Spyware NTSB investigator...

evinrude1988 -  
 Utilisateur anonyme -
Bonjour,
Voila, j'ai voulu telecharger un generaeur de clé pour Liberty Basic
sauf que qu'il se trouve que s'en etait pas un.
Un logiciel nommé NTSB investigator...... c'est ouvert et c'est installé trés vite sur ma becane.
Depuis, plus de wifi, plus de centre de securité actif, plus de logiciel entivirus, plus d'MSN (c'est un detaille je vous l'acorde), plus de fond d'ecran.
Alors voila, j'espere que vous pourrez m'aider, j'attend vos suggestions, vos commentaire, tout ce que vous voulez je suis un peu désesperé enfaite.
Configuration: Windows Vista Familial Premium SP1
Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut,

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

    -> Double clique sur killbagle.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    Une fois fait, sur ton bureau double-clic sur killbagle.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  2. evinrude1988
     
    Bien, l'analyse est en cour, je poste des que possible,
    lordi a du redemaré à cause de la presence d'un rootkit pour info.
    0
  3. evinrude1988
     
    ComboFix 08-11-30.02 - Evinrude 2008-12-01 19:25:56.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2204 [GMT 1:00]
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Windows Live\Messenger\MsnMsgr.exe
    c:\users\Evinrude\AppData\Roaming\m
    c:\users\Evinrude\AppData\Roaming\m\data.oct
    c:\users\Evinrude\AppData\Roaming\m\flec006.exe
    c:\users\Evinrude\AppData\Roaming\m\list.oct
    c:\users\Evinrude\AppData\Roaming\m\shared\[PC.APP.-.ITA].-.NOD32.2.51.26.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\3D Nebula 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\3D_Ice_Fairies_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Access Password Cracker 2.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Afk_Sudoku_2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Alchemy_Launcher_1.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Anim-FX Flash intros and Flash banners builder 3.5.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Aspose.Words for Reporting Services 1.3.0.0 (Crack).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\AtomicRobot FTP Professional Edition 2.0a.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Avast.Professional.4.7.892.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Babylon_English-English_6.0_[With_Crack].zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Backup_Easy_2.3.04.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Battlefield_1942_CAE_Stunts_mod.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Battlefield_Vietnam_Thin_Red_Line_map.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Birds and Flowers Screensaver 1.0.6.2634.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Bitmap Font Edit 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Canasta_5.0.0.9.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Chrysanth_Email_Notifier_2.3.14.526.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Coherent PDF Command Line Tools 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Compe-GPS_5.7.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\ControlMaster ActiveX Control 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Cool DVD to MOV AVI WMV MP4 iPod MPEG Ripper 5.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\CoolCube_Local_1.6.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\CopyAudioCD.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\cPanel Wizard 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\CutLog_2.16.3327.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\DataToMail_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Desktop Diet 1.31.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\DICOM Randomizer 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Dino_and_Aliens_1.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\DLSuperC--Text Compare with Filters (32-bit) 7.1e.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\DWGgateway_1.0.0.114.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Early Mortgage Payoff 1.06.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Emergence BASIC 1.598.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Excel FTP Software 7.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\eXMaskEdit 1.0.1.2.2134.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Extra DVD Copy Free 4.52.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\EZY Manager 5.4.114.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\File Encryption XP 1.5.111.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\File_Parter_2.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\File_Watcher_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\FlashWAmp 1.0.3.0 [Serial].zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Fox In The Snow Screensaver 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Freemem Pro 5.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\FTP_Client_Engine_for_Visual_Basic_2.6_(Cracked).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Geneforge_2_1.0.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Go2PDF_3.01_Serial.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\GoDiagram_2.5.0_(Crack).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Google Desktop SDK 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\GoogleGet 1.3.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Halftone Search for Google Desktop 1.2.4 Patch.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\HighLightTexts 1.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Hikkup 1.0.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Hotline_Connect_Client_(OS_X)_1.8.5.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\i2R 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\IE_Okapiland_Search_Toolbar_2.6.czip
    c:\users\Evinrude\AppData\Roaming\m\shared\Indianapolis Traffic Cameras 2.0.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Instant_IMtegrity_3.31.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Jing 1.6.8128.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Kafka 0.2.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\KidsSave_1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\LANwriter 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\LaptopAlarm_1.12.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\LinkPartnerMax 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Lipstick_Demo_Screensaver_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\MailBee WebMail Lite PHP 4.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\MassProMailer 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Mermaid0011 ScreenMate 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Meta2ASCII_Conversion_Wizard_1.2_[KeyGen].zip
