - 12 sept. 2008 à 16:16

Bonjour,

voila jai quelques problemes avec virtumonde trop de tentatives de suppression qui ont echouées je pense deja au formatage.

Voici le rapport d hijackthis si quelq un pourrait m'aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:42, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
D:\Documents and Settings\cedric\Bureau\Nouveau dossier (3)\zaxAppHost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\cedric\Bureau\VundoFix.exe
D:\Documents and Settings\cedric\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BM1b3e207c] Rundll32.exe "C:\WINDOWS\system32\lmxpfnmo.dll",s
O4 - HKLM\..\Run: [{830536d4-c5af-523b-4bfc-e3e0d7f9b956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\uiteurmymxdvjvyac.dll" DllStub
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{34131C44-8B58-4A6C-9738-C70C1C368785}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F6E51B-3B2D-43A0-A513-C5BB5079AB46}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB617AFC-D738-455B-9CCC-7CB4AC11F2F5}: NameServer = 192.168.1.1,192.168.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CS2\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CS3\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O20 - AppInit_DLLs: zvhljf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Afficher la suite

52 réponses

Réponse 21 / 52

titi

ok désolé pour les instructions non suivient je prendrai le temps pour la minutie prochainement ;)

Bon dernier rapport de la journée pour moi aussi 2h20 d'analyse en plus XD.

Rapport du scan complet d antivir:

Avira AntiVir Personal
Report file date: dimanche 7 septembre 2008 21:08

Scanning for 1602105 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: cedric
Computer name: mateo

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:03:50
ANTIVIR3.VDF : 7.0.6.125 226816 Bytes 07/09/2008 19:03:53
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 07/09/2008 19:04:04
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 07/09/2008 19:04:03
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 07/09/2008 19:04:02
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 07/09/2008 19:04:01
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 07/09/2008 19:03:56
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 07/09/2008 19:03:54
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 07/09/2008 19:03:53
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, A:, F:, G:, H:, I:, J:, E:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 7 septembre 2008 21:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'ArovaxAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'zaxAppHost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned
Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned
Scan process 'LCDClock.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ScannerService.exe' - '1' Module(s) have been scanned
Scan process 'UpdateService.exe' - '1' Module(s) have been scanned
Scan process 'LicenseService.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ConfigService.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '54' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-09-07_163617,10.zip
[0] Archive type: ZIP
--> uninstall_nmon.vbs
[DETECTION] Is the TR/Small.WY Trojan
--> ATV5105nt.exe
[DETECTION] Is the TR/Dldr.CWS.gen.2 Trojan
--> ATV5105nt.exe.1
[DETECTION] Is the TR/Trash.Gen Trojan
--> ATV5105nt.exe.2
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\faceback.exe.vir
[DETECTION] Is the TR/Dldr.Agent.afhj Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\x1\ATV5105nt.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\Temp\tw70v.exe
[DETECTION] Is the TR/Dldr.Exchange.1 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
D:\Documents and Settings\cedric\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-32694da0-41e48080.zip
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
[NOTE] The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\' <Audio CD>
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.

End of the scan: dimanche 7 septembre 2008 23:28
Used time: 2:20:20 Hour(s)

The scan has been done completely.

7773 Scanning directories
358903 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
358893 Files not concerned
12425 Archives were scanned
7 Warnings
5 Notes

Réponse 22 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Parfait

Si possible lance Malwarebyte's Anti-Malware du post # 14 ce soir.
C'est relativement important de le faire maintenant.
C'est toi qui vois.

Merci et bonne nuit à toi aussi.
Al

Réponse 23 / 52

titi

Bonjour Al,

Me voila rentré je suis en train de faire le scan anti malware je te tiens au courant merci.

Réponse 24 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Bonsoir

OK
Mais je dois passer à table.

Hier, tu n'as pas paramétré ANTIVIR comme je l'avais demandé ==> Search for rootkits......: off Il faut qu'il soit sur "ON".

Al.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 52

titi

argghhh non pas celui la lol
bon je le refais desolé
voila le rapport d anti malware rien n a ete supprimé j attends tes instrucrtions

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1125
Windows 5.1.2600 Service Pack 3

08/09/2008 20:24:29
mbam-log-2008-09-08 (20-24-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 112007
Temps écoulé: 26 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\am (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 26 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Merci

Parfait
Supprime-les

Ne recommance pas ANTIVIR (pas besoin)
Il sera encore temps à l'issue de ce topic.
Il y a plus urgent que cela.

