Sujet Précédent Sujet Suivant

Logiciel espion au secour !

lauri24 -  
 lauri24 -
Bonjour,
g un pb avec mon ordi un ami m'a dit que j'avais un logiciel collé a mon pare feu; pouvez vous m'aidez ?
g utiliser Navilog 1 voila ce que ça a donné si vous avez une autre solution dite la moi ? comme reformatez le disc dur

Search Navipromo version 3.6.5 commencé le 15/09/2008 à 20:02:57,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "salomé"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\salomé\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\AJAGUIN\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\salomé\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\salomé\locals~1\applic~1" :

* Dans "C:\DOCUME~1\AJAGUIN\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 15/09/2008 à 20:07:07,68 ***

53 réponses

Précédent
Réponse 41 / 53
lauri24
 
ComboFix 08-09-16.01 - salomé 2008-09-21 21:53:46.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1331 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\salomé\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\salomé\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.

2008-09-20 22:28 . 2008-09-20 22:28 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\vlc
2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomÚ
2008-09-19 11:56 . 2008-09-19 22:15 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-15 19:19 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Logs
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 17:13 . 2008-09-15 17:13 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Apple Computer
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-15 17:17 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 21:11 . 2008-09-17 18:27 <REP> d----c--- C:\Program Files\Fichiers communs\Ahead
2008-08-22 02:29 . 2008-09-18 15:56 <REP> d----c--- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 02:07 . 2008-06-14 20:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 15:00 . 2003-04-24 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-21 14:59 . 2003-04-24 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-21 14:58 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-21 14:57 . 2008-08-21 14:57 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-21 14:56 . 2003-04-24 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-21 14:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 16:19 --------- dc----w C:\Documents and Settings\salomé\Application Data\MEGAUPLOADTOOLBAR
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\OpenOffice.org2
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\MSNInstaller
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\ATI
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Megaupload
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Media Player Classic
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Malwarebytes
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\EBP
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\DivX
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Ahead
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-09-04 16:00 --------- dc----w C:\Program Files\Zylom Games
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Zylom
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-11 08:54 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 -c--a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_10.34.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-21 04:14:38 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\AJAGUIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 21:55:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-09-21 21:57:24
ComboFix-quarantined-files.txt 2008-09-21 18:56:23
ComboFix2.txt 2008-09-21 13:52:19
ComboFix3.txt 2008-09-20 19:15:56
ComboFix4.txt 2008-09-20 07:35:15

Avant-CF: 3,930,746,880 octets libres
AprŠs-CF: 3,915,583,488 octets libres

227

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:12, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\MegaManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\MegaIEMn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\autre\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (file missing)
0
Réponse 42 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Démarre en mode sans échec.

Ouvre l'explorateur Windows,

Cherche chacun de ces fichiers :

C:\Documents and Settings\AJAGUIN\afrnsj.exe
C:\Documents and Settings\AJAGUIN\lnxfrx.exe
C:\Documents and Settings\AJAGUIN\krdjwh.exe
C:\Documents and Settings\AJAGUIN\fbjafd.exe
C:\Documents and Settings\AJAGUIN\cdszkz.exe
C:\Documents and Settings\AJAGUIN\byyxdt.exe
C:\Documents and Settings\AJAGUIN\gjckmu.exe
C:\Documents and Settings\AJAGUIN\ivanqf.exe

Fais un clic droit et Renommer.

Ajoute .vir à la fin du nom :

C:\Documents and Settings\AJAGUIN\afrnsj.exe doit devenir :

C:\Documents and Settings\AJAGUIN\afrnsj.exe.vir

Redémarre en mode normal

double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )
0
Réponse 43 / 53
lauri24
 
bonsoir,

impossible de renommer fichiers finissant par vir ; fenetre ci-dessous s'ouvre
impossible de renommer fichier afrnsj: cette ressource est utilisée par une autre personne ou un autre programme
fermez les programme susceptible d' utiliser les fichier et esssayer à nouveau

sinon voila le reste

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : salomé ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080923-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 24/09/2008|18:22 )