    c:\users\Evinrude\AppData\Roaming\m\shared\MIDI to WAV Converter 6.0 Build 50.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Mojicon Dispenser 1.0.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\MonitorerX Pro 2.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Mountain_3D_3.1.8_Key+Serial.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\MSDict Oxford French Minidictionary (Pocket PC) 4.30.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Myowncdrom_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Nassau 1.04.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\NDD MovieBank 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Netcraft Toolbar 1.7.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Ninotech Date Edit 4.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\NJStar Chinese Pen 2.10.60218.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\NOD32.v2.51.20.Italiano.+.crack.updated-fixed.09-2006.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\NumberTool_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\NYacad Symbols 4.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Office Key Professional 8.0 build 2514.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Okoker DVD to 3GP Converter 3.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Orange Analog Clock 1.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\PaintBuster 11.8.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\PearBudget_1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\pserv.cpl 2.7.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Quadratic_Equation_Solver_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Quick_Templates_for_Outlook_1.3.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Real_Cut_2D_6.5.1.5_Crack.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Refraction Screensaver 3D 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\RipIt4Me 1.7.1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\RocketReader_8.0.5.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Sax21_2.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\sesame 1.9 (With Crack).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Seven_Kingdoms_II_demo_demo.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Sin_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\sipXphone_2.6.0.27.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Source Code Browser 2.0 (Key).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Spikoscope 20060805.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Spring Forest - Animated Screensaver 5.07.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Star_Trek_Voyager_-_Elite_Force_Scav_source_maps.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\StichShop 1.0 build 3129.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Streaming Stats 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Switch Center Office 1.1.2.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\TableSelector 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Talking_Stocks_3.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\The_Journal_4.1.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\The_Simpler_Way_1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\TicTacIano 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Total Control 2.3.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Trouts_Talking_Internet_Clock_2.3.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Turbo_Editor_3.0.200_With_Crack.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\United States ZIP Code Database (Basic Edition) February 2007 (Cracked).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Warcraft_III_The_Frozen_Throne_Deadlock_map.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Web_Palette_Pro_1.0.0_(Cracked).zip
    c:\users\Evinrude\AppData\Roaming\m\shared\X-Con Spyware Destroyer 3.2.8.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Xingtone Ringtone Maker 4.2.19.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\xPML™ Mobile and Web Developer 1.0.zip
    c:\users\Evinrude\AppData\Roaming\m\shared\Zmei_Mail_Sender_1.15.zip
    c:\users\Evinrude\AppData\Roaming\m\srvlist.oct
    c:\windows\msetup
    c:\windows\msetup\BASW-00503A64\data1.cab
    c:\windows\msetup\BASW-00503A64\data1.hdr
    c:\windows\msetup\BASW-00503A64\data2.cab
    c:\windows\msetup\BASW-00503A64\engine32.cab
    c:\windows\msetup\BASW-00503A64\layout.bin
    c:\windows\msetup\BASW-00503A64\PlayCamera\CameraOn.wav
    c:\windows\msetup\BASW-00503A64\PlayCamera\Click.wav
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_chs_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_cht_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_deu_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_eng_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_esp_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_fra_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_ita_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_kor_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_ptg_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_rus_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\Help\PlayCamera_ukr_s.chm
    c:\windows\msetup\BASW-00503A64\PlayCamera\HookDllPS2.dll
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\Back_Big.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\Back_Small.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbCancel.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbHelp.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbOk.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbOpen.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbPreviewOff.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbPreviewOn.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbRecordOff.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbRecordOn.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\gbSnap.bmp
    c:\windows\msetup\BASW-00503A64\PlayCamera\Images\PlayCamera.ico
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_chs.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_cht.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_deu.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_eng.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_esp.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_fra.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_ita.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_kor.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_ptg.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_rus.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\Language\PlayCamera_ukr.txt
    c:\windows\msetup\BASW-00503A64\PlayCamera\PlayCamera.exe
    c:\windows\msetup\BASW-00503A64\PlayCamera\SSHook.dll
    c:\windows\msetup\BASW-00503A64\PlayCamera\Uninst.ico
    c:\windows\msetup\BASW-00503A64\setup.exe
    c:\windows\msetup\BASW-00503A64\setup.ibt
    c:\windows\msetup\BASW-00503A64\setup.ini
    c:\windows\msetup\BASW-00503A64\setup.iss
    c:\windows\msetup\BASW-00503A64\SWDesc.txt
    c:\windows\msetup\BASW-01038A05\ChgWLANSettings.exe
    c:\windows\msetup\MSetup.exe
    c:\windows\msetup\MSetupLog.log
    c:\windows\system32\drivers\downld
    c:\windows\system32\drivers\downld\117437.exe
    c:\windows\system32\drivers\downld\154784.exe
    c:\windows\system32\drivers\downld\15584609.exe
    c:\windows\system32\drivers\downld\190321.exe
    c:\windows\system32\drivers\downld\195640.exe
    c:\windows\system32\drivers\downld\2183421.exe
    c:\windows\system32\drivers\downld\2200721.exe
    c:\windows\system32\drivers\downld\2202484.exe
    c:\windows\system32\drivers\downld\2253044.exe
    c:\windows\system32\drivers\downld\243377.exe
    c:\windows\system32\drivers\downld\388598.exe
    c:\windows\system32\drivers\downld\419237.exe
    c:\windows\system32\drivers\downld\421358.exe
    c:\windows\system32\drivers\downld\441030.exe
    c:\windows\system32\drivers\downld\475959.exe
    c:\windows\system32\drivers\downld\524178.exe
    c:\windows\system32\drivers\srosa.sys
    c:\windows\system32\drivers\srosa2.sys
    c:\windows\system32\drivers\winfilse.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SROSA
    -------\Legacy_SROSA