Poursuis avec les tâches demandées hier; c'est-à-dire :
1°- Kaspersky du post # 7 §D , et tu postes le rapport final.
2°- ComboFix du post # 1 (Double clique sur l'icône de ComboFix.exe (TRISTAN.EXE) du bureau, [Exécuter] et suis les invites et tu postes le rapport final).

Merci
Al.

Réponse 27 / 52

titi

Ok trop tard pour antivir il etait lancé .

Avira AntiVir Personal
Report file date: lundi 8 septembre 2008 20:27

Scanning for 1602105 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: cedric
Computer name: mateo

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 19:03:50
ANTIVIR3.VDF : 7.0.6.125 226816 Bytes 07/09/2008 19:03:53
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 07/09/2008 19:04:04
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 07/09/2008 19:04:03
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 07/09/2008 19:04:02
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 07/09/2008 19:04:01
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 07/09/2008 19:03:56
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 07/09/2008 19:03:54
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 07/09/2008 19:03:53
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, A:, F:, G:, H:, I:, J:, E:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 8 septembre 2008 20:27

Starting search for hidden objects.
'66181' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'zaxAppHost.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned
Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned
Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned
Scan process 'LCDClock.exe' - '1' Module(s) have been scanned
Scan process 'ArovaxAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
Scan process 'ScannerService.exe' - '1' Module(s) have been scanned
Scan process 'UpdateService.exe' - '1' Module(s) have been scanned
Scan process 'LicenseService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'ConfigService.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '54' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\' <Audio CD>
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.

End of the scan: lundi 8 septembre 2008 21:27
Used time: 59:58 Minute(s)

The scan has been done completely.

7795 Scanning directories
364078 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
364076 Files not concerned
12429 Archives were scanned
7 Warnings
0 Notes
66181 Objects were scanned with rootkit scan
0 Hidden objects were found

je lance kapersky

Réponse 28 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Re,

Un grand merci.

Kaspersky est parfois long en durée.
Si tu le vois ainsi, n'hésite pas à le laisser tourner la nuit ==> mais la difficulté rédide alors pour trouver le rapport.

Regarde à la fin de cette procédure ===> Branche ton Disque Externe (clé USB) éventuellement
- Clique sur "Démarrer Online-Scanner" (en bas à droite de la page) .
- Clique maintenant sur "J'accepte".
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des "Mises à jour".
Clic sur « Paramètres d'analyse »
Coche la case "Étendue" >> Ok
- Choisis par la suite l'analyse du "Poste de travail" pour faire un « Scan complet ».
- Sauvegarde-le sur le bureau, puis colle le rapport généré en fin d'analyse.
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif
==> tu devrais cependant, je crois, le retrouver là :
Vas dans C:/Documents and Settings/Mes documents/analyse kaspersky.html
- Ouvre le document "analyse kaspersky.html".
- Copie le contenu et poste-le.

Al.

Réponse 29 / 52

titi

En effet apres 1h15 de scan seulement 11% d'analysé je pense que je te posterai le raaport de kapersky des demain si tu veux je peux toujours te faire un scan combofix .

Réponse 30 / 52

titi

Le rapport kapersky est terminée le voila:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 08, 2008 15:22:38
Records in database: 1201993

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics
Files scanned 89296
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 01:56:58

File name Threat name Threats count
C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE Infected: Trojan-Spy.Win32.Delf.wh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKARJy.dll.vir Infected: Trojan.Win32.Monder.mgz 1

D:\Documents and Settings\cedric\Bureau\viruskeeper2007pro.zip Infected: Constructor.Win32.Binder.ib 1

The selected area was scanned.

Réponse 31 / 52

titi

2e rapport de combofix apres avoir été supprimé de mon pc :