--------------------\\ Listing des dossiers dans APPLIC~1

[13/08/2008|17:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\32 Math Corn
[22/01/2008|18:16] C:\DOCUME~1\AJAGUIN\APPLIC~1\Adobe
[04/04/2008|17:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\Ahead
[12/09/2008|09:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\Apple Computer
[17/11/2007|08:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\ATI
[18/06/2008|13:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\AVS4YOU
[26/04/2008|04:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\BitTorrent
[09/05/2008|19:54] C:\DOCUME~1\AJAGUIN\APPLIC~1\cerasus.media
[11/09/2008|16:38] C:\DOCUME~1\AJAGUIN\APPLIC~1\Comptabilit‚
[17/11/2007|22:21] C:\DOCUME~1\AJAGUIN\APPLIC~1\DivX
[06/09/2008|18:45] C:\DOCUME~1\AJAGUIN\APPLIC~1\dvdcss
[17/07/2008|18:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\EBP
[25/01/2008|20:11] C:\DOCUME~1\AJAGUIN\APPLIC~1\EoRezo
[13/09/2008|12:56] C:\DOCUME~1\AJAGUIN\APPLIC~1\Gamelab
[16/12/2007|15:41] C:\DOCUME~1\AJAGUIN\APPLIC~1\Google
[13/01/2008|19:23] C:\DOCUME~1\AJAGUIN\APPLIC~1\gtk-2.0
[17/11/2007|19:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Help
[08/01/2008|21:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\Home Sweet Home
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Identities
[15/04/2008|00:44] C:\DOCUME~1\AJAGUIN\APPLIC~1\InstallShield
[25/01/2008|20:05] C:\DOCUME~1\AJAGUIN\APPLIC~1\ItsLabel
[15/07/2008|13:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\JAM Software
[15/07/2008|12:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\LimeWire
[15/09/2008|18:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Logs
[17/11/2007|14:57] C:\DOCUME~1\AJAGUIN\APPLIC~1\Macromedia
[08/04/2008|22:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Malwarebytes
[03/12/2007|14:30] C:\DOCUME~1\AJAGUIN\APPLIC~1\Media Player Classic
[15/04/2008|00:46] C:\DOCUME~1\AJAGUIN\APPLIC~1\Megaupload
[15/09/2008|19:08] C:\DOCUME~1\AJAGUIN\APPLIC~1\MegauploadToolbar
[29/08/2008|16:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\AJAGUIN\APPLIC~1\Mozilla
[17/11/2007|15:09] C:\DOCUME~1\AJAGUIN\APPLIC~1\MSNInstaller
[17/11/2007|15:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\OpenOffice.org2
[19/03/2008|12:25] C:\DOCUME~1\AJAGUIN\APPLIC~1\PlayFirst
[16/05/2008|18:19] C:\DOCUME~1\AJAGUIN\APPLIC~1\Real
[24/12/2007|08:36] C:\DOCUME~1\AJAGUIN\APPLIC~1\SAMSUNG
[05/12/2007|12:49] C:\DOCUME~1\AJAGUIN\APPLIC~1\Sun
[19/03/2008|12:33] C:\DOCUME~1\AJAGUIN\APPLIC~1\ViquaSoft
[03/12/2007|19:17] C:\DOCUME~1\AJAGUIN\APPLIC~1\vlc
[14/09/2008|15:52] C:\DOCUME~1\AJAGUIN\APPLIC~1\Vso
[27/11/2007|13:50] C:\DOCUME~1\AJAGUIN\APPLIC~1\WinRAR
[20/08/2008|21:51] C:\DOCUME~1\AJAGUIN\APPLIC~1\Zylom