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-02 03:50 . 2006-11-02 10:46 113,664 --a------ c:\windows\System32\LANGWRBK.DLL
    2008-12-01 19:15 . 2008-12-01 19:20 <REP> d-------- c:\windows\BDOSCAN8
    2008-12-01 19:13 . 2008-12-01 19:13 <REP> d-------- c:\windows\report
    2008-12-01 19:13 . 2008-12-01 19:13 <REP> d-------- c:\windows\AU_Backup
    2008-12-01 19:13 . 2008-12-01 19:13 21,188,209 --a------ c:\windows\VPTNFILE.683
    2008-12-01 19:13 . 2008-12-01 19:13 21,188,209 --a------ c:\windows\LPT$VPN.683
    2008-12-01 19:13 . 2008-12-01 19:13 1,971,953 --a------ c:\windows\tsc.ptn
    2008-12-01 19:13 . 2008-12-01 19:13 1,213,784 --a------ c:\windows\vsapi32.dll
    2008-12-01 19:13 . 2008-12-01 19:13 345,157 --a------ c:\windows\tsc.exe
    2008-12-01 19:13 . 2008-12-01 19:13 91,744 --a------ c:\windows\BPMNT.dll
    2008-12-01 19:13 . 2008-12-01 19:13 71,749 --a------ c:\windows\hcextoutput.dll
    2008-12-01 19:13 . 2008-12-01 19:13 803 --------- c:\windows\tsc.ini
    2008-12-01 19:12 . 2008-12-01 19:13 <REP> d-------- c:\windows\AU_Temp
    2008-12-01 19:12 . 2008-12-01 19:12 <REP> d-------- c:\windows\AU_Log
    2008-12-01 19:12 . 2008-12-01 19:12 507,904 --a------ c:\windows\TMUPDATE.DLL
    2008-12-01 19:12 . 2008-12-01 19:12 286,720 --a------ c:\windows\PATCH.EXE
    2008-12-01 19:12 . 2008-12-01 19:12 69,689 --a------ c:\windows\UNZIP.DLL
    2008-12-01 19:12 . 2008-12-01 19:12 170 --a------ c:\windows\GetServer.ini
    2008-12-01 18:47 . 2008-12-01 18:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-01 18:47 . 2008-12-01 18:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-01 18:47 . 2008-12-01 18:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-01 18:42 . 2008-12-01 18:42 <REP> d-------- c:\users\All Users\Yahoo! Companion
    2008-12-01 18:42 . 2008-12-01 18:42 <REP> d-------- c:\programdata\Yahoo! Companion
    2008-12-01 18:23 . 2008-12-01 18:23 <REP> d-------- c:\program files\Yahoo!
    2008-12-01 18:23 . 2008-12-01 18:23 <REP> d-------- c:\program files\CCleaner
    2008-12-01 15:36 . 2008-11-13 12:43 4,688,384 --a------ c:\windows\System32\avcodec-51.dll
    2008-12-01 15:36 . 2008-11-13 12:43 1,278,464 --a------ c:\windows\System32\libxml2-2.dll
    2008-12-01 15:36 . 2008-11-13 12:43 892,928 --a------ c:\windows\System32\libiconv-2.dll
    2008-12-01 15:36 . 2008-11-13 12:43 546,304 --a------ c:\windows\System32\libfreetype-6.dll
    2008-12-01 15:36 . 2008-11-13 12:43 278,016 --a------ c:\windows\System32\libgcrypt-11.dll
    2008-12-01 15:36 . 2008-11-13 12:43 160,256 --a------ c:\windows\System32\libfontconfig-1.dll
    2008-12-01 15:36 . 2008-11-13 12:43 75,776 --a------ c:\windows\System32\libz-1-2.dll
    2008-12-01 15:36 . 2008-11-13 12:43 43,008 --a------ c:\windows\System32\libgpg-error-0.dll
    2008-12-01 14:04 . 2008-12-01 14:04 <REP> d-------- c:\users\All Users\Windows Genuine Advantage
    2008-12-01 02:40 . 2008-09-30 17:31 1,839,104 --a------ c:\windows\Product(RED).msstyles
    2008-12-01 02:40 . 2008-04-07 15:03 430,080 --a------ c:\windows\PRODUCTRED.scr