ComboFix 08-09-05.09 - cedric 2008-09-09 0:13:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.606 [GMT 2:00]
Endroit: D:\Documents and Settings\cedric\Bureau\TRISTAN.EXE
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x1
D:\Documents and Settings\cedric\Cookies\cedric@ad.yieldmanager[1].txt
D:\Documents and Settings\cedric\Cookies\cedric@ad.yieldmanager[5].txt
D:\Documents and Settings\cedric\Cookies\cedric@ad.yieldmanager[9].txt
D:\Documents and Settings\cedric\Cookies\cedric@CAW0N3WX.txt
D:\Documents and Settings\cedric\Cookies\cedric@hotbar[2].txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-08 to 2008-09-08 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- D:\Documents and Settings\cedric\Application Data\Malwarebytes
2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 22:26 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 22:26 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 21:01 . 2008-09-07 21:01 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-09-07 21:01 . 2008-09-07 21:01 <REP> d-------- C:\Program Files\Avira
2008-09-07 18:51 . 2008-09-07 20:32 1,062 --a------ C:\Orph.egd
2008-09-07 18:49 . 2008-09-07 20:33 <REP> d-------- C:\ToolBar SD
2008-09-07 16:44 . 2008-09-07 16:44 <REP> d-------- D:\Documents and Settings\Bé
2008-09-07 12:51 . 2008-09-07 12:51 <REP> d-------- C:\VundoFix Backups
2008-09-07 12:17 . 2008-09-07 12:17 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 12:04 . 2008-09-07 12:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-09-07 12:04 . 2008-09-07 12:04 <REP> d-------- C:\Program Files\Logitech
2008-09-07 01:38 . 2008-09-07 01:38 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Fighters
2008-09-07 01:38 . 2008-09-07 01:38 <REP> d-------- C:\Program Files\Fighters
2008-09-06 16:45 . 2008-09-06 18:33 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-09-06 11:35 . 2008-09-06 11:35 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Arovax
2008-09-06 11:35 . 2008-09-09 00:20 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-09-06 11:02 . 2008-09-06 11:03 71,755 --a------ C:\WINDOWS\system32\lbhrojeldlsqduk.exe
2008-09-06 10:32 . 2008-09-06 10:36 90,921 --a------ C:\WINDOWS\system32\iscunzsxronnejek.dll-uninst.exe
2008-09-06 10:31 . 2008-09-07 17:41 <REP> d--hs---- C:\WINDOWS\Y2Vkcmlj
2008-09-06 10:30 . 2008-09-06 11:37 <REP> d-------- C:\Temp\dax41
2008-09-06 10:30 . 2008-09-07 22:17 <REP> d-------- C:\Temp
2008-09-06 10:30 . 2008-09-06 10:30 355 --a------ C:\833.bat
2008-08-31 15:23 . 2008-08-31 15:29 <REP> d-------- C:\Program Files\Personal Antispy
2008-08-29 09:36 . 2008-08-29 09:36 15,496 --a------ C:\WINDOWS\system32\drivers\vffilter.sys
2008-08-29 00:21 . 2008-08-29 00:21 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-08-28 13:36 . 2008-08-28 13:36 166,400 --a------ C:\WINDOWS\system32\uiteurmymxdvjvyac.dll
2008-08-21 20:28 . 2008-09-02 00:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\AntiSpyInfo
2008-08-21 19:29 . 2008-08-21 19:29 <REP> d-------- D:\Documents and Settings\cedric\Application Data\PC Tools
2008-08-21 19:29 . 2008-09-08 20:44 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 19:29 . 2008-09-08 19:01 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-21 19:29 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-21 19:29 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-21 19:29 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-21 19:29 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-18 20:55 . 2008-08-18 20:55 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-18 20:55 . 2008-09-06 11:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-18 20:52 . 2008-09-06 11:37 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-17 11:05 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-17 11:04 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-13 17:56 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 22:24 --------- d-----w C:\Program Files\Steam
2008-09-06 10:11 --------- d-----w C:\Program Files\eMule
2008-07-31 10:30 --------- d-----w C:\Program Files\BitTorrent
2008-07-23 19:46 --------- d-----w C:\Program Files\Project10
2008-07-21 10:44 --------- d-----w C:\Program Files\lx_cats
2008-07-14 16:55 --------- d-----w D:\Documents and Settings\cedric\Application Data\CyberLink
2008-07-14 16:42 --------- d-----w C:\Program Files\Mafia
2008-07-09 15:36 --------- d-----w D:\Documents and Settings\cedric\Application Data\BitTorrent
.

------- Sigcheck -------

2004-08-10 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-10 14:00 578048 e46fb493e3b33704f0715020cf52106b C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\user32.dll

2004-08-10 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\system32\ws2_32.dll

2007-04-25 10:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-10 14:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\ie7\wininet.dll
2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-10 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\system32\winlogon.exe