[19/02/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy
[31/08/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/12/2007|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/07/2008|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/07/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/06/2008|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[11/09/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[08/09/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
[17/07/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[13/09/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[10/01/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[18/02/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[19/11/2007|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/09/2008|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[13/09/2008|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[20/03/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[08/04/2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/09/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/08/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[09/01/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[04/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[19/03/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/05/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[08/01/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[15/09/2008|13:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SEC
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\services
[29/01/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[15/09/2008|13:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software Licensors
[08/04/2008|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/03/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/09/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/11/2007|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/04/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[20/08/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[01/12/2007|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/11/2007|13:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/12/2007|02:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/09/2008|22:38] C:\DOCUME~1\SALOM~1\APPLIC~1\Adobe
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Ahead
[15/09/2008|17:13] C:\DOCUME~1\SALOM~1\APPLIC~1\Apple Computer
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\ATI
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Comptabilit‚
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\DivX
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\EBP
[15/09/2008|22:02] C:\DOCUME~1\SALOM~1\APPLIC~1\Google
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Identities
[15/09/2008|19:19] C:\DOCUME~1\SALOM~1\APPLIC~1\Logs
[13/07/2008|19:12] C:\DOCUME~1\SALOM~1\APPLIC~1\Macromedia
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Malwarebytes
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Media Player Classic
[15/09/2008|17:17] C:\DOCUME~1\SALOM~1\APPLIC~1\Megaupload
[24/09/2008|18:18] C:\DOCUME~1\SALOM~1\APPLIC~1\MEGAUPLOADTOOLBAR
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\Microsoft
[25/08/2008|17:37] C:\DOCUME~1\SALOM~1\APPLIC~1\Mozilla
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\MSNInstaller
[15/09/2008|17:18] C:\DOCUME~1\SALOM~1\APPLIC~1\OpenOffice.org2
[15/09/2008|22:04] C:\DOCUME~1\SALOM~1\APPLIC~1\Real
[20/09/2008|22:28] C:\DOCUME~1\SALOM~1\APPLIC~1\vlc
[15/09/2008|22:08] C:\DOCUME~1\SALOM~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/09/2008 08:52][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/09/2008 14:31][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/06/2008|10:56] C:\Program Files\32 Math Corn
[20/09/2008|10:53] C:\Program Files\7-Zip
[31/08/2008|11:24] C:\Program Files\Adobe
[17/09/2008|18:27] C:\Program Files\Ahead
[20/03/2008|23:49] C:\Program Files\Alwil Software
[11/08/2008|16:14] C:\Program Files\Apple Software Update
[18/09/2008|00:25] C:\Program Files\AskTBar
[17/11/2007|08:29] C:\Program Files\ATI Technologies
[27/03/2008|12:19] C:\Program Files\BitTorrent
[16/07/2008|23:53] C:\Program Files\Bonjour
[21/03/2008|15:44] C:\Program Files\CCleaner
[13/01/2008|21:42] C:\Program Files\CD Audio Reader Filter
[17/11/2007|10:10] C:\Program Files\CodecInstaller
[17/11/2007|08:03] C:\Program Files\ComPlus Applications
[17/11/2007|08:54] C:\Program Files\CONEXANT
[13/01/2008|19:30] C:\Program Files\DirectVobSub
[15/09/2008|17:47] C:\Program Files\DivX
[11/09/2008|16:32] C:\Program Files\DVD Shrink
[08/09/2008|17:01] C:\Program Files\DVD X Studios
[17/08/2008|18:42] C:\Program Files\FDRLab
[22/09/2008|20:33] C:\Program Files\Fichiers communs
[28/07/2008|22:20] C:\Program Files\FlashGet
[19/11/2007|11:24] C:\Program Files\Google
[13/01/2008|19:33] C:\Program Files\Haali
[10/12/2007|17:04] C:\Program Files\Hp