    2008-12-01 02:15 . 2008-12-01 02:15 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-30 19:30 . 2008-11-30 19:30 <REP> d-------- c:\program files\Google
    2008-11-30 18:58 . 2008-11-30 18:58 <REP> d-------- c:\users\All Users\Logitech
    2008-11-30 18:58 . 2008-11-30 18:58 <REP> d-------- c:\users\All Users\Logishrd
    2008-11-30 18:58 . 2008-11-30 18:58 <REP> d-------- c:\programdata\Logitech
    2008-11-30 18:58 . 2008-11-30 18:58 <REP> d-------- c:\programdata\Logishrd
    2008-11-30 18:56 . 2008-11-30 18:58 <REP> d-------- c:\program files\Logitech
    2008-11-30 18:52 . 2008-11-30 19:15 <REP> d-------- c:\program files\Common Files\logishrd
    2008-11-30 16:30 . 2008-11-30 16:33 <REP> d-------- c:\users\Evinrude\AppData\Roaming\Bioshock
    2008-11-30 16:22 . 2008-11-30 16:22 <REP> d-------- c:\program files\MSXML 4.0
    2008-11-30 16:12 . 2008-11-30 16:12 <REP> d-------- c:\program files\2K Games
    2008-11-30 14:50 . 2008-12-01 02:48 <REP> d-------- c:\users\Evinrude\AppData\Roaming\IDM
    2008-11-30 14:50 . 2008-12-01 19:20 <REP> d-------- c:\users\Evinrude\AppData\Roaming\DMCache
    2008-11-30 14:50 . 2008-11-30 14:50 <REP> d-------- c:\program files\Internet Download Manager
    2008-11-30 12:45 . 2008-11-30 12:45 <REP> d-------- c:\program files\Lionhead Studios
    2008-11-30 12:35 . 2008-11-30 12:35 97 --a------ c:\windows\System32\dmlg.dat
    2008-11-29 23:07 . 2008-11-29 23:07 <REP> d-------- c:\users\Evinrude\AppData\Roaming\DAEMON Tools Pro
    2008-11-29 23:06 . 2008-11-29 23:06 <REP> d-------- c:\users\All Users\DAEMON Tools Pro
    2008-11-29 23:06 . 2008-11-29 23:06 <REP> d-------- c:\programdata\DAEMON Tools Pro
    2008-11-29 22:58 . 2008-11-30 14:21 <REP> d-------- c:\program files\DAEMON Tools Pro
    2008-11-29 21:52 . 2008-11-29 21:52 <REP> d-------- c:\users\Evinrude\AppData\Roaming\Nero
    2008-11-29 21:48 . 2008-12-01 14:58 <REP> d-------- c:\users\All Users\ma-config.com
    2008-11-29 21:48 . 2008-12-01 14:58 <REP> d-------- c:\programdata\ma-config.com
    2008-11-29 21:48 . 2008-12-01 14:58 <REP> d-------- c:\program files\ma-config.com
    2008-11-29 21:42 . 2008-11-29 21:42 <REP> d-------- c:\users\All Users\Messenger Plus!
    2008-11-29 21:42 . 2008-11-29 21:42 <REP> d-------- c:\programdata\Messenger Plus!
    2008-11-29 21:15 . 2008-11-29 21:15 4,767 --a------ c:\windows\Irremote.ini
    2008-11-29 21:00 . 2008-11-29 21:00 <REP> d-------- c:\program files\Messenger Plus! Live
    2008-11-29 20:48 . 2008-11-29 21:14 <REP> d-------- c:\program files\Nero
    2008-11-29 20:47 . 2008-11-29 21:03 <REP> d-------- c:\users\All Users\Nero
    2008-11-29 20:47 . 2008-11-29 21:03 <REP> d-------- c:\programdata\Nero
    2008-11-29 20:47 . 2008-11-29 21:37 <REP> d-------- c:\program files\Common Files\Nero
    2008-11-29 20:43 . 2008-12-01 14:39 <REP> d-------- c:\users\All Users\eMule
    2008-11-29 20:43 . 2008-12-01 14:39 <REP> d-------- c:\programdata\eMule
    2008-11-29 20:38 . 2008-11-30 16:30 107,888 --a------ c:\windows\System32\CmdLineExt.dll
    2008-11-29 20:36 . 2008-11-29 20:36 685,816 --a------ c:\windows\System32\drivers\sptd.sys
    2008-11-29 20:31 . 2008-11-29 20:31 <REP> d-------- c:\program files\ManyCam 2.3
