viirtumonde récurent...Fermé

Question

Bonjour,

virtumonde semble s'accrocher à ma bécane. impossible a détecter avec vundo, mais pourtant kaspersky me le signale a chaque démarrage...
ci-joint le denier hijackthis...

je me pose la question à savoir serait-ce un autre virus portant le nom virtumonde mais qui serait différent, sachant que j'ai suivi diverses oprion d'élimination et que celles-ci n'ont rien donné?

autrement la bécane fonctionne à peu près normalement...

kelkun aurait-il une idée ?

merci a tous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:56, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Documents and Settings\lorrant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\OO Software\DriveLED\oodled.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ooccctrl.exe] "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [4c7a0290] rundll32.exe "C:\WINDOWS\system32\fimyfwmf.dll",b
O4 - HKLM\..\Run: [BM4f49310c] Rundll32.exe "C:\WINDOWS\system32\hrioygos.dll",s
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lorrant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriveLED] "C:\Program Files\OO Software\DriveLED\oodled.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir avec ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_fre.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - 
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O18 - Protocol: bw+0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw+0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw-0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw-0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw00 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw00s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw10 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw10s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw20 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw20s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw30 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw30s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw40 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw40s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw50 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw50s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw60 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw60s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw70 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw70s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw80 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw80s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw90 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bw90s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwa0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwa0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwb0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwb0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwc0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwc0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwd0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwd0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwe0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwe0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwf0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwf0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwg0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwh0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwh0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwi0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwi0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwj0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwj0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwk0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwk0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwl0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwl0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwm0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwm0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwn0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwn0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwo0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwo0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwp0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwp0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwq0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwq0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwr0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwr0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bws0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bws0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwt0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwt0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwu0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwu0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwv0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwv0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bww0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bww0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwx0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwx0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwy0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwy0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwz0 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: bwz0s - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: offline-8876480 - {AC86460A-A87A-46E9-8DA1-8AB1D7AA6F2E} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll acaptuser32.dll c:\progra~1\google\google~3\goec62~1.dll gbllyj.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Apprendre InDesign CS2 Drivers Auto Removal (pr2amleb) (pr2amleb) - telechargement.fr - C:\WINDOWS\system32\pr2amleb.exe
O23 - Service: Apprendre Illustrator CS2 Drivers Auto Removal (pr2amlnb) (pr2amlnb) - telechargement.fr - C:\WINDOWS\system32\pr2amlnb.exe
O23 - Service: Apprendre Photoshop LightRoom Drivers Auto Removal (pr2apmlb) (pr2apmlb) - telechargement.fr - C:\WINDOWS\system32\pr2apmlb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

anthony5151 · Answer

Bonjour,


En effet ton est infecté.

Télécharge et installe Malwarebytes' Anti-Malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée 
- Lance MBAM, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle

Lance MBAM 
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen" 
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection 
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

cervino · Answer

hello Anthony,

merci pour ton aide... ci-joint le rapport.
ceci semble indiquer que ce virus a été neutralisé.
merci de me confirmer...

cordialement


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1190
Windows 5.1.2600 Service Pack 2

22/09/2008 12:50:56
mbam-log-2008-09-22 (12-50-56).txt

Type de recherche: Examen complet (C:\|D:\|E:\|L:\|O:\|S:\|)
Eléments examinés: 255967
Temps écoulé: 2 hour(s), 25 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\WinRAR\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4f49310c.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4f49310c.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

anthony5151 · Answer

Non MalwareBytes n'a pas fini le nettoyage, il reste des fichiers infectés.


On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... 

Fais exactement ce qui suit : 

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- 
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! 

Dans ton cas, il s'agit de Kaspersky et de SUPERAntiSpyware.

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre... 

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 
--------------------------------------------------------------------------------------------------------------------------------- 

Ensuite : 

Double-clique sur C-Fix.exe (= combofix.exe ) . 