2004-08-10 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-10 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 10:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-02-21 09:18 2060160 560ebcde98e8868ca13523c3959148ff C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2019328 3e3df9f5d56b719f055e7d652e79f96b C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:49 2017280 35567c8c50986c2bc5c3efd79cb045e4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2017280 50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-29 20:28 2017792 7a319c9e0c14ed6410e8b2753e3a32ce C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 04:07 2025984 92e82482cdb39929cf7b541a9648afae C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-02-21 09:18 2183168 e4f5a850222a8d68f496162f16f1bdc9 C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2139648 de41f3b43b9f15e08ccd4b98a7bb2ca3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 00:48 2150400 36f32a5a83df734e022734d93860a9a4 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2137600 e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-29 20:28 2138112 cd6a9f81c8b9baf1e4393c6c476d17e7 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 04:07 2147328 b10c36956eb7a8b1586dbe3b43875280 C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-10 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-10 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\system32\services.exe

2004-08-10 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\system32\lsass.exe

2004-08-10 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-10 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\system32\spoolsv.exe

2004-08-10 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_16.43.16.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{accf5978-4de5-eed9-2728-c72bf18e5a24}]
2008-08-28 13:36 166400 --a------ C:\WINDOWS\system32\uiteurmymxdvjvyac.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-09-24 1690648]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-09-24 2095640]
"{830536d4-c5af-523b-4bfc-e3e0d7f9b956}"="C:\WINDOWS\system32\uiteurmymxdvjvyac.dll" [2008-08-28 166400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-31 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zvhljf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Steam\\steamapps\\diro227\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"119:TCP"= 119:TCP:p
"119:UDP"= 119:UDP:o
"443:TCP"= 443:TCP:hg
"443:UDP"= 443:UDP:o
"2672:TCP"= 2672:TCP:p
"2672:UDP"= 2672:UDP:p
"17820:TCP"= 17820:TCP:emule
"17810:UDP"= 17810:UDP:emule
"4232:TCP"= 4232:TCP:em
"17810:TCP"= 17810:TCP:g
"17820:UDP"= 17820:UDP:l
"4662:TCP"= 4662:TCP:ee
"4672:UDP"= 4672:UDP:huju

R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;C:\Program Files\Fighters\licenseservice.exe [2008-08-29 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;C:\Program Files\Fighters\updateservice.exe [2008-08-29 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;C:\Program Files\Fighters\ScannerService.exe [2008-08-29 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;C:\Program Files\Fighters\configservice.exe [2008-08-29 139912]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 27776]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Vfscan;Vfscan;C:\WINDOWS\system32\DRIVERS\vffilter.sys [2008-08-29 15496]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 14592]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e28dc7c-c91b-11dc-b710-00173f5fdf92}]
\Shell\AutoRun\command - K:\autorun.exe
\Shell\explore\Command - K:\autorun.exe -e
\Shell\open\Command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56f0e980-7469-11dd-81b0-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845ca-8c88-11dc-a7e7-00038a000015}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845cb-8c88-11dc-a7e7-00038a000015}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845cc-8c88-11dc-a7e7-00038a000015}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\cedric\Application Data\Mozilla\Firefox\Profiles\ffpe530p.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 00:20:04
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
D:\Documents and Settings\cedric\Bureau\Nouveau dossier (3)\zaxAppHost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-09 0:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-08 22:24:07

Pre-Run: 17,507,237,888 octets libres
Post-Run: 17,486,909,440 octets libres

325 --- E O F --- 2008-08-19 19:18:48

Je pense etre a jour dans les scans ?

Réponse 32 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Bonjour,

Bravo pour les scans et les rapports.
Pour l'avenir et uniquement pour ton info, regarde cette partie du log Kaspersky:
« Program database last update: Monday, September 08, 2008 15:22:38 »
Pour ces applications en ligne, il faut toujours veiller à lancer la mise à jour de leur base de données.
J'en parlais ainsi: « - Patiente pendant l'installation des "Mises à jour". »

Maintenant au boulot!
RECOMMANDATION/
Commence par imprimer la procédure (ou, mieux encore, sauvegarde-la dans un dossier sur le bureau) --> parce que tu vas devoir redémarrer en mode sans échec (et tu n'auras plus accès à CCM à ce moment-là).

Tu as toujours l'icône de ComboFix sur le bureau

Télécharge : - OTMoveIt (de Old_Timer) sur le bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

1°- PREALABLES :
Etant donné que ANTIVIR détecte un risque sécuritaire dans l'outil suivant : nircmd.cfexe qui appartient en fait à ComboFix, il faut que tu désactives le bouclier d'Antivir le temps du scan :
==> Fais un clic-droit sur l'icône d'Antivir dans la barre des tâches et décoche "Antivir Guard enable"
==> Réactive-le en fin de cette procédure ComboFix.