    2008-11-29 20:27 . 2008-11-29 20:27 <REP> d-------- C:\temp
    2008-11-29 20:26 . 2008-11-30 16:20 <REP> d-------- c:\users\All Users\Media Center Programs
    2008-11-29 20:26 . 2008-11-30 16:20 <REP> d-------- c:\programdata\Media Center Programs
    2008-11-29 20:16 . 2008-11-29 20:16 <REP> d-------- c:\program files\THQ
    2008-11-29 20:09 . 2008-11-29 20:09 <REP> d-------- c:\users\Evinrude\AppData\Roaming\InstallShield
    2008-11-29 20:03 . 2008-12-01 14:06 <REP> d--h----- c:\windows\msdownld.tmp
    2008-11-29 18:44 . 2008-11-29 18:44 <REP> dr------- c:\users\Evinrude\Searches
    2008-11-29 18:44 . 2008-11-29 21:43 <REP> dr------- c:\users\Evinrude\Contacts
    2008-11-29 18:41 . 2008-12-01 14:47 <REP> dr------- c:\users\Evinrude\Videos
    2008-11-29 18:41 . 2008-11-29 18:37 <REP> dr------- c:\users\Evinrude\Saved Games
    2008-11-29 18:41 . 2008-09-08 03:09 <REP> d-------- c:\users\Evinrude\Roaming
    2008-11-29 18:41 . 2008-11-30 19:07 <REP> dr------- c:\users\Evinrude\Pictures
    2008-11-29 18:41 . 2008-12-01 02:05 <REP> dr------- c:\users\Evinrude\Music
    2008-11-29 18:41 . 2008-11-29 18:44 <REP> dr------- c:\users\Evinrude\Links
    2008-11-29 18:41 . 2008-11-30 14:36 <REP> dr------- c:\users\Evinrude\Downloads
    2008-11-29 18:41 . 2008-12-01 15:34 <REP> dr------- c:\users\Evinrude\Documents
    2008-11-29 18:41 . 2006-11-02 13:37 <REP> d-------- c:\users\Evinrude\AppData\Roaming\Media Center Programs
    2008-11-29 18:41 . 2008-12-01 15:36 <REP> d--h----- c:\users\Evinrude\AppData
    2008-11-29 18:41 . 2008-11-30 19:06 <REP> d-------- c:\users\Evinrude
    2008-11-29 18:40 . 2008-11-29 18:40 <REP> dr------- c:\windows\System32\config\systemprofile\Contacts
    2008-11-29 17:48 . 2008-12-01 12:35 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
    2008-11-29 17:48 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
    2008-11-29 17:48 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
    2008-11-29 17:47 . 2008-11-29 17:47 <REP> d-------- c:\users\Evinrude\AppData\Roaming\TuneUp Software
    2008-11-29 17:47 . 2008-11-29 17:47 <REP> d-------- c:\users\All Users\TuneUp Software
    2008-11-29 17:47 . 2008-11-29 17:47 <REP> d-------- c:\programdata\TuneUp Software
    2008-11-29 17:47 . 2008-12-01 12:36 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2008-11-29 17:46 . 2008-11-29 17:46 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-11-29 17:40 . 2008-12-01 02:24 <REP> d-------- c:\users\Evinrude\WebCam Media
    2008-11-29 17:32 . 2008-11-29 17:32 <REP> d-------- c:\windows\SQL9_KB948109_ENU
    2008-11-29 16:39 . 2008-11-29 16:39 382 --a------ c:\windows\ODBC.INI
    2008-11-29 16:39 . 2008-11-29 18:33 39 --a------ c:\windows\vbaddin.ini
    2008-11-29 16:33 . 2002-02-24 21:30 260,096 --------- c:\windows\System32\RICHTX32.OCX
    2008-11-29 16:33 . 2000-05-22 01:00 140,488 --------- c:\windows\System32\COMDLG32.OCX
    2008-11-29 16:32 . 2008-11-29 16:34 <REP> d-------- c:\users\All Users\PowerAMC 12
    2008-11-29 16:32 . 2008-11-29 16:34 <REP> d-------- c:\programdata\PowerAMC 12
