A voir également:
- Pb de fenetre pub intempestives
- Fr alert pub - Guide
- Stop pub - Télécharger - Divers Utilitaires
- Pourquoi je n'ai plus de pub sur candy crush - Forum Jeux vidéo
- Youtube sans pub apk - Télécharger - Streaming vidéo
- Bloqueur de pub m6 - Forum Internet / Réseaux sociaux
50 réponses
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 07:47
16 sept. 2008 à 07:47
Salut,
Infection Vundo.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Infection Vundo.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 07:49
16 sept. 2008 à 07:49
Si Tea Timer te demande quelque chose, accepte.
ok, j'ai effectué malwarebytes et je colle le rapport, spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!
malwarebytes me signale qu'il y a quelques elements qu'il ne peut supprimer et que pour cela il fat redemarer l'ordi? j'attends tes precieux conseils
malwarebytes me signale qu'il y a quelques elements qu'il ne peut supprimer et que pour cela il fat redemarer l'ordi? j'attends tes precieux conseils
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pardon j'ai oublié de coller le rapport
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1159
Windows 5.1.2600 Service Pack 2
16/09/2008 08:08:01
mbam-log-2008-09-16 (08-08-01).txt
Type de recherche: Examen rapide
Eléments examinés: 95147
Temps écoulé: 15 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmjigf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0705a77a-c085-4bf2-bab2-a8551324a024} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b523c5e1-7df6-408f-ae8c-e530a6ed92cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8389b7de (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80ba8442 (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsrsji -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsrsji -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IjSrsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IjSrsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mowiwmyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlyhgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmNFwT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQhIYo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlkqfsrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqbddavc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqawof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvbsvjuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBssQjj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjveggav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zfujro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1159
Windows 5.1.2600 Service Pack 2
16/09/2008 08:08:01
mbam-log-2008-09-16 (08-08-01).txt
Type de recherche: Examen rapide
Eléments examinés: 95147
Temps écoulé: 15 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmjigf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0705a77a-c085-4bf2-bab2-a8551324a024} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b523c5e1-7df6-408f-ae8c-e530a6ed92cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8389b7de (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80ba8442 (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsrsji -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsrsji -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IjSrsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IjSrsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mowiwmyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlyhgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmNFwT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQhIYo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlkqfsrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqbddavc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqawof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvbsvjuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBssQjj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjveggav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zfujro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 08:15
16 sept. 2008 à 08:15
"spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!"
---> Je t'avais prévenu dans le message juste au-dessus.
---> Redémarre ton PC
---> Je t'avais prévenu dans le message juste au-dessus.
---> Redémarre ton PC
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 08:18
16 sept. 2008 à 08:18
Ok.
ok je suis revenu et spybot m'a redemandé et j'ai accepté, par contre j'ai eu deux messages d'erreur windows dll ?
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 08:23
16 sept. 2008 à 08:23
On va passer à ComboFix.
Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.
---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot
Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.