2°- Désactive ta restauration système
( Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK] )

Redémarre ton PC en mode sans échec

3°- Double-clique sur OTMoveIt2.exe sur le bureau
- Copie la ligne en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt nommé « Paste List of Files/Folders to be moved »:

C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE

- Clique sur MoveIt! pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Quoiqu’il en soit, redémarre normalement le PC, et poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

4°-Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant :

File::
C:\WINDOWS\system32\g64.exe
C:\WINDOWS\system32\uiteurmymxdvjvyac.dll
C:\WINDOWS\system32\g64.exe
C:\WINDOWS\system32\lbhrojeldlsqduk.exe
C:\WINDOWS\system32\iscunzsxronnejek.dll
C:\833.bat
D:\Documents and Settings\cedric\Bureau\viruskeeper2007pro.zip

Folder::
C:\Program Files\Personal Antispy
C:\WINDOWS\Y2Vkcmlj
C:\VundoFix Backups
C:\QooBox\Quarantine
C:\ToolBar SD
C:\Temp\dax41
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo

Driver::
zvhljf

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08D22DB3-5C1C-416A-A398-9F54ACCD192D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a0b91b7-127a-4939-a092-6f245fc379ea}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DE12D85-804B-42DA-94DD-B24F7FBCF4CE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{accf5978-4de5-eed9-2728-c72bf18e5a24}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5DE12D85-804B-42DA-94DD-B24F7FBCF4CE}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e28dc7c-c91b-11dc-b710-00173f5fdf92}\Shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{830536d4-c5af-523b-4bfc-e3e0d7f9b956}"=-
"BM1b3e207c"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

- Copie le texte sélectionné (CTRL+C) ==> en appuyant simultanément sur les touches CTRL et C.
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V) ==> en appuyant simultanément sur les touches CTRL et V .
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript1.txt
• Regarde ici (ce n’est qu’un exemple !) < http://img509.imageshack.us/img509/5984/screenshot332wc3.png >

5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” (Tristan.exe) sur le bureau) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt</gras> ” sur le fichier “ComboFix.exe”(Tristan.exe) comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif >
L'icône ComboFix.exe (Tristan.exe) change alors de "brillance" dans sa couleur.
Un module s'affiche ==> clic sur "Exécuter"

Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!

(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)

6°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt

7°- Arrêter puis redémarrer le PC; Ensuite réactive ta restauration système

8°- Poste un nouveau log HijackThis.

9°- Télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau.
Dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre.
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

Courage
Nous sommes au bout du tunnel.
À ce soir
Al

Réponse 33 / 52

titi

Bonjour AL

gros gros manque de temps aujourd'hui je m'occupe de ca des demain merci de ta cooperation ;).

Réponse 34 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Salut titi,

Pas de souci.
Pense à toi.
Évite cependant de jouer avec ce PC très pollué, avant que nous en ayions terminé.

Bonne nuit
Al.

Réponse 35 / 52

titi

Bonojur Al, franchement jai pas pu m'empecher de faire un petit counter strike source les grands fans me comprendront bon je reprends les scans.

Réponse 36 / 52

titi

Resultat Otmoveit2

C:\APPS\Office_1\All\oonepdf\SETUP.EXE moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09102008_202759

Réponse 37 / 52

afideg Messages postés 10970 Statut Contributeur sécurité 602

Allo ?
Il manque 3 rapports.
Bonne nuit
Al.