[15/09/2008|14:44] C:\Program Files\InstallShield Installation Information
[27/08/2008|18:49] C:\Program Files\Internet Explorer
[16/07/2008|23:54] C:\Program Files\iPod
[23/09/2008|12:46] C:\Program Files\iTunes
[15/07/2008|13:46] C:\Program Files\JAM Software
[05/12/2007|10:22] C:\Program Files\Java
[28/11/2007|14:10] C:\Program Files\KC Softwares
[14/05/2008|00:28] C:\Program Files\K-Lite Codec Pack
[10/05/2008|10:34] C:\Program Files\LeConjugueur
[18/11/2007|17:02] C:\Program Files\Look 312P
[24/01/2008|20:45] C:\Program Files\Macrogaming
[15/09/2008|22:20] C:\Program Files\MagicDVDRipper
[13/05/2008|23:59] C:\Program Files\Mediatwins software
[15/04/2008|00:45] C:\Program Files\MegauploadToolbar
[13/08/2008|15:27] C:\Program Files\Messenger
[05/12/2007|13:00] C:\Program Files\Micro Application
[17/11/2007|22:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/11/2007|08:07] C:\Program Files\microsoft frontpage
[21/11/2007|10:38] C:\Program Files\Microsoft Office
[17/11/2007|14:23] C:\Program Files\Microsoft SQL Server Compact Edition
[21/11/2007|10:38] C:\Program Files\Microsoft Works
[21/11/2007|10:37] C:\Program Files\Microsoft.NET
[17/11/2007|08:04] C:\Program Files\Movie Maker
[24/09/2008|17:07] C:\Program Files\Mozilla Firefox
[03/04/2008|22:22] C:\Program Files\MSN
[17/11/2007|08:03] C:\Program Files\MSN Gaming Zone
[10/12/2007|02:00] C:\Program Files\MSXML 4.0
[15/09/2008|20:10] C:\Program Files\Navilog1
[10/12/2007|13:28] C:\Program Files\Nero
[17/11/2007|08:05] C:\Program Files\NetMeeting
[17/11/2007|08:03] C:\Program Files\Online Services
[06/02/2008|12:22] C:\Program Files\OpenOffice.org 2.0
[13/01/2008|21:42] C:\Program Files\OpenSource Flash Video Splitter
[08/01/2008|20:07] C:\Program Files\orange
[21/08/2008|14:56] C:\Program Files\Outlook Express
[16/06/2008|19:51] C:\Program Files\PhotoFiltre
[07/01/2008|02:10] C:\Program Files\Picasa2
[17/08/2008|18:32] C:\Program Files\Power Video Downloader
[28/07/2008|22:20] C:\Program Files\QuickTime
[02/06/2008|08:46] C:\Program Files\ratDVD
[13/01/2008|21:42] C:\Program Files\RealMedia
[18/09/2008|00:41] C:\Program Files\RogueRemover FREE
[12/09/2008|09:10] C:\Program Files\Safari
[24/12/2007|08:16] C:\Program Files\Samsung
[14/09/2008|15:47] C:\Program Files\SAV
[18/03/2008|18:46] C:\Program Files\SdLL
[20/09/2008|10:21] C:\Program Files\SecureExpertCleaner
[17/11/2007|13:48] C:\Program Files\Securitoo
[17/11/2007|08:06] C:\Program Files\Services en ligne
[13/01/2008|21:42] C:\Program Files\SHOUTcast Source
[11/09/2008|18:50] C:\Program Files\SlySoft
[22/09/2008|20:33] C:\Program Files\Stardock
[23/11/2007|21:11] C:\Program Files\SuperCopier2
[22/03/2008|10:25] C:\Program Files\Symantec
[17/06/2008|23:08] C:\Program Files\THQ
[15/09/2008|18:56] C:\Program Files\TimeAdjuster
[15/09/2008|14:44] C:\Program Files\ToniArts
[14/09/2008|12:39] C:\Program Files\Transcend Utility
[14/09/2008|17:16] C:\Program Files\Trend Micro
[17/11/2007|08:13] C:\Program Files\Uninstall Information
[19/03/2008|10:38] C:\Program Files\URUSoft
[28/07/2008|22:20] C:\Program Files\vanBasco's Karaoke Player
[03/12/2007|19:14] C:\Program Files\VideoLAN
[09/04/2008|17:54] C:\Program Files\Windows Live
[17/11/2007|14:24] C:\Program Files\Windows Live Favorites
[28/07/2008|22:20] C:\Program Files\Windows Live Toolbar
[28/07/2008|22:20] C:\Program Files\Windows Media Connect 2
[28/08/2008|18:45] C:\Program Files\Windows Media Player
[17/11/2007|08:02] C:\Program Files\Windows NT
[17/11/2007|08:06] C:\Program Files\WindowsUpdate
[27/11/2007|13:50] C:\Program Files\WinRAR
[17/11/2007|08:07] C:\Program Files\xerox
[04/09/2008|19:00] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|11:24] C:\Program Files\Fichiers communs\Adobe
[17/09/2008|18:27] C:\Program Files\Fichiers communs\Ahead
[16/07/2008|23:51] C:\Program Files\Fichiers communs\Apple
[18/06/2008|14:08] C:\Program Files\Fichiers communs\AVSMedia
[21/11/2007|10:38] C:\Program Files\Fichiers communs\DESIGNER
[17/07/2008|18:16] C:\Program Files\Fichiers communs\EBP
[10/12/2007|17:14] C:\Program Files\Fichiers communs\Hewlett-Packard
[17/11/2007|08:34] C:\Program Files\Fichiers communs\InstallShield
[05/12/2007|09:56] C:\Program Files\Fichiers communs\Java
[18/11/2007|17:02] C:\Program Files\Fichiers communs\Look312P
[07/08/2008|07:30] C:\Program Files\Fichiers communs\Microsoft Shared
[17/11/2007|08:04] C:\Program Files\Fichiers communs\MSSoap
[13/09/2008|12:55] C:\Program Files\Fichiers communs\Oberon Media
[17/11/2007|10:53] C:\Program Files\Fichiers communs\ODBC
[17/11/2007|08:04] C:\Program Files\Fichiers communs\Services
[17/11/2007|10:53] C:\Program Files\Fichiers communs\SpeechEngines
[22/09/2008|20:33] C:\Program Files\Fichiers communs\Stardock
[22/03/2008|10:26] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|14:56] C:\Program Files\Fichiers communs\System
[17/11/2007|14:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 45 Processes )