Appuie sur une touche pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp












Toujours avec toutes les protections désactivées, fais ceci :

Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File:: 
C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
C:\WINDOWS\system32\aljmhaufwigrngt.dll
C:\WINDOWS\system32\gtskdpplyz.exe

Folder:: 
C:\WINDOWS\Qm9vbXNjdWQ
C:\Temp\mtc2
C:\WINDOWS\system32\mC19

Registry:: 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"=-

Driver:: 
Boonty Games

------------------------------------------------------------------

- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes 

·  Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide. 
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal ! 
Ne touche à rien tant que le scan n'est pas terminé. 
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

cervino · Answer

voici le rapport : merci de ton aide ComboFix 08-09-20.05 - lorrant 2008-09-22 15:31:34.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1469 [GMT 2:00] Lancé depuis: C:\Documents and Settings\lorrant\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\lorrant\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs C:\WINDOWS\system32\aljmhaufwigrngt.dll C:\WINDOWS\system32\gtskdpplyz.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\lorrant\Application Data\inst.exe C:\WINDOWS\exefld L:\install.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 )))))))))))))))))))))))))))))))))))) . 2008-09-22 13:45 . C:\Program Files\RescuePROT 2008-09-22 13:45 . 2008-09-22 13:44 286,720 --a--c--- C:\WINDOWS\iun507.exe 2008-09-22 13:35 . 2008-09-22 13:35 d----c--- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-22 13:34 . 2008-09-22 13:34 d----c--- C:\Program Files\Bonjour 2008-09-22 09:53 . 2008-09-22 09:53 d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-22 09:53 . 2008-09-22 09:53 d----c--- C:\Documents and Settings\lorrant\Application Data\Malwarebytes 2008-09-22 09:53 . 2008-09-22 09:53 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-22 09:53 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-22 09:53 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 08:39 . 2008-06-19 17:24 28,544 --a--c--- C:\WINDOWS\system32\drivers\pavboot.sys 2008-09-20 08:38 . 2008-09-20 08:38 d----c--- C:\Program Files\Panda Security 2008-09-19 21:54 . 2008-09-19 21:54 d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-19 21:53 . 2008-09-22 12:59 d----c--- C:\Program Files\SUPERAntiSpyware 2008-09-19 21:53 . 2008-09-22 12:59 d----c--- C:\Documents and Settings\lorrant\Application Data\SUPERAntiSpyware.com 2008-09-19 21:43 . 2008-09-19 21:43 d----c--- C:\VundoFix Backups 2008-09-19 20:09 . 2008-09-19 20:09 d--hs---- C:\found.000 2008-09-19 18:51 . 2008-09-20 13:03 1,124,993 ---hsc--- C:\WINDOWS\system32\fmwfymif.ini 2008-09-19 17:17 . 2008-09-19 17:17 d----c--- C:\Program Files\IsoBuster 2008-09-19 17:17 . 2008-09-19 17:17 d----c--- C:\Program Files\Conduit 2008-09-18 18:47 . 2008-09-19 18:48 1,123,757 ---hsc--- C:\WINDOWS\system32\yttmhppf.ini 2008-09-18 09:08 . 2008-09-18 18:44 1,123,217 ---hsc--- C:\WINDOWS\system32 fgmybmo.ini 2008-09-17 21:16 . 2008-09-18 09:03 1,122,917 ---hsc--- C:\WINDOWS\system32 cmmqbvg.ini 2008-09-17 19:56 . 2008-09-17 19:56 1,122,677 ---hsc--- C:\WINDOWS\system32\kpevmsur.ini 2008-09-14 15:05 . 2008-09-17 19:56 1,122,617 ---hsc--- C:\WINDOWS\system32\gguhccgv.ini 2008-09-13 16:29 . 2008-09-14 15:03 1,078,388 ---hsc--- C:\WINDOWS\system32\fwvxqljs.ini 2008-09-13 16:28 . 2008-09-20 02:51 376,938 --ahsc--- C:\WINDOWS\system32\wwHRBJlm.ini2 2008-09-13 16:28 . 2008-09-20 02:53 376,938 --ahsc--- C:\WINDOWS\system32\wwHRBJlm.ini 2008-09-13 16:20 . 2008-09-17 21:55 d----c--- C:\Documents and Settings\lorrant\Application Data\CheckPoint 2008-09-13 16:15 . 2008-09-17 22:23 d----c--- C:\Program Files\CheckPoint 2008-09-13 16:15 . 2008-09-17 19:45 224 --a--c--- C:\WINDOWS\system32\lkfl.dat 2008-09-13 16:15 . 2008-09-17 21:55 96 --a--c--- C:\WINDOWS\system32\pdfl.dat 2008-09-13 16:15 . 2008-09-13 16:15 80 --a--c--- C:\WINDOWS\system32\ibfl.dat 2008-09-08 13:05 . 2008-09-08 13:05 203,776 --a--c--- C:\WINDOWS\system32\clrviddc.dll 2008-09-08 12:53 . 2008-09-08 12:53 d----c--- C:\Program Files\Fichiers communs\xing shared 2008-09-08 12:52 . 