Malware impossible à enlever

Aldebaran33 Messages postés 28 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,

Depuis quelques temps j'ai 3 malwares sur mon ordi détectés par le logiciel antimalwares mais ils n'arrivent pas à les supprimer. J'ai également essayé avec combifix. A la fin du nettoyage il me dit qu'il a supprimé le fichier infecté ainsi que les 2 clés mais je les retrouve au démarrage suivant. J'ai voulu utilisé combofix en mode sans échec mais je ne retrouve pas le fichier permettant d'éxécuter la commande. J'ai juste pu l'utilisé en mode diagnostic, je ne sais pas si c'est aussi efficace.
En tout cas je commence en avoir marre de ces 3 malwares sur mon ordi.

Quelqu'un pourrait il m'aider ?

D'avance merci.
Configuration: Windows XP
Internet Explorer 7.0

32 réponses

  • 1
  • 2
  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    ▶ Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

    ▶ Télécharge hijackthis et enregistre le fichier d'installation sur ton bureau.

    ▶ Ensuite double-cliques sur le fichier d'installation puis sur "exécuter".

    ▶ Cliques sur "Install" en vérifiant que le chemin d'installation est bien dans tes programmes et puis sur "I Accept".

    ▶ Cliques sur "Do a system scan and save a logfile".

    ▶ Laisse l'analyse se terminer jusqu'à l'apparition du rapport dans le bloc note.

    ▶ Ensuite fais un copié/collé du rapport dans ta prochaine réponse sur le forum

    Comment copier/coller le rapport :

    Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

    ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
    0
  2. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:40, on 16/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Documents and Settings\o\Bureau\Crazy Browser.exe
    C:\Documents and Settings\o\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [combofix] \ /c C:\ComboFix\Combobatch.bat
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: www.google.fr
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.141 86.64.145.141
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Pourrais tu poster le rapport de malwarebytes stp ??
    0
  4. Aldebaran33 Messages postés 28 Statut Membre
     
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1400
    Windows 5.1.2600 Service Pack 3

    16/11/2008 12:29:38
    mbam-log-2008-11-16 (12-29-35).txt

    Type de recherche: Examen rapide
    Eléments examinés: 1908
    Temps écoulé: 20 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> No action taken.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    vas vider la quarantaine de malwarebytes et fais une analyse complete stp
    0
  7. Aldebaran33 Messages postés 28 Statut Membre
     
    rocessus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvcpuu (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\hklqwl.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\o\Local Settings\temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    quels sont les fichiers que tu retrouves à chaques fois au redémarrage de ton PC ??
    0
  9. Aldebaran33 Messages postés 28 Statut Membre
     
    Je retrouve le fichier onxyikd.dll alors que l'anti malware me dit que c'est un trojan.
    Quand je fais un log il me dit que c'est un programme inconnu. Je ne peux le supprimer manuellement car il me dit que mon disque est plein ou protégé en écriture.
    Il est est présent également dans deux clés.
    J'ai refait un nouvel examen complet avec comme résultat les 3 elements nuisibles que j'ai toujours.( tout a l'heure j'avais des 12 malwares mais les 9 autres n'étaient pas prévu et j'ai pu les supprimer normalement).
    Voici le rapport:

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> No action taken.
    0
  10. naruto
     
    telecharge le prog (malware anti malware ou encore spybot)
    0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Est ce que tu acceptes le redémarrage du PC pour terminer la suppression de malwarebytes ??
    0
  12. Aldebaran33 Messages postés 28 Statut Membre
     
    Bien entendu j'accepte le redémmarage du PC après avoir supprimé les trojans je refais un scan et je me retrouve avec les 3 malwares à nouveau.
    0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Télécharger l'utilitaire FixVundo (Symantec)

    ▶ Lancer "FixVundo" en double-cliquant sur son icône.

    ▶ Démarrer l'analyse en Cliquant sur "Start".

    ▶ A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.

    ▶ copier/coller le rapport dans le nouveau message sur le forum
    0
  14. Séb71530 Messages postés 4 Statut Membre
     
    salut geoffrey5

    J etais en ligne avec toi le 12/11 mais plus de nouvelles car j ai pas pu repondre dans la mem journée. Peut tu ma aider j ai fait un post intitulé "trojan agent et plus de connexion internet"
    Merci...(je desespere!!!)
    0
  15. Aldebaran33 Messages postés 28 Statut Membre
     
    Le scan s'est terminé en me disant qu'il n'y avait pas trouvé de virus. Il n'y a rien dans le rapport de plus.