---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot
Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
ce fut long mais voila le rapport de combofix
ComboFix 08-09-15.02 - GUILLAUME 2008-09-16 8:28:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.665 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\GUILLAUME\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ELODIE\Cookies\elodie@bluestreak[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@edt02[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@ehg-citenumerique.hitbox[1].txt
C:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\QUENTIN\Cookies\quentin@bluestreak[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@edt02[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@serving-sys[1].txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\components
C:\WINDOWS\system32\i4
C:\WINDOWS\system32\i4\tcX12i49.exe
C:\WINDOWS\system32\lbjlyehn.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkjvwhdf.ini
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\tuxnmnyi.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 08:14 . 2008-09-16 08:14 244 --ah----- C:\sqmnoopt05.sqm
2008-09-16 08:14 . 2008-09-16 08:14 232 --ah----- C:\sqmdata05.sqm
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 07:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 06:05 . 2008-09-16 06:05 244 --ah----- C:\sqmnoopt04.sqm
2008-09-16 06:05 . 2008-09-16 06:05 232 --ah----- C:\sqmdata04.sqm
2008-09-15 19:20 . 2008-09-15 19:20 244 --ah----- C:\sqmnoopt03.sqm
2008-09-15 19:20 . 2008-09-15 19:20 232 --ah----- C:\sqmdata03.sqm
2008-09-15 18:42 . 2008-09-15 18:42 244 --ah----- C:\sqmnoopt02.sqm
2008-09-15 18:42 . 2008-09-15 18:42 232 --ah----- C:\sqmdata02.sqm
2008-09-15 18:37 . 2008-09-16 04:43 <REP> d-------- C:\Program Files\Antipub
2008-09-15 16:43 . 2008-09-15 16:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 16:43 . 2008-09-16 08:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 16:29 . 2008-09-15 16:29 244 --ah----- C:\sqmnoopt01.sqm
2008-09-15 16:29 . 2008-09-15 16:29 232 --ah----- C:\sqmdata01.sqm
2008-09-15 08:36 . 2008-09-15 08:36 <REP> d-------- C:\Program Files\Alwil Software
2008-09-14 18:34 . 2008-09-14 18:34 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-09-14 18:33 . 2008-09-14 18:33 <REP> d-------- C:\WINDOWS\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 18:33 . 2008-09-16 06:03 <REP> d-------- C:\Program Files\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:48 . 2008-09-14 17:48 <REP> d-------- C:\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:34 . 2008-09-15 15:29 <REP> d--hs---- C:\WINDOWS\R1VJTExBVU1F
2008-09-14 17:34 . 2008-09-14 17:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-09-14 17:32 . 2008-09-14 17:32 <REP> d-------- C:\WINDOWS\system32\esx
2008-09-14 17:32 . 2008-09-15 15:33 <REP> d-------- C:\WINDOWS\system32\101
2008-09-14 17:31 . 2008-09-14 17:31 <REP> d-------- C:\WINDOWS\system32\mC02
2008-09-14 17:31 . 2008-09-14 17:32 <REP> d-------- C:\temp\mtc2
2008-09-14 12:48 . 2008-09-15 08:28 <REP> d-------- C:\Program Files\FrostWire
2008-09-14 12:48 . 2008-09-16 06:07 <REP> d-a------ C:\Program Files\AskSBar
2008-09-14 12:48 . 2008-09-15 08:27 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\FrostWire
2008-09-13 16:47 . 2008-09-13 16:48 <REP> d-------- C:\Documents and Settings\QUENTIN\.gimp-2.2
2008-09-06 10:24 . 2008-09-06 10:24 <REP> d-------- C:\Program Files\Beach Soccer
2008-08-27 17:54 . 2008-08-27 17:54 <REP> d-------- C:\Program Files\ViaMichelin
2008-08-26 10:43 . 2008-08-26 11:37 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-25 12:33 . 2008-08-25 12:33 <REP> d-------- C:\Program Files\scrabbleproB1.0.8
2008-08-25 12:33 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-22 19:02 . 2008-08-22 19:02 <REP> d-------- C:\Program Files\bfgclient
2008-08-22 19:01 . 2008-08-22 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-08-17 10:03 . 2008-08-17 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:08 --------- d-----w C:\Program Files\GamesBar
2008-09-16 04:03 --------- d-----w C:\Program Files\Gamenext
2008-09-16 03:59 --------- d-----w C:\Program Files\Azureus
2008-09-15 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-09-15 06:11 --------- d-----w C:\Program Files\LimeWire
2008-09-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-14 09:29 --------- d-----w C:\Program Files\Google
2008-09-14 09:16 --------- d-----w C:\Program Files\Java
2008-09-13 15:57 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 15:57 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 15:57 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-13 13:35 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\OpenOffice.org2