2008-09-08 12:52 d----c--- C:\Program Files\RichFX 2008-09-08 11:33 . 2008-09-22 14:02 d----c--- C:\Program Files\eMule 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts 2008-09-04 12:11 . 2008-09-04 12:22 d----c--- C:\Program Files\Empty Temp Folders 2.8.3 2008-09-02 16:17 . 2008-09-02 16:17 d----c--- C:\Program Files\High-Logic 2008-09-02 15:44 . 2008-09-02 15:45 d----c--- C:\Program Files\XnView 2008-09-02 14:16 . 2008-09-02 14:16 32 --a--c--- C:\WINDOWS\go 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a--c--- C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a--c--- C:\WINDOWS\system32\dnssd.dll 2008-08-25 22:58 . 2008-09-17 22:55 d----c--- C:\Program Files\Trend Micro 2008-08-25 22:58 . 2007-11-27 22:51 35,216 --a--c--- C:\WINDOWS\system32\drivers\TMPassthru.sys 2008-08-22 15:34 . 2008-08-22 15:34 d----c--- C:\Program Files\LuckyTender . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 13:38 5,703,200 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-09-22 13:38 113,071,648 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-22 13:38 --------- dc----w C:\Documents and Settings\lorrant\Application Data\WTablet 2008-09-22 13:34 549,248 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-09-22 13:34 1,532,084 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-22 13:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-09-22 11:45 --------- dc----w C:\Program Files\RescuePRO™ 2008-09-22 11:35 --------- dc----w C:\Program Files\iTunes 2008-09-22 11:34 --------- dc----w C:\Program Files\QuickTime 2008-09-22 11:33 --------- dc----w C:\Program Files\Fichiers communs\Apple 2008-09-22 10:59 --------- dc----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-18 19:02 --------- dc----w C:\Program Files\Google 2008-09-12 08:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-08 10:53 --------- dc----w C:\Program Files\Fichiers communs\Real 2008-09-07 17:40 --------- dc----w C:\Documents and Settings\lorrant\Application Data\Delivery 2008-09-02 18:39 --------- dc----w C:\Program Files\TuneUp Utilities 2008 2008-08-30 16:28 --------- dc----w C:\Program Files\Apple Software Update 2008-08-30 12:42 --------- dc----w C:\Documents and Settings\lorrant\Application Data\Vso 2008-08-25 23:03 0 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdy.DAT 2008-08-25 20:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-08-22 13:31 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-19 16:49 --------- dc----w C:\Program Files\Nikon 2008-08-19 16:49 --------- dc----w C:\Program Files\Fichiers communs\Nikon 2008-08-19 16:47 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ultima_T15 2008-08-19 16:47 --------- dc----w C:\Documents and Settings\All Users\Application Data\EnterNHelp 2008-08-19 16:41 0 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT 2008-08-19 15:51 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT 2008-08-19 15:29 --------- dc----w C:\Documents and Settings\lorrant\Application Data\Nikon 2008-08-19 15:22 0 -c--a-w C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT 2008-08-17 14:29 --------- dc----w C:\Program Files\VirtualDJ 2008-08-14 14:13 --------- dc----w C:\Program Files\IncrediMail 2008-08-14 14:02 96,976 -c--a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-02 14:00 --------- dc----w C:\Documents and Settings\lorrant\Application Data\Apple Computer 2008-08-02 11:29 --------- dc----w C:\Program Files\Java 2008-07-31 14:58 --------- dc----w C:\Program Files\KnockOut 2 2008-07-31 14:58 --------- dc----w C:\Program Files\Corel 2008-07-24 17:23 --------- dc----w C:\Documents and Settings\LocalService\Application Data\Roxio 2008-07-24 16:50 --------- dc----w C:\Program Files\easetech 2008-07-24 16:43 --------- dc----w C:\Documents and Settings\lorrant\Application Data\Media Player Classic 2008-07-24 16:19 --------- dc----w C:\Program Files\Illustrate 2008-07-24 16:19 --------- dc----w C:\Documents and Settings\lorrant\Application Data\AccurateRip 2008-07-24 12:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple 2008-07-24 07:45 87,855 -c--a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-22 13:43 --------- dc----w C:\Program Files\Nokia 2008-07-13 12:11 164 -c--a-w C:\install.dat 2008-06-28 