Réponse 38 / 52

titi

oui voila le 2é

Combofix

ComboFix 08-09-05.14 - cedric 2008-09-10 21:50:49.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.594 [GMT 2:00]
Endroit: C:\TRISTAN\ComboFix.exe
Command switches used :: D:\Documents and Settings\cedric\Bureau\CFScript1.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\833.bat
C:\Program Files\Personal Antispy
C:\Program Files\Personal Antispy\antispy.exe
C:\Program Files\Personal Antispy\Quarantined\ctfmon.exe
C:\Program Files\Personal Antispy\Quarantined\index.dat
C:\Temp\dax41
C:\Temp\dax41\A3G.log
C:\ToolBar SD\Autrinf.cmd
C:\ToolBar SD\Back.cmd
C:\ToolBar SD\Backup-TB\Reg\HKCU_Run.reg
C:\ToolBar SD\Backup-TB\Reg\HKLM_BHO.reg
C:\ToolBar SD\Backup-TB\Reg\HKLM_Classes.reg
C:\ToolBar SD\Backup-TB\Reg\HKLM_Run.reg
C:\ToolBar SD\Backup-TB\Reg\HKLM_ToolBar.reg
C:\ToolBar SD\Backup-TB\Reg\HKLM_Uninstall.reg
C:\ToolBar SD\Changelog ToolBar.txt
C:\ToolBar SD\Crack.txt
C:\ToolBar SD\DemP.cmd
C:\ToolBar SD\DirectFix.cmd
C:\ToolBar SD\Discl_en.vbs
C:\ToolBar SD\Discl_fr.vbs
C:\ToolBar SD\Discl_sp.vbs
C:\ToolBar SD\Doss.tbsd
C:\ToolBar SD\Fich.cmd
C:\ToolBar SD\FixExt.cmd
C:\ToolBar SD\Kill.cmd
C:\ToolBar SD\Langues.cmd
C:\ToolBar SD\OS_v.vbs
C:\ToolBar SD\paths.bat
C:\ToolBar SD\pv.exe
C:\ToolBar SD\Rech.cmd
C:\ToolBar SD\RegP2.txt
C:\ToolBar SD\RegP3.txt
C:\ToolBar SD\RegP4.txt
C:\ToolBar SD\RegP5.txt
C:\ToolBar SD\RegPCU.txt
C:\ToolBar SD\RegPLM.txt
C:\ToolBar SD\RegTBSD.reg
C:\ToolBar SD\RKit.lsd
C:\ToolBar SD\RoGUeS.lsd
C:\ToolBar SD\RunTool.txt
C:\ToolBar SD\sed.exe
C:\ToolBar SD\setpath.exe
C:\ToolBar SD\TB_1.txt
C:\ToolBar SD\TB_2.txt
C:\ToolBar SD\TB_3.txt
C:\ToolBar SD\ToolBarSD.cmd
C:\ToolBar SD\ToolBarSD.ico
C:\ToolBar SD\Uninstal.exe
C:\VundoFix Backups
C:\WINDOWS\system32\lbhrojeldlsqduk.exe
C:\WINDOWS\system32\uiteurmymxdvjvyac.dll
C:\WINDOWS\Y2Vkcmlj
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\_entreelist.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\_enviewlist.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_000021599B0090400000000000F01FEC
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_000021599B0090400000000000F01FEC.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_05CA691F59C71E249974DBBA81FBC3C8
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_05CA691F59C71E249974DBBA81FBC3C8.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0B080C3E5F32FA94988FE8D8CB986E95
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0B080C3E5F32FA94988FE8D8CB986E95.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0DEF1459F7230FD4B869FE75FE26F291
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0DEF1459F7230FD4B869FE75FE26F291.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0E23E40C6140D434FA9B96967D309AFE
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_0E23E40C6140D434FA9B96967D309AFE.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_12341
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_12345
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_12350
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_17400AB28230347339DBAF1833357A38
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_17400AB28230347339DBAF1833357A38.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_1F3B805BA42A0C233B0158879691FE82
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_1F3B805BA42A0C233B0158879691FE82.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_22DD1096A725FE1409958EF1DE9E4E49
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_22DD1096A725FE1409958EF1DE9E4E49.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_243493A986A4ABE4586A555B954F7E00
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_243493A986A4ABE4586A555B954F7E00.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_2509FC9A0A4FD5740AF08A83C826DD36
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_2509FC9A0A4FD5740AF08A83C826DD36.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_312080A5CEA52FB4BB2397E60B4E12CE
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_312080A5CEA52FB4BB2397E60B4E12CE.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_42A6D1D74D56C4548851F4805AFF1FC2
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_42A6D1D74D56C4548851F4805AFF1FC2.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4301AEBD288588A40833184CFEC0AF92
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4301AEBD288588A40833184CFEC0AF92.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_445E44DF0D7EABD4F90AA81E1A033009
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_445E44DF0D7EABD4F90AA81E1A033009.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4476FDAB78736F848B9CC4945904D156
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4476FDAB78736F848B9CC4945904D156.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4757561245DB2A844905BE302B7CCF92
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_4757561245DB2A844905BE302B7CCF92.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_482EEDB361518E047B4800EFEBB10163
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_482EEDB361518E047B4800EFEBB10163.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_6030E61781384634B8F8C04C9E73B6CA
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_6030E61781384634B8F8C04C9E73B6CA.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_62287FAB00234BD4EB33D429A2978904
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_62287FAB00234BD4EB33D429A2978904.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_68AB67CA7DA76301B7447A0000000000
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_68AB67CA7DA76301B7447A0000000000.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_7E0A68ECD818CE341A1895ABB93DFEE2
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_7E0A68ECD818CE341A1895ABB93DFEE2.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_8A0F842331866D117AB7000B0D510004
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_8A0F842331866D117AB7000B0D510004.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_93A345B810494F445B2760E9461C1598
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_93A345B810494F445B2760E9461C1598.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_b25099274a207264182f8181add555d0
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_b25099274a207264182f8181add555d0.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_c049C053C7D38EE4AB9A00CB3B5D2472
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_c049C053C7D38EE4AB9A00CB3B5D2472.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_C141C48B31A9EB44A99603D1B7118D63
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_C141C48B31A9EB44A99603D1B7118D63.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_D95C861BFCF5CEE44B46FB7A8A621605
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_D95C861BFCF5CEE44B46FB7A8A621605.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_DF5E4AFA07DE29D4990D61F25DD69C68
D:\Documents and Settings\All Users\Application Data\AntiSpyInfo\icn_DF5E4AFA07DE29D4990D61F25DD69C68.dll
D:\Documents and Settings\cedric\Bureau\viruskeeper2007pro.zip