IEXPLORE.EXE ~ [PID:2980]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\SALOM~1\Cookies\salomé@advertising[2].txt
C:\DOCUME~1\SALOM~1\Cookies\salomé@adopt.euroclick[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 18:24:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner

Aucune autre infection trouvée !

[F:47][D:8]-> C:\DOCUME~1\SALOM~1\LOCALS~1\Temp
[F:92][D:0]-> C:\DOCUME~1\SALOM~1\Cookies
[F:190][D:4]-> C:\DOCUME~1\SALOM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/09/2008|12:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 19/09/2008|22:15 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 24/09/2008|18:25 - Option : [1]

--------------------\\ Fin du rapport a 18:25:15
0
Réponse 44 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

fais exactement ceci :

supprime Combofix qui est sur ton Bureau (clic droit et supprimer)

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

_____________

Télécharge OAD en cliquant sur ce lien http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 53
lauri24
 
re,

ComboFix 08-09-16.01 - salomé 2008-09-24 19:42:10.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1308 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\salomé\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.

2008-09-22 20:33 . 2008-09-22 20:33 <REP> d----c--- C:\Program Files\Stardock
2008-09-22 20:33 . 2008-09-22 20:33 <REP> d----c--- C:\Program Files\Fichiers communs\Stardock
2008-09-20 22:28 . 2008-09-20 22:28 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\vlc
2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomÚ
2008-09-19 11:56 . 2008-09-24 18:25 <REP> d----c--- C:\Lop SD
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 23:38 . 2008-09-18 00:29 <REP> d----c--- C:\ToolBar SD
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:01 . 2008-09-15 20:10 <REP> d----c--- C:\Program Files\Navilog1
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-15 19:19 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Logs
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 17:13 . 2008-09-15 17:13 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Apple Computer
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-14 17:16 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-15 17:17 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 16:39 --------- dc----w C:\Documents and Settings\salomé\Application Data\MEGAUPLOADTOOLBAR
2008-09-23 09:46 --------- dc----w C:\Program Files\iTunes
2008-09-17 15:27 --------- dc----w C:\Program Files\Fichiers communs\Ahead
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\OpenOffice.org2
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\MSNInstaller
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\ATI
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Megaupload
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Media Player Classic
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Malwarebytes
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\EBP
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\DivX
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Ahead
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-09-04 16:00 --------- dc----w C:\Program Files\Zylom Games
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Zylom
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-11 08:54 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 -c--a-w C:\WINDOWS\system32\wmpeffects.dll
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_10.34.40.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-23 11:31:06 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\AJAGUIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