    Qu"est que je vais pouvoir faire de plus ?
    0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Télécharge sur le bureau Virtumundobegone

    ▶ déconnecte internet et désactive ton antivirus le temps de la manipulation

    => Double clic sur VirtumundoBeGone.exe

    => Clic Continue ==> clic Start

    => Clic Oui

    => A la fin si Vundo est présent , le PC s’éteint et redémarre

    ▶ Si Ecran bleu et message : Erreur fatale .. pas de problème

    => Poste le rapport VBG.TXT qui est sur le bureau
    0
  17. Aldebaran33 Messages postés 28 Statut Membre
     
    J'avais deja utilisé ce logiciel, je les refait voila le rapport, l'ordinateur ne s'est pas éteint il détecte quand mon fichier.

    11/15/2008, 23:32:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
    [11/15/2008, 23:33:07] - User choose NOT to continue. Exiting...

    [11/16/2008, 8:09:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
    [11/16/2008, 8:09:24] - Detected System Information:
    [11/16/2008, 8:09:24] - Windows Version: 5.1.2600, Service Pack 3
    [11/16/2008, 8:09:24] - Current Username: o (Admin)
    [11/16/2008, 8:09:24] - Windows is in NORMAL mode.
    [11/16/2008, 8:09:24] - Searching for Browser Helper Objects:
    [11/16/2008, 8:09:24] - BHO 1: {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} ()
    [11/16/2008, 8:09:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/16/2008, 8:09:24] - Checking for HKLM\...\Winlogon\Notify\onxyikd
    [11/16/2008, 8:09:24] - Key not found: HKLM\...\Winlogon\Notify\onxyikd, continuing.
    [11/16/2008, 8:09:24] - Finished Searching Browser Helper Objects
    [11/16/2008, 8:09:24] - Finishing up...
    [11/16/2008, 8:09:24] - Nothing found! Exiting...

    [11/16/2008, 18:13:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
    [11/16/2008, 18:13:52] - Detected System Information:
    [11/16/2008, 18:13:52] - Windows Version: 5.1.2600, Service Pack 3
    [11/16/2008, 18:13:52] - Current Username: o (Admin)
    [11/16/2008, 18:13:52] - Windows is in NORMAL mode.
    [11/16/2008, 18:13:52] - Searching for Browser Helper Objects:
    [11/16/2008, 18:13:52] - BHO 1: {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} ()
    [11/16/2008, 18:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/16/2008, 18:13:52] - Checking for HKLM\...\Winlogon\Notify\onxyikd
    [11/16/2008, 18:13:52] - Key not found: HKLM\...\Winlogon\Notify\onxyikd, continuing.
    [11/16/2008, 18:13:52] - Finished Searching Browser Helper Objects
    [11/16/2008, 18:13:52] - Finishing up...
    [11/16/2008, 18:13:52] - Nothing found! Exiting...
    0
  18. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    refais une analyse avec combofix et poste le rapport stp
    0
  19. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport:

    ComboFix 08-11-12.01 - o 2008-11-16 18:25:04.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.225 [GMT 1:00]
    Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
    2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
    2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
    2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
    2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
    2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
    2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
    2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
    2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
    2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
    2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
    2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
    2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
    2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
    2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
    2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
    2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
    2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
    2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
    2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
    2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
    2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
    2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
    2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
    2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
    2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
    2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
    2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
    2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
    2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
    2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
    2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
    2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
    2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
    2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
    2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
    2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
    2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 10:45 --------- d-----w c:\program files\Logitech
    2008-10-26 09:46 --------- d-----w c:\program files\Creative
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
    2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
    2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
    2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
    2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
    2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
    2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
    2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
    2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
    2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
    2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
    2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
    2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
    2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
    2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
    2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
    2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
    2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
    2008-09-28 17:12 --------- d-----w c:\program files\AVG
    2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
    2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
    2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
    2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
    2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
    2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
    2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
    2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
    2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
    2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
    2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
    "AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymAppCore"=2 (0x2)
    "Symantec Core LC"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla\\FileZilla.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
    "80:TCP"= 80:TCP:@xpsp2res.dll,-22009
    "36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
    "8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
    "28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
    "34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
    "33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
    "46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
    "10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
    "5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
    "36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
    "42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
    "32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
    "56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
    "38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
    "57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
    "7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
    "16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
    "57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
    "38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
    "44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
    "43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
    "27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
    "58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
    "64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
    "36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
    "29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
    "14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
    "49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
    "23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
    "5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
    "41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
    "40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
    "9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
    "46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
    "7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
    "64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
    "16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
    "38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
    "1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
    "31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
    "24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
    "42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
    "16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
    "24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
    "15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
    "28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
    "25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
    "12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
    "28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
    "22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
    "8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
    "32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
    "46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
    "41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
    "2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
    "9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
    "29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
    "8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
    "47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
    "42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
    "19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
    "61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
    "12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
    "35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
    "1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
    "8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
    "27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
    "5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
    R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
    R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
    R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
    R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
    R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
    S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
    S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
    S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    \Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
    \Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
    \Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