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
.

2008-09-10 21:48 . 2008-09-10 21:48 <REP> d-------- C:\TRISTAN
2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- D:\Documents and Settings\cedric\Application Data\Malwarebytes
2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 22:26 . 2008-09-07 22:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 22:26 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 22:26 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 21:01 . 2008-09-07 21:01 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-09-07 21:01 . 2008-09-07 21:01 <REP> d-------- C:\Program Files\Avira
2008-09-07 18:51 . 2008-09-07 20:32 1,062 --a------ C:\Orph.egd
2008-09-07 18:49 . 2008-09-10 21:55 <REP> d-------- C:\ToolBar SD
2008-09-07 16:44 . 2008-09-07 16:44 <REP> d-------- D:\Documents and Settings\Bé
2008-09-07 12:17 . 2008-09-07 12:17 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 12:04 . 2008-09-07 12:04 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-09-07 12:04 . 2008-09-07 12:04 <REP> d-------- C:\Program Files\Logitech
2008-09-07 01:38 . 2008-09-07 01:38 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Fighters
2008-09-07 01:38 . 2008-09-07 01:38 <REP> d-------- C:\Program Files\Fighters
2008-09-06 16:45 . 2008-09-06 18:33 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-09-06 11:35 . 2008-09-06 11:35 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Arovax
2008-09-06 11:35 . 2008-09-10 20:31 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-09-06 10:32 . 2008-09-06 10:36 90,921 --a------ C:\WINDOWS\system32\iscunzsxronnejek.dll-uninst.exe
2008-09-06 10:30 . 2008-09-10 21:54 <REP> d-------- C:\Temp
2008-08-29 09:36 . 2008-08-29 09:36 15,496 --a------ C:\WINDOWS\system32\drivers\vffilter.sys
2008-08-29 00:21 . 2008-08-29 00:21 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-08-21 19:29 . 2008-08-21 19:29 <REP> d-------- D:\Documents and Settings\cedric\Application Data\PC Tools
2008-08-21 19:29 . 2008-09-10 20:26 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 19:29 . 2008-09-10 20:26 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-21 19:29 . 2008-09-09 10:23 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-21 19:29 . 2008-09-09 10:23 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-21 19:29 . 2008-09-09 10:23 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-21 19:29 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-18 20:55 . 2008-08-18 20:55 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-18 20:55 . 2008-09-06 11:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-18 20:52 . 2008-09-06 11:37 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-17 11:05 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-17 11:04 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-13 17:56 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 18:31 --------- d-----w C:\Program Files\eMule
2008-09-08 22:41 --------- d-----w C:\Program Files\Steam
2008-07-31 10:30 --------- d-----w C:\Program Files\BitTorrent
2008-07-23 19:46 --------- d-----w C:\Program Files\Project10
2008-07-21 10:44 --------- d-----w C:\Program Files\lx_cats
2008-07-14 16:55 --------- d-----w D:\Documents and Settings\cedric\Application Data\CyberLink
2008-07-14 16:42 --------- d-----w C:\Program Files\Mafia
.