C:\Documents and Settings\salom‚\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-09-22 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\salomé\Application Data\Mozilla\Firefox\Profiles\264oujqh.default\
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 19:44:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Heure de fin: 2008-09-24 19:46:04
ComboFix-quarantined-files.txt 2008-09-24 16:45:05
ComboFix2.txt 2008-09-21 18:57:25
ComboFix3.txt 2008-09-21 13:52:19
ComboFix4.txt 2008-09-20 19:15:56
ComboFix5.txt 2008-09-24 16:41:58

Avant-CF: 3,541,344,256 octets libres
AprŠs-CF: 3,545,456,640 octets libres

236

ps : impossible de telecharger OAV il y a un virus à l'interieur
0
Réponse 46 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu n'as pas fait ce que j'ai demandé avec Combofix.

Recommence.
0
Réponse 47 / 53
lauri24
 
si j' ai bien fait ce que tu m'as dit c'est a dire supprimer combofix du bureau et le réinstallé sur le bureau
0
Réponse 48 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on va faire comme ça :

* Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.

http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

* Clique sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

Ensuite,

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 49 / 53
lauri24
 
bonjour;

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\salomé\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\salomé\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\salomé\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\salomé\Mes documents\hijackthis.log: trouvé !
C:\Documents and Settings\salomé\Mes documents\Mes documents\Mes téléchargements\HJTInstall.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\salomé\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\salomé\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\salomé\Mes documents\Mes documents\Mes téléchargements\HJTInstall.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\salomé\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\salomé\Mes documents\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

ComboFix 08-09-16.01 - salomé 2008-09-25 17:50:06.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1355 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\salomé\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.