    2008-11-29 16:32 . 2008-11-29 16:33 <REP> d-------- c:\program files\Sybase
    2008-11-29 16:31 . 2008-12-01 17:52 <REP> d-------- c:\program files\Liberty BASIC v4.03
    2008-11-29 16:31 . 2008-11-29 16:31 6 --a------ c:\windows\System32\cuatro.ini
    2008-11-29 16:27 . 2008-11-29 16:27 <REP> d-------- c:\program files\MSECache
    2008-11-29 16:24 . 2008-12-01 17:07 <REP> d-------- c:\program files\Windows Live Safety Center
    2008-11-29 16:24 . 2006-10-26 19:58 30,512 --a------ c:\windows\System32\mdimon.dll
    2008-11-29 16:23 . 2008-11-29 16:23 <REP> d-------- c:\program files\Microsoft Works
    2008-11-29 16:19 . 2008-11-29 16:19 <REP> dr-h----- C:\MSOCache
    2008-11-29 16:17 . 2008-11-29 16:17 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-11-29 16:04 . 2008-07-16 02:32 2,048 --a------ c:\windows\System32\tzres.dll
    2008-11-29 16:00 . 2008-11-29 16:00 0 --a------ c:\windows\nsreg.dat
    2008-11-29 15:36 . 2008-11-29 15:36 <REP> d-------- c:\users\Evinrude\AppData\Roaming\vlc
    2008-11-29 15:35 . 2008-11-29 15:35 <REP> d-------- c:\program files\VideoLAN
    2008-11-29 15:29 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-11-29 15:29 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-11-29 15:29 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-01 18:26 201,114 ----a-w c:\users\All Users\nvModes.dat
    2008-12-01 18:26 201,114 ----a-w c:\programdata\nvModes.dat
    2008-12-01 01:47 615,424 ----a-w c:\windows\System32\themeui.dll
    2008-12-01 01:47 240,128 ----a-w c:\windows\System32\uxtheme.dll
    2008-11-30 15:12 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-29 17:43 --------- d-----w c:\program files\Samsung
    2008-11-29 17:40 --------- d-sh--w c:\programdata\Modèles
    2008-11-29 17:40 --------- d-sh--w c:\programdata\Menu Démarrer
    2008-11-29 17:40 --------- d-sh--w c:\programdata\Favoris
    2008-11-29 17:40 --------- d-sh--w c:\programdata\Bureau
    2008-11-29 17:40 --------- d-sh--w c:\program files\Fichiers communs
    2008-11-29 16:38 --------- d-----w c:\programdata\Microsoft Help
    2008-11-29 16:32 --------- d-----w c:\program files\Microsoft SQL Server
    2008-11-29 15:22 --------- d-----w c:\program files\Microsoft.NET
    2008-11-29 15:18 --------- d-----w c:\program files\Microsoft Small Business
    2008-11-29 15:10 --------- d-----w c:\program files\McAfee
    2008-11-29 15:08 --------- d-----w c:\program files\Windows Mail
    2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
    2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-09-12 10:44 206,256 ----a-w c:\windows\System32\idmmbc.dll
    2008-09-08 02:06 319,456 ----a-w c:\windows\DIFxAPI.dll
    2008-09-08 02:06 315,392 ----a-w c:\windows\HideWin.exe
    2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-29 2610608]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-12-01 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-12-01 582992]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "RtHDVCpl"=RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-876129911-1259334181-4154553057-1003]
    "EnableNotificationsRef"=dword:00000003