20:17 74,752 -c--a-w C:\WINDOWS\ST6UNST.EXE 2008-06-28 20:17 266,240 -c----w C:\WINDOWS\Setup1.exe 2008-06-04 11:04 30 -c--a-w C:\Program Files\Exiferupdate.ini 2007-09-06 12:42 47,360 -c--a-w C:\Documents and Settings\lorrant\Application Data\pcouffin.sys 2007-06-08 20:41 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT 2008-03-27 00:14 8 -csh--r C:\WINDOWS\system32\E14D740077.sys 2008-06-19 21:45 23 -csha-w C:\WINDOWS\system32\fcaf3_z.dll 2008-04-16 12:08 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll 2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-01-12 10:27 813568 90f25c53c769074eee45ff076b01847a C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll 2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll 2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll 2007-08-20 11:59 815616 73106e5d190e0d0a88d1fed88ba629f2 C:\WINDOWS\system32\wininet.dll 2007-08-20 11:59 815616 73106e5d190e0d0a88d1fed88ba629f2 C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oodishi] @="{14A94384-BBED-47ed-86C0-6BF63FD892D0}" [HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}] 2007-12-14 10:47 111872 --a--c--- C:\Program Files\OO Software\DiskImage\oodishi.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "Google Update"="C:\Documents and Settings\lorrant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "DriveLED"="C:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 293376] "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1190064] "TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 288088] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-09-08 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-28 2512128] "ooccctrl.exe"="C:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 86016] "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1965736] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-18 30192] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 200768] "nwiz"="nwiz.exe" [2006-02-13 C:\WINDOWS\system32 wiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "msacm.l3acm"= L3codecp.acm "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.avrn"= AvidAVICodec.dll "VIDC.mszh"= avimszh.dll "vidc.zlib"= avizlib.dll "vidc.div3"= DivXc32.dll "vidc.div4"= DivXc32f.dll "vidc.ap41"= DivXc32f.dll "vidc.dvx4"= divx4.dll "vidc.em2v"= ETXCodec.dll "vidc.hfyu"= huffyuv.dll "vidc.vp31"= vp31vfw.dll "vidc.sjpg"= pmjpeg32.dll "vidc.rud0"= rududu.dll "msacm.wrpr"= aviwrap.dll "vidc.wrpr"= aviwrap.dll "vidc.wnv1"= WNVPLAY1.DLL "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.advs"= Dvc.dll "vidc.aflc"= flccodec32.dll "vidc.afli"= flccodec32.dll "vidc.aasc"= Aasc32.dll "vidc.asv1"= asusasv1.dll "vidc.asv2"= asusasv2.dll "vidc.vcr1"= ativcr1.dll "vidc.vcr2"= ativcr2.dll "vidc.mwv1"= icmw_32.dll "vidc.bt20"= btvvc32.drv "vidc.y41p"= btvvc32.drv "msacm.pcdv"= pcdv.acm "vidc.cdvc"= CSCCDVC.DLL "vidc.ddvc"= CSCdvsd.DLL "vidc.dps0"= DpsAviCC.dll "MSVideo"= DPSVidCap.drv "vidc.frwu"= frwu.dll "vidc.frwd"= frwd.dll "vidc.frwt"= frwt.dll "vidc.glzw"= GLZW.dll "vidc.gpeg"= GPEG.dll "msacm.imc"= IMC32.ACM "vidc.i263"= i263_32.drv "vidc.ir21"= IR21_R.DLL "vidc.rt21"= IR21_R.DLL "vidc.dcmj"= MCMJPG32.DLL "vidc.dv25"= DigiVCap.dll "vidc.dv50"= DigiVCap.dll "vidc.msmc"= DigiVCap.dll "vidc.mmjp"= DigiVCap.dll "vidc.mmes"= DigiVCap.dll "vidc.vixl"= Miroxl32.dll "vidc.mjpg"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.mj2c"= M3JP2K32.dll "vidc.tvmj"= MMTVMJ.dll "vidc.fljp"= MMTVMJ.dll "vidc.nt00"= NTCodec.dll "vidc.pdvc"= idvcodec.dll "vidc.ipdv"= idvcodec.dll "vidc.pvw2"= pvwv220.dll "vidc.pimj"= pvljpg20.dll "vidc.mjpx"= pvmjpg21.dll "vidc.miro"= mirodv2avi.dll "vidc.mjpa"= rtmjpgcdc.dll "vidc.pim1"= pclepim1.dll "msacm.qmpeg"= qmpeg.acm "vidc.rmp4"= rmp4.dll "vidc.sony"= sonydv.dll "vidc.s422"= tekyuv.dll "vidc.vssv"= vsscodec.dll "vidc.cscd"= camcodec.dll "msacm.fraunhoferacm"= l3codecp.acm "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahN63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "CursorXP"=C:\Program Files\CursorXP\CursorXP.exe "Lyad"=C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart "Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide "SoundMan"=SOUNDMAN.EXE "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ScanSoft PDF Create! 