------- Sigcheck -------

2004-08-10 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-10 14:00 578048 e46fb493e3b33704f0715020cf52106b C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\user32.dll

2004-08-10 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\system32\ws2_32.dll

2007-04-25 10:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-10 14:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\ie7\wininet.dll
2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-10 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\system32\winlogon.exe

2004-08-10 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-10 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 10:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-02-21 09:18 2060160 560ebcde98e8868ca13523c3959148ff C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2019328 3e3df9f5d56b719f055e7d652e79f96b C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:49 2017280 35567c8c50986c2bc5c3efd79cb045e4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2017280 50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-29 20:28 2017792 7a319c9e0c14ed6410e8b2753e3a32ce C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 04:07 2025984 92e82482cdb39929cf7b541a9648afae C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-02-21 09:18 2183168 e4f5a850222a8d68f496162f16f1bdc9 C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2139648 de41f3b43b9f15e08ccd4b98a7bb2ca3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 00:48 2150400 36f32a5a83df734e022734d93860a9a4 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2137600 e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-29 20:28 2138112 cd6a9f81c8b9baf1e4393c6c476d17e7 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 04:07 2147328 b10c36956eb7a8b1586dbe3b43875280 C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-10 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-10 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\system32\services.exe

2004-08-10 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\system32\lsass.exe

2004-08-10 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-10 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\system32\spoolsv.exe

2004-08-10 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_16.43.16.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2008-08-05 18:11:01 15,888,504 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 -c--a-w C:\WINDOWS\system32\MRT.exe
- 2008-08-21 17:30:51 84,670 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-10 11:44:25 84,670 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-21 17:30:51 101,042 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-10 11:44:25 101,042 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-08-21 17:30:51 470,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-10 11:44:25 470,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-21 17:30:51 543,520 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-10 11:44:25 543,520 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-06-24 16:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-09-24 1690648]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-09-24 2095640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-31 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Steam\\steamapps\\diro227\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"119:TCP"= 119:TCP:p
"119:UDP"= 119:UDP:o
"443:TCP"= 443:TCP:hg
"443:UDP"= 443:UDP:o
"2672:TCP"= 2672:TCP:p
"2672:UDP"= 2672:UDP:p
"17820:TCP"= 17820:TCP:emule
"17810:UDP"= 17810:UDP:emule
"4232:TCP"= 4232:TCP:em
"17810:TCP"= 17810:TCP:g
"17820:UDP"= 17820:UDP:l
"4662:TCP"= 4662:TCP:ee
"4672:UDP"= 4672:UDP:huju

R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;C:\Program Files\Fighters\licenseservice.exe [2008-08-29 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;C:\Program Files\Fighters\updateservice.exe [2008-08-29 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;C:\Program Files\Fighters\ScannerService.exe [2008-08-29 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;C:\Program Files\Fighters\configservice.exe [2008-08-29 139912]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 27776]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Vfscan;Vfscan;C:\WINDOWS\system32\DRIVERS\vffilter.sys [2008-08-29 15496]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 14592]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56f0e980-7469-11dd-81b0-00038a000015}]
\Shell\Auto\command - J:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845ca-8c88-11dc-a7e7-00038a000015}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845cb-8c88-11dc-a7e7-00038a000015}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcb845cc-8c88-11dc-a7e7-00038a000015}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 21:57:07
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
D:\Documents and Settings\cedric\Bureau\Nouveau dossier (3)\zaxAppHost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-10 22:00:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-10 20:00:38
ComboFix2.txt 2008-09-08 22:24:28

Pre-Run: 17,694,240,768 octets libres
Post-Run: 17,631,109,120 octets libres

435 --- E O F --- 2008-09-09 22:21:39

Réponse 39 / 52

titi

Nouveau rapport d hitackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:42, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fighters\ScannerService.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
D:\Documents and Settings\cedric\Bureau\Nouveau dossier (3)\zaxAppHost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\cedric\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{34131C44-8B58-4A6C-9738-C70C1C368785}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{44F6E51B-3B2D-43A0-A513-C5BB5079AB46}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB617AFC-D738-455B-9CCC-7CB4AC11F2F5}: NameServer = 192.168.1.1,192.168.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CS2\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O17 - HKLM\System\CS3\Services\Tcpip\..\{311B6AFE-5EA4-47D6-B6D2-12986A044E1F}: NameServer = 213.245.0.18,213.245.0.26
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 40 / 52

titi

J'ai oublié de te signaler qu un a fichier aété détecté par Antivir que j'ai mis en quarantaine

Rapport de Genproc

Rapport GenProc 2.025 [1] effectué le 10/09/2008 à 22:14:58,15 - Windows XP

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- MSNFix (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.

***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "cedric") *****

# Etape 2/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Un nouveau rapport HijackThis, http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

Virtumonde encore et toujours

52 réponses

Votre réponse

Newsletters