2008-09-25 17:11 . 2008-09-25 17:11 <REP> d----c--- C:\Program Files\BillardGL 1.75
2008-09-25 17:07 . 2008-09-25 17:07 <REP> d----c--- C:\Program Files\Neoact
2008-09-25 17:07 . 2007-02-05 13:11 139,264 --a--c--- C:\WINDOWS\NeoUninstall.exe
2008-09-25 17:07 . 2008-09-25 17:15 26 --a--c--- C:\WINDOWS\neosetup.INI
2008-09-22 20:33 . 2008-09-22 20:33 <REP> d----c--- C:\Program Files\Stardock
2008-09-22 20:33 . 2008-09-22 20:33 <REP> d----c--- C:\Program Files\Fichiers communs\Stardock
2008-09-20 22:28 . 2008-09-20 22:28 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\vlc
2008-09-20 10:53 . 2008-09-20 10:53 <REP> d----c--- C:\Program Files\7-Zip
2008-09-20 10:35 . 2008-09-20 10:35 <REP> d----c--- C:\Documents and Settings\salomÚ
2008-09-18 00:41 . 2008-09-18 00:41 <REP> d----c--- C:\Program Files\RogueRemover FREE
2008-09-18 00:36 . 2008-09-18 00:41 <REP> d----c--- C:\rogue remover
2008-09-17 23:39 . 2008-09-18 00:28 2,330 --a--c--- C:\Documents and Settings\Orph.egd
2008-09-17 18:27 . 2004-07-26 16:16 1,568,768 -----c--- C:\WINDOWS\system32\ImagX7.dll
2008-09-17 18:27 . 2004-07-26 16:16 476,320 -----c--- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-17 18:27 . 2004-07-26 16:16 471,040 -----c--- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-17 18:27 . 2004-07-09 08:43 364,544 -----c--- C:\WINDOWS\system32\TwnLib4.dll
2008-09-17 18:27 . 2004-07-26 16:16 262,144 -----c--- C:\WINDOWS\system32\ImagXR7.dll
2008-09-17 18:27 . 2005-09-01 11:03 127,488 -----c--- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-17 18:27 . 2005-09-01 11:03 5,888 -----c--- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-17 18:16 . 2008-09-18 00:25 <REP> d----c--- C:\Program Files\AskTBar
2008-09-16 16:32 . 2008-09-16 16:32 <REP> d----c--- C:\rsit
2008-09-15 22:20 . 2008-09-15 22:20 <REP> d----c--- C:\Program Files\MagicDVDRipper
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 20:42 . 2008-09-20 17:52 <REP> d----c--- C:\Documents and Settings\salomé\Contacts
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-21 07:24 <REP> d----c--- C:\Documents and Settings\salomé\Download
2008-09-15 19:19 . 2008-09-15 19:19 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Logs
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:10 . 2008-09-21 07:16 23,262 --a--c--- C:\Documents and Settings\salomé\base.dat
2008-09-15 19:07 . 2008-09-15 19:50 11,935 --a--c--- C:\Documents and Settings\AJAGUIN\base.dat
2008-09-15 18:56 . 2008-09-15 18:56 <REP> d----c--- C:\Program Files\TimeAdjuster
2008-09-15 18:52 . 2008-09-15 18:52 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Logs
2008-09-15 17:13 . 2008-09-24 20:07 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Apple Computer
2008-09-15 14:44 . 2008-09-15 14:44 <REP> d----c--- C:\Program Files\ToniArts
2008-09-15 13:18 . 2008-09-20 10:21 <REP> d----c--- C:\Program Files\SecureExpertCleaner
2008-09-15 13:18 . 2008-09-15 13:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\SEC
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Software Licensors
2008-09-15 13:11 . 2008-09-15 13:11 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\services
2008-09-15 12:59 . 2008-09-15 12:59 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-14 20:54 . 2008-09-14 20:54 118 --a--c--- C:\WINDOWS\system32\MRT.INI
2008-09-14 19:04 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 19:04 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 17:16 . 2008-09-25 17:42 <REP> d----c--- C:\Program Files\Trend Micro
2008-09-14 15:47 . 2008-09-14 15:47 <REP> d----c--- C:\Program Files\SAV
2008-09-14 12:39 . 2008-09-14 12:39 <REP> d----c--- C:\Program Files\Transcend Utility
2008-09-13 16:47 . 2008-09-13 16:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-09-13 12:55 . 2008-09-13 12:55 <REP> d----c--- C:\Program Files\Fichiers communs\Oberon Media
2008-09-12 09:10 . 2008-09-12 09:10 <REP> d----c--- C:\Program Files\Safari
2008-09-11 16:31 . 2008-09-11 16:32 <REP> d----c--- C:\Program Files\DVD Shrink
2008-09-10 06:45 . 2008-09-15 17:17 <REP> d----c--- C:\Documents and Settings\salomé\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 <REP> d----c--- C:\Documents and Settings\AJAGUIN\Application Data\Comptabilité
2008-09-10 06:45 . 2008-09-11 16:38 1,536 --a--c--- C:\MKDEWE.TRN
2008-09-10 06:44 . 1998-02-03 12:48 818,688 --a--c--- C:\WINDOWS\system32\VCF132.OCX
2008-09-10 06:44 . 1996-10-07 19:22 320,512 --a--c--- C:\WINDOWS\system32\W32MKDE.EXE
2008-09-10 06:44 . 1996-09-24 16:40 110,080 --a--c--- C:\WINDOWS\system32\W32MKRC.DLL
2008-09-10 06:44 . 1998-03-13 17:02 68,096 --a--c--- C:\WINDOWS\system32\Wbtrv32.dll
2008-09-10 06:44 . 1998-02-10 21:59 43,008 --a--c--- C:\WINDOWS\system32\W32BTICM.DLL
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Program Files\DVD X Studios
2008-09-08 17:01 . 2008-09-08 17:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-09-03 16:20 . 2008-09-03 16:20 <REP> d----c--- C:\SYSTEM.SAV
2008-08-31 23:32 . 2008-08-31 23:32 14 --a--c--- C:\WINDOWS\system32\SystemInfo32.sys
2008-08-27 16:32 . 2008-06-23 19:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 16:32 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 16:32 . 2007-03-08 08:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 16:32 . 2008-06-23 19:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 16:32 . 2008-06-23 19:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 16:32 . 2008-06-23 19:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 16:32 . 2008-06-23 19:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 16:32 . 2008-06-23 19:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 16:32 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 14:46 --------- dc----w C:\Documents and Settings\salomé\Application Data\MEGAUPLOADTOOLBAR
2008-09-23 09:46 --------- dc----w C:\Program Files\iTunes
2008-09-17 15:27 --------- dc----w C:\Program Files\Fichiers communs\Ahead
2008-09-17 15:27 --------- dc----w C:\Program Files\Ahead
2008-09-15 16:08 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\MegauploadToolbar
2008-09-15 14:47 --------- dc----w C:\Program Files\DivX
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\OpenOffice.org2
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\MSNInstaller
2008-09-15 14:18 --------- dc----w C:\Documents and Settings\salomé\Application Data\ATI
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Megaupload
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Media Player Classic
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Malwarebytes
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\EBP
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\DivX
2008-09-15 14:17 --------- dc----w C:\Documents and Settings\salomé\Application Data\Ahead
2008-09-15 11:44 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-14 14:52 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 12:52 47,360 -c--a-w C:\Documents and Settings\AJAGUIN\Application Data\pcouffin.sys
2008-09-14 12:52 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Vso
2008-09-14 09:32 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-13 09:56 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Gamelab
2008-09-12 06:23 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Apple Computer
2008-09-11 16:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 15:50 --------- dc----w C:\Program Files\SlySoft
2008-09-06 15:45 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\dvdcss
2008-09-04 16:00 --------- dc----w C:\Program Files\Zylom Games
2008-08-31 08:24 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-20 18:51 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\Zylom
2008-08-17 15:42 --------- dc----w C:\Program Files\FDRLab
2008-08-17 15:32 --------- dc----w C:\Program Files\Power Video Downloader
2008-08-13 14:09 --------- dc----w C:\Documents and Settings\AJAGUIN\Application Data\32 Math Corn
2008-08-13 12:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 13:14 --------- dc----w C:\Program Files\Apple Software Update
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-28 19:20 --------- dc----w C:\Program Files\Windows Live Toolbar
2008-07-28 19:20 --------- dc----w C:\Program Files\vanBasco's Karaoke Player
2008-07-28 19:20 --------- dc----w C:\Program Files\QuickTime
2008-07-28 19:20 --------- dc----w C:\Program Files\FlashGet
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-11 08:54 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 20:31 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-04 07:11 3,532 -c--a-w C:\drmHeader.bin
2008-04-24 09:34 1,710 -c--a-w C:\Documents and Settings\AJAGUIN\afrnsj.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\lnxfrx.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\krdjwh.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\fbjafd.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\cdszkz.exe
2008-04-24 09:34 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\byyxdt.exe
2008-04-24 09:32 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\gjckmu.exe
2008-04-24 09:17 1,220 -c--a-w C:\Documents and Settings\AJAGUIN\ivanqf.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\AJAGUIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