4-reminder"="C:\Program Files\ScanSoft\PDF Create! 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Create\4\Ereg\ereg.ini" "ScanSoft PDF Converter 4-reminder"="C:\Program Files\ScanSoft\PDF Converter 4\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\ereg.ini" "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Converter 4\RegistryController.exe" "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe "gfxtray"=rundll32 ctccw32.dll,findwnd "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start "Device Detector"=DevDetect.exe -autorun "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\IncrediMail\bin\IMApp.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\VSO\PhotoOnWeb\PhotoOnWeb.exe"= "C:\Program Files\VirtualDJ\virtualdj.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"= "C:\Documents and Settings\lorrant\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= R0 oodisr;O&O DiskImage Snapshot/Restore Driver;C:\WINDOWS\system32\DRIVERS\oodisr.sys [2007-12-14 93192] R0 oodisrh;oodisrh;C:\WINDOWS\system32\DRIVERS\oodisrh.sys [2007-12-14 28168] R0 oodivd;O&O DiskImage Virtual Disk Driver;C:\WINDOWS\system32\DRIVERS\oodivd.sys [2007-12-14 127496] R0 oodivdh;oodivdh;C:\WINDOWS\system32\DRIVERS\oodivdh.sys [2007-12-14 26632] R0 OODrvled;OODrvled;C:\WINDOWS\system32\DRIVERS\OODrvled.sys [2005-02-28 15488] R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R0 pe3amleb;Apprendre InDesign CS2 Environment Driver (pe3amleb);C:\WINDOWS\system32\drivers\pe3amleb.sys [2007-08-31 65168] R0 pe3amlnb;Apprendre Illustrator CS2 Environment Driver (pe3amlnb);C:\WINDOWS\system32\drivers\pe3amlnb.sys [2007-08-31 65176] R0 pe3apmlb;Apprendre Photoshop LightRoom Environment Driver (pe3apmlb);C:\WINDOWS\system32\drivers\pe3apmlb.sys [2007-12-05 65184] R0 pf2amleb;Apprendre InDesign CS2 File System Driver (pf2amleb);C:\WINDOWS\system32\drivers\pf2amleb.sys [2007-08-31 83600] R0 pf2amlnb;Apprendre Illustrator CS2 File System Driver (pf2amlnb);C:\WINDOWS\system32\drivers\pf2amlnb.sys [2007-08-31 83608] R0 pf2apmlb;Apprendre Photoshop LightRoom File System Driver (pf2apmlb);C:\WINDOWS\system32\drivers\pf2apmlb.sys [2007-12-05 83616] R0 TwkMs;CHIPDRIVE Mouse Adapter;C:\WINDOWS\system32\drivers\TwkMs.sys [2003-04-24 4828] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 28216] R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] R2 RUBotted;Trend Micro RUBotted Service;C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 517456] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] S0 ciO63;ciO63;C:\WINDOWS\system32\Drivers\ciO63.sys [ ] S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [ ] S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys [ ] S2 pr2amleb;Apprendre InDesign CS2 Drivers Auto Removal (pr2amleb);C:\WINDOWS\system32\pr2amleb.exe svc [ ] S2 pr2amlnb;Apprendre Illustrator CS2 Drivers Auto Removal (pr2amlnb);C:\WINDOWS\system32\pr2amlnb.exe svc [ ] S2 pr2apmlb;Apprendre Photoshop LightRoom Drivers Auto Removal (pr2apmlb);C:\WINDOWS\system32\pr2apmlb.exe svc [ ] S3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;C:\WINDOWS\system32\DRIVERS\TwkUsb2K.sys [2004-09-10 35336] S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-18 30192] S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608] S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-04 355584] S3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;C:\WINDOWS\system32\DRIVERS\TWKSER2K.sys [2004-08-25 185611] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Formation.exe . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file) Toolbar-{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file) ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 15:37:05 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\Program Files\OO Software\DiskImage\oodishi.dll . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\OO Software\CleverCache\ooccag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2008-09-22 16:04:19 - La machine a redémarré [lorrant] ComboFix-quarantined-files.txt 2008-09-22 14:03:44 Avant-CF: 4ÿ504ÿ084ÿ480 octets libres Après-CF: 4,506,136,576 octets libres 412 --- E O F --- 2008-09-12 08:56:45

Viirtumonde récurent...

4 réponses

Discussions similaires

Newsletters