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{D9E10D65-F591-4EF8-A964-97D30BD2D653}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{FC8B6B9E-3950-4B8E-B1D8-5074978FD97F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7B6442EA-CAAF-4BA0-9345-B92BEB7FA882}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
    "{1E560306-A7C3-459D-9350-C2D426513523}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
    "{1A81A9B5-9072-41F1-AEED-5FB98409D247}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{BAC38B4A-5F51-4D7A-9DFA-B81D105AD831}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{19BAFF9E-CDD6-46D1-9F82-03215DC13CB1}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{FD393888-E545-4E6F-A254-8A6F66702BD1}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{BD1B6387-AAAD-4EA2-89CC-3953879A3EC6}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{020DA8E4-85BF-4FCF-818A-38E89400E331}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{52839592-376D-4D00-8DC2-D347DECABD63}"= UDP:57439:emule tcp
    "{C9FD31D2-9E56-4BEF-8DC3-249D45D72486}"= TCP:59873:emule udp
    "TCP Query User{78AA703C-3369-4CEE-9070-800BAA1E363F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{76EE7FB9-ACB6-4C18-AAEA-338DA28565FA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{0B0DFF77-B282-4081-AEDB-3AABC7F418C9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{5061E51E-654A-41D1-83F1-72BCD7E3E32A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
    R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-08 13312]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-08 44576]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-09-08 242048]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-01 809296]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e23c93-be60-11dd-b4ef-001377ae101e}]
    \shell\AutoRun\command - F:\arun.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-29 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]