2008-09-12 18:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 09:02 --------- d-----w C:\Program Files\InstantTouch
2008-09-10 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 06:26 --------- d-----w C:\Program Files\Microsoft Works
2008-09-07 11:03 --------- d-----w C:\Documents and Settings\ELODIE\Application Data\OpenOffice.org2
2008-08-27 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 07:29 --------- d-----w C:\Documents and Settings\GUILLAUME\Application Data\OpenOffice.org2
2008-08-24 11:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-22 17:02 0 ----a-w C:\Program Files\temp01
2008-08-22 15:31 --------- d-----w C:\Program Files\Buka
2008-08-21 07:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-04 10:33 --------- d-----w C:\Program Files\Objectif Tarot
2008-08-04 10:32 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-31 13:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-09 20:25 38,416 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 18:34 146 ----a-w C:\Documents and Settings\QUENTIN\Application Data\wklnhst.dat
2007-09-29 07:18 224 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\wklnhst.dat
2007-02-14 11:09 0 ----a-w C:\Documents and Settings\MAXIME\Application Data\wklnhst.dat
2006-08-12 13:29 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-14 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-13 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\QUENTIN\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\VALERIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\ELODIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\GUILLAUME\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [2003-03-23 674304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nbbzti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^GUILLAUME^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\GUILLAUME\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reminder.exe]
--------- 2005-01-19 17:10 28672 C:\WINDOWS\reminder\fsc-reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-13 19:02 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 19:14 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2004-08-06 16:33 2502656 C:\Program Files\Yahoo!\Messenger\YPager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\condition zero deleted scenes\\hl.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\Mohaa.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AUTORUN.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{04578D8D-6130-411B-BEE5-DFF22903F732} - (no file)
BHO-{04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
BHO-{45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
BHO-{DF5778B0-4BDD-4922-AB5E-F733267245DD} - (no file)
HKLM-Run-{2edf7f6e-828a-e517-385a-b25ca7d71a25} - C:\WINDOWS\system32\prjvrmtoojhurpsz.dll
Notify-nnnmjigf - (no file)
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-VVSN - C:\Program Files\VVSN\VVSN.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 -: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
C:\WINDOWS\Downloaded Program Files\npwwg.inf
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:26:44
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-16 9:53:49
ComboFix-quarantined-files.txt 2008-09-16 07:52:53
Avant-CF: 98,554,834,944 octets libres
AprŠs-CF: 99,202,543,616 octets libres
277 --- E O F --- 2008-09-10 06:29:14
ComboFix 08-09-15.02 - GUILLAUME 2008-09-16 8:28:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.665 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\GUILLAUME\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ELODIE\Cookies\elodie@bluestreak[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@edt02[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@ehg-citenumerique.hitbox[1].txt
C:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\QUENTIN\Cookies\quentin@bluestreak[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@edt02[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@serving-sys[1].txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\components
C:\WINDOWS\system32\i4
C:\WINDOWS\system32\i4\tcX12i49.exe
C:\WINDOWS\system32\lbjlyehn.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkjvwhdf.ini
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\tuxnmnyi.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 08:14 . 2008-09-16 08:14 244 --ah----- C:\sqmnoopt05.sqm
2008-09-16 08:14 . 2008-09-16 08:14 232 --ah----- C:\sqmdata05.sqm
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 07:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 06:05 . 2008-09-16 06:05 244 --ah----- C:\sqmnoopt04.sqm
2008-09-16 06:05 . 2008-09-16 06:05 232 --ah----- C:\sqmdata04.sqm