    2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
    FF -: plugin - c:\documents and settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 18:30:03
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\DrvTrNTl.dll
    .
    Heure de fin: 2008-11-16 18:34:10
    ComboFix-quarantined-files.txt 2008-11-16 17:33:44
    ComboFix2.txt 2008-11-13 21:31:00
    ComboFix3.txt 2008-09-29 19:32:26
    ComboFix4.txt 2008-09-28 16:38:18

    Avant-CF: 103 201 234 944 octets libres
    Après-CF: 103,324,852,224 octets libres

    388 --- E O F --- 2008-11-12 23:39:56
    0
  20. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport:

    ComboFix 08-11-12.01 - o 2008-11-16 18:25:04.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.225 [GMT 1:00]
    Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
    2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
    2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
    2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
    2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
    2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
    2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
    2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
    2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
    2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
    2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
    2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
    2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
    2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
    2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
    2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
    2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
    2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
    2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
    2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
    2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
    2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
    2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
    2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
    2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
    2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
    2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
    2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
    2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
    2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
    2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
    2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
    2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
    2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
    2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
    2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
    2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
    2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 10:45 --------- d-----w c:\program files\Logitech
    2008-10-26 09:46 --------- d-----w c:\program files\Creative
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
    2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
    2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
    2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
    2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
    2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
    2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
    2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
    2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
    2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
    2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
    2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
    2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
    2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
    2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
    2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
    2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
    2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
    2008-09-28 17:12 --------- d-----w c:\program files\AVG
    2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
    2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
    2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
    2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
    2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
    2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
    2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
    2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
    2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
    2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
    2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
    "AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymAppCore"=2 (0x2)
    "Symantec Core LC"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla\\FileZilla.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
    "80:TCP"= 80:TCP:@xpsp2res.dll,-22009
    "36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
    "8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
    "28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
    "34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
    "33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
    "46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
    "10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
    "5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
    "36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
    "42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
    "32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
    "56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
    "38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
    "57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
    "7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
    "16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
    "57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
    "38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
    "44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
    "43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
    "27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
    "58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
    "64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
    "36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
    "29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
    "14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
    "49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
    "23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
    "5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
    "41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
    "40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
    "9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
    "46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
    "7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
    "64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
    "16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
    "38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
    "1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
    "31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
    "24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
    "42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
    "16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
    "24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
    "15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
    "28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
    "25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
    "12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
    "28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
    "22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
    "8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
    "32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
    "46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
    "41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
    "2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
    "9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
    "29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
    "8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
    "47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
    "42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
    "19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
    "61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
    "12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
    "35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
    "1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
    "8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
    "27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
    "5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
    R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
    R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
    R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
    R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
    R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
    S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
    S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
    S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    \Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
    \Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
    \Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

    2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
    FF -: plugin - c:\documents and settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
    FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 18:30:03
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\DrvTrNTl.dll
    .
    Heure de fin: 2008-11-16 18:34:10
    ComboFix-quarantined-files.txt 2008-11-16 17:33:44
    ComboFix2.txt 2008-11-13 21:31:00
    ComboFix3.txt 2008-09-29 19:32:26
    ComboFix4.txt 2008-09-28 16:38:18

    Avant-CF: 103 201 234 944 octets libres
    Après-CF: 103,324,852,224 octets libres

    388 --- E O F --- 2008-11-12 23:39:56
    0
  21. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Copie le texte en gras ci-dessous :

    File::
    c:\windows\system32\onxyikd.dll

    Folder::

    Registry::


    ▶ Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    ▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

    ▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    ▶ Cela va relancer Combofix,

    ▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    ▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    ▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    ▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  • 1
  • 2