C:\Documents and Settings\salom‚\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]
Sommaire de OneNote.onetoc2 [2008-09-24 3656]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-09-22 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\autre\\Nouveau dossier\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56967:TCP"= 56967:TCP:Pando P2P TCP Listening Port
"56967:UDP"= 56967:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\salomé\Application Data\Mozilla\Firefox\Profiles\264oujqh.default\
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 17:50:22
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SALOM~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Heure de fin: 2008-09-25 17:52:39
ComboFix-quarantined-files.txt 2008-09-25 14:52:28

Avant-CF: 3,433,558,016 octets libres
AprŠs-CF: 3,433,680,896 octets libres

227
0
Réponse 50 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu as un problème de suppression de Combofix.

Ouvre l'explorateur Windows, cherche :

C:\Documents and Settings\salomé\Bureau\ComboFix.exe

Fais un clic droit dessus et choisis Supprimer.

Fais redémarrer l'ordi et vérifie que le fichier est bien parti.

Donne moi le résultat.
0
Réponse 51 / 53
lauri24
 
bonsoir,
oui combofix a bien été supprimer de mon ordi
0
Réponse 52 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

alors on recommence :

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 53 / 53
lauri24
 
bonjour,

pour le moment je ne pourrai pas le faire on m'as couper internet mais rendez vous la semaine prochaine ce sera régler. merci de ta patience
0

Discussions similaires

Logiciel skillkorp
Mae -
txiki -

1 réponse