2008-09-15 19:20 . 2008-09-15 19:20 244 --ah----- C:\sqmnoopt03.sqm
2008-09-15 19:20 . 2008-09-15 19:20 232 --ah----- C:\sqmdata03.sqm
2008-09-15 18:42 . 2008-09-15 18:42 244 --ah----- C:\sqmnoopt02.sqm
2008-09-15 18:42 . 2008-09-15 18:42 232 --ah----- C:\sqmdata02.sqm
2008-09-15 18:37 . 2008-09-16 04:43 <REP> d-------- C:\Program Files\Antipub
2008-09-15 16:43 . 2008-09-15 16:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 16:43 . 2008-09-16 08:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 16:29 . 2008-09-15 16:29 244 --ah----- C:\sqmnoopt01.sqm
2008-09-15 16:29 . 2008-09-15 16:29 232 --ah----- C:\sqmdata01.sqm
2008-09-15 08:36 . 2008-09-15 08:36 <REP> d-------- C:\Program Files\Alwil Software
2008-09-14 18:34 . 2008-09-14 18:34 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-09-14 18:33 . 2008-09-14 18:33 <REP> d-------- C:\WINDOWS\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 18:33 . 2008-09-16 06:03 <REP> d-------- C:\Program Files\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:48 . 2008-09-14 17:48 <REP> d-------- C:\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:34 . 2008-09-15 15:29 <REP> d--hs---- C:\WINDOWS\R1VJTExBVU1F
2008-09-14 17:34 . 2008-09-14 17:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-09-14 17:32 . 2008-09-14 17:32 <REP> d-------- C:\WINDOWS\system32\esx
2008-09-14 17:32 . 2008-09-15 15:33 <REP> d-------- C:\WINDOWS\system32\101
2008-09-14 17:31 . 2008-09-14 17:31 <REP> d-------- C:\WINDOWS\system32\mC02
2008-09-14 17:31 . 2008-09-14 17:32 <REP> d-------- C:\temp\mtc2
2008-09-14 12:48 . 2008-09-15 08:28 <REP> d-------- C:\Program Files\FrostWire
2008-09-14 12:48 . 2008-09-16 06:07 <REP> d-a------ C:\Program Files\AskSBar
2008-09-14 12:48 . 2008-09-15 08:27 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\FrostWire
2008-09-13 16:47 . 2008-09-13 16:48 <REP> d-------- C:\Documents and Settings\QUENTIN\.gimp-2.2
2008-09-06 10:24 . 2008-09-06 10:24 <REP> d-------- C:\Program Files\Beach Soccer
2008-08-27 17:54 . 2008-08-27 17:54 <REP> d-------- C:\Program Files\ViaMichelin
2008-08-26 10:43 . 2008-08-26 11:37 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-25 12:33 . 2008-08-25 12:33 <REP> d-------- C:\Program Files\scrabbleproB1.0.8
2008-08-25 12:33 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-22 19:02 . 2008-08-22 19:02 <REP> d-------- C:\Program Files\bfgclient
2008-08-22 19:01 . 2008-08-22 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-08-17 10:03 . 2008-08-17 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:08 --------- d-----w C:\Program Files\GamesBar
2008-09-16 04:03 --------- d-----w C:\Program Files\Gamenext
2008-09-16 03:59 --------- d-----w C:\Program Files\Azureus
2008-09-15 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-09-15 06:11 --------- d-----w C:\Program Files\LimeWire
2008-09-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-14 09:29 --------- d-----w C:\Program Files\Google
2008-09-14 09:16 --------- d-----w C:\Program Files\Java
2008-09-13 15:57 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 15:57 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 15:57 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-13 13:35 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\OpenOffice.org2
2008-09-12 18:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 09:02 --------- d-----w C:\Program Files\InstantTouch
2008-09-10 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 06:26 --------- d-----w C:\Program Files\Microsoft Works
2008-09-07 11:03 --------- d-----w C:\Documents and Settings\ELODIE\Application Data\OpenOffice.org2
2008-08-27 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 07:29 --------- d-----w C:\Documents and Settings\GUILLAUME\Application Data\OpenOffice.org2
2008-08-24 11:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-22 17:02 0 ----a-w C:\Program Files\temp01
2008-08-22 15:31 --------- d-----w C:\Program Files\Buka
2008-08-21 07:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-04 10:33 --------- d-----w C:\Program Files\Objectif Tarot
2008-08-04 10:32 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-31 13:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-09 20:25 38,416 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 18:34 146 ----a-w C:\Documents and Settings\QUENTIN\Application Data\wklnhst.dat
2007-09-29 07:18 224 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\wklnhst.dat
2007-02-14 11:09 0 ----a-w C:\Documents and Settings\MAXIME\Application Data\wklnhst.dat