    2008-09-08 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-12-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\users\Evinrude\AppData\Roaming\Mozilla\Firefox\Profiles\umfcrtyn.default\
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-01 19:29:00
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-01 19:29:40
    ComboFix-quarantined-files.txt 2008-12-01 18:29:34

    Avant-CF: 47,654,047,744 octets libres
    Après-CF: 50,565,476,352 octets libres

    466 --- E O F --- 2008-12-01 01:15:24
    0
  4. Utilisateur anonyme
     
    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    F:\arun.exe

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e23c93-be60-11dd-b4ef-001377ae101e}]

    :commands
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. evinrude1988
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder F:\arun.exe not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e23c93-be60-11dd-b4ef-001377ae101e}\\ deleted successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_194048
    0
  7. Utilisateur anonyme
     
    Télécharge HijackThis (outils de diagnostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> HijackThis

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
  8. evinrude1988
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:45:32, on 01/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Evinrude\Desktop\OTMoveIt3.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  9. Utilisateur anonyme
     
    désinstal et réinstal mc affee

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://download.piriform.com/ccsetup210.exe

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> Tuto : https://www.malekal.com/tutoriel-ccleaner/

    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pc-system.fr/
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    # Fais un clic droit sur toolcleaner
    # Choisi executer en tant qu administrateur
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    Désactive et reactive ta restauration
    0
  10. evinrude1988
     
    Heu, Mccaffe, et une version d'essai de 60 jours.
    Je n'ai pas le CD d'installation.
    Je peu le desinstallé et en installé un autre peut étre ? (avast par exemple)
    0
  11. evinrude1988
     
    [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\Evinrude\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Evinrude\Desktop\ComboFix.exe: trouvé !
    C:\Users\Evinrude\Desktop\HJTInstall.exe: trouvé !
    C:\Users\Evinrude\Desktop\OTMoveIt3.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Users\Evinrude\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Evinrude\Desktop\ComboFix.exe: supprimé !
    C:\Users\Evinrude\Desktop\HJTInstall.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Users\Evinrude\Desktop\OTMoveIt3.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
    0
  12. evinrude1988
     
    Je redemare et je vous dit.

    ps : deja merci d'avance...., et j'aimerai savoir pourquoi m'avoir fait telecharger Antivir plutot qu'Avast svp.
    0
  13. Utilisateur anonyme
     
    TOUT SIMPLEMENT car il est plus performant

    http://forum.malekal.com/ftopic3528.php
    0
  14. evinrude1988
     
    Bien, çà a l'air de fonctionné, encor merci,
    parcontre subsiste le probleme de connection wifi.
    Seul l'Ethernet fonctionne.
    0
  15. evinrude1988
     
    News :

    *Mon Wifi n'est plus dispo (j'arrive pas à le reactivé même avec le centre reseau et partage)
    *Le Centre de sécurité n'a pas pu activer le Pare-feu Windows
    *Pour réutilisé MSN, j'ai du le désinstallé et le réinstallé.
    0
  16. Utilisateur anonyme
     
    ok

    pour msn c est normal car ton infection (bagle) l a infecté

    pour le reste :

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Vas dans "Démarrer" puis Panneau de configuration.
    - Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
    - Clique sur Continuer.
    - Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    - Valide par OK et redémarre.

    Telecharge maintenant FindyKill sur ton bureau :

    --> Lance l installation avec les parametres par default

    --> Fais un clic droit sur le raccourci FindyKill sur ton bureau

    --> Choisi executer en tant qu administrateur

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt
    0
  17. evinrude1988
     
    ( pour le parfeu, j'ai reussi à le reactivé "manuellement" )
    0
  18. evinrude1988
     
    Heu, ton Findykill, est bloquer par Antivir.

    "Contains recognition pattern of the DR/Tool.PsKill.K.37 dropper.

    Je fait quoi ? J'ignore ?
    0
  • 1
  • 2