2006-08-12 13:29 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-14 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-13 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\QUENTIN\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\VALERIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\ELODIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
C:\Documents and Settings\GUILLAUME\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [2003-03-23 674304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nbbzti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^GUILLAUME^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\GUILLAUME\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reminder.exe]
--------- 2005-01-19 17:10 28672 C:\WINDOWS\reminder\fsc-reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-13 19:02 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 19:14 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2004-08-06 16:33 2502656 C:\Program Files\Yahoo!\Messenger\YPager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\condition zero deleted scenes\\hl.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\Mohaa.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AUTORUN.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{04578D8D-6130-411B-BEE5-DFF22903F732} - (no file)
BHO-{04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
BHO-{45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
BHO-{DF5778B0-4BDD-4922-AB5E-F733267245DD} - (no file)
HKLM-Run-{2edf7f6e-828a-e517-385a-b25ca7d71a25} - C:\WINDOWS\system32\prjvrmtoojhurpsz.dll
Notify-nnnmjigf - (no file)
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-VVSN - C:\Program Files\VVSN\VVSN.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 -: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
C:\WINDOWS\Downloaded Program Files\npwwg.inf
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:26:44
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-16 9:53:49
ComboFix-quarantined-files.txt 2008-09-16 07:52:53
Avant-CF: 98,554,834,944 octets libres
AprŠs-CF: 99,202,543,616 octets libres
277 --- E O F --- 2008-09-10 06:29:14
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 10:13
16 sept. 2008 à 10:13
---> Télécharge clean.zip de Malekal :
http://www.malekal.com/download/clean.zip
---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd
Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.
---> Choisis l'option 1 puis patiente
---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)
Ne passe pas à l'option 2 sans notre avis !
http://www.malekal.com/download/clean.zip
---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd
Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.
---> Choisis l'option 1 puis patiente
---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)
Ne passe pas à l'option 2 sans notre avis !
voici le rapport
16/09/2008 a 10:14:23,35
*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\SYSTEM\URL.DLL FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GamesBar\" FOUND
16/09/2008 a 10:14:23,35
*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\SYSTEM\URL.DLL FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GamesBar\" FOUND
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 10:24
16 sept. 2008 à 10:24
Fais l'option 2 en mode sans échec.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 10:46
16 sept. 2008 à 10:46
Pas de rapport ?
excuse moi je n'avais pas tilter sur le fait qu'il ecrasait l'ancien
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 16/09/2008 a 10:28:50,06
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de C:\WINDOWS\SYSTEM\URL.DLL
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GamesBar\"
*** Suppression des clefs du registre effectuee..
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 16/09/2008 a 10:28:50,06
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de C:\WINDOWS\SYSTEM\URL.DLL
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GamesBar\"
*** Suppression des clefs du registre effectuee..
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 sept. 2008 à 10:58
16 sept. 2008 à 10:58
/!\ Seul guigui281268 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\system32\nbbzti.dll
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\NsUpdate.exe
Folder::
C:\Program Files\GamesBar
C:\Documents and Settings\All Users\Application Data\GamesBar
C:\Program Files\VVSN
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"NsUpdate"=-
"LVCOMSX"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\system32\nbbzti.dll
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\NsUpdate.exe
Folder::
C:\Program Files\GamesBar
C:\Documents and Settings\All Users\Application Data\GamesBar
C:\Program Files\VVSN
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"NsUpdate"=-
"LVCOMSX"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt