Infostealer

ceci n'est pas apparu,: "Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide."
cependant j'ai placé le fichier directement sur combofix sur le bureau et il m'a demandé de l'exécuté. celà fait j'ai un rapport. est ce bon?? voir...
ComboFix 08-12-05.06 - sda 2008-12-07 13:52:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1364 [GMT 1:00]
Running from: d:\documents and settings\sda\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 10:06 . 2008-12-06 13:47 <DIR> d-------- C:\SDFix
2008-12-05 17:57 . 2008-12-05 18:10 <DIR> d-------- c:\program files\UsbFix
2008-12-05 15:33 . 2008-12-05 21:16 <DIR> d-------- C:\ToolBar SD
2008-12-05 15:20 . 2008-12-05 15:20 2,404,352 --a------ C:\Norton_Removal_Tool.exe
2008-12-05 15:16 . 2008-12-05 15:16 <DIR> d-------- c:\windows\system32\Temp
2008-12-05 13:53 . 2008-12-05 13:54 1,226,248 --a------ C:\DMSetup.exe
2008-12-05 13:14 . 2008-12-05 13:14 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-05 12:52 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-05 12:52 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-05 12:52 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-05 12:52 . 2008-12-05 12:29 53,248 --a------ c:\windows\system32\Process.exe
2008-12-05 12:52 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-05 12:52 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-12-05 12:29 . 2008-12-05 13:39 <DIR> d-------- C:\SmitfraudFix
2008-12-05 12:19 . 2008-12-06 13:53 1,435,761 --a------ C:\SmitfraudFix.zip
2008-12-04 20:00 . 2008-12-04 20:01 401,720 --a------ C:\HiJackThis.exe
2008-12-01 19:41 . 2008-12-01 19:41 30,601 --a------ d:\documents and settings\sda\x.exe
2008-12-01 18:43 . 2008-12-01 18:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-12-01 18:05 . 2008-12-01 18:05 <DIR> d-------- d:\documents and settings\sda\dsc
2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\vw
2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\VisualRoute
2008-12-01 18:01 . 2008-12-01 20:07 <DIR> d-------- c:\program files\VisualRoute 2008
2008-11-27 17:23 . 2008-11-27 17:23 29 --a------ c:\windows\system32\uwrqdspa.tmp
2008-11-27 17:20 . 2008-11-27 17:20 188,416 --a------ c:\windows\JJACRBNV.exe
2008-11-27 17:20 . 2008-12-06 16:16 0 --a------ c:\windows\system32\drivers\3672251a.sys
2008-11-27 17:19 . 2008-11-27 17:19 2 --a------ C:\1815657427

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 12:54 --------- d-----w d:\documents and settings\sda\Application Data\Skype
2008-12-07 12:48 --------- d-----w d:\documents and settings\sda\Application Data\skypePM
2008-12-07 11:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-01 19:07 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-01 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-01 18:03 --------- d-----w d:\documents and settings\sda\Application Data\LimeWire
2008-12-01 11:06 --------- d-----w c:\program files\ZikiTranslator
2008-11-28 10:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.001\Application Data\SACore
2008-11-27 13:27 --------- d-----w c:\program files\e-bat
2008-11-17 12:59 --------- d-----w c:\program files\McAfee
2008-11-12 02:07 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 16:25 --------- d-----w d:\documents and settings\sda\Application Data\Ulead Systems
2008-10-20 10:41 --------- d-----w d:\documents and settings\sda\Application Data\Sprite Software
2008-10-20 10:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 10:40 --------- d-----w c:\program files\Sprite Software
2008-10-20 10:34 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-20 10:12 --------- d-----w c:\program files\Ressources Windows Mobile
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-10 18:06 --------- d-----w c:\program files\Common Files\HP
2008-10-10 16:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-10-09 16:34 --------- d-----w c:\program files\HP
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-04-04 09:49 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2007-10-30 08:54 100,680 ----a-w d:\documents and settings\sda\Application Data\GDIPFONTCACHEV1.DAT
2007-08-01 14:48 9,644 ----a-w c:\program files\uninstal.log
2007-06-07 10:46 81,920 ----a-w d:\documents and settings\sda\Application Data\ezpinst.exe
2007-06-07 10:46 47,360 ----a-w d:\documents and settings\sda\Application Data\pcouffin.sys
2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
2005-09-09 17:55 4,588,454 ----a-w c:\program files\setup.exe
2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
2005-09-09 17:55 35 ----a-w c:\program files\SCSSDist.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.58.59.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 16:35:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-07 12:43:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-06 16:35:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-07 12:43:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-06 16:35:03 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 12:43:42 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-08-05 01:13 1610264 --a------ c:\program files\myBabylon\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\apps\skype\Phone\Skype.exe" [2008-02-01 21974824]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-03-16 1186304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-06 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IdiomaX Office"="c:\program files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2007-01-18 397872]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

d:\documents and settings\sda\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-06-06 49254]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-06 6379080]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 08:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\RealVNC\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"d:\\film a graver\\emule.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Documents and Settings\\sda\\Desktop\\SymNRT.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 203280]
S1 3672251a;3672251a;c:\windows\system32\drivers\3672251a.sys [2008-11-27 0]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-18 1527900]
S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-03-18 544768]
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\apps\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-12-07 13:57:01
ComboFix-quarantined-files.txt 2008-12-07 12:56:37
ComboFix2.txt 2008-12-06 18:00:10

Pre-Run: 12.135.178.240 bytes free
Post-Run: 12,112,945,152 bytes free

234 --- E O F --- 2008-12-01 18:53:21

ceci n'est pas apparu,: "Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide."
cependant j'ai placé le fichier directement sur combofix sur le bureau et il m'a demandé de l'exécuté. celà fait j'ai un rapport. est ce bon?? voir...
ComboFix 08-12-05.06 - sda 2008-12-07 13:52:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1364 [GMT 1:00]
Running from: d:\documents and settings\sda\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 10:06 . 2008-12-06 13:47 <DIR> d-------- C:\SDFix
2008-12-05 17:57 . 2008-12-05 18:10 <DIR> d-------- c:\program files\UsbFix
2008-12-05 15:33 . 2008-12-05 21:16 <DIR> d-------- C:\ToolBar SD
2008-12-05 15:20 . 2008-12-05 15:20 2,404,352 --a------ C:\Norton_Removal_Tool.exe
2008-12-05 15:16 . 2008-12-05 15:16 <DIR> d-------- c:\windows\system32\Temp
2008-12-05 13:53 . 2008-12-05 13:54 1,226,248 --a------ C:\DMSetup.exe
2008-12-05 13:14 . 2008-12-05 13:14 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-05 12:52 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-05 12:52 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-05 12:52 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-05 12:52 . 2008-12-05 12:29 53,248 --a------ c:\windows\system32\Process.exe
2008-12-05 12:52 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-05 12:52 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-12-05 12:29 . 2008-12-05 13:39 <DIR> d-------- C:\SmitfraudFix
2008-12-05 12:19 . 2008-12-06 13:53 1,435,761 --a------ C:\SmitfraudFix.zip
2008-12-04 20:00 . 2008-12-04 20:01 401,720 --a------ C:\HiJackThis.exe
2008-12-01 19:41 . 2008-12-01 19:41 30,601 --a------ d:\documents and settings\sda\x.exe
2008-12-01 18:43 . 2008-12-01 18:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-12-01 18:05 . 2008-12-01 18:05 <DIR> d-------- d:\documents and settings\sda\dsc
2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\vw
2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\VisualRoute
2008-12-01 18:01 . 2008-12-01 20:07 <DIR> d-------- c:\program files\VisualRoute 2008
2008-11-27 17:23 . 2008-11-27 17:23 29 --a------ c:\windows\system32\uwrqdspa.tmp
2008-11-27 17:20 . 2008-11-27 17:20 188,416 --a------ c:\windows\JJACRBNV.exe
2008-11-27 17:20 . 2008-12-06 16:16 0 --a------ c:\windows\system32\drivers\3672251a.sys
2008-11-27 17:19 . 2008-11-27 17:19 2 --a------ C:\1815657427

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 12:54 --------- d-----w d:\documents and settings\sda\Application Data\Skype
2008-12-07 12:48 --------- d-----w d:\documents and settings\sda\Application Data\skypePM
2008-12-07 11:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-01 19:07 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-01 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-01 18:03 --------- d-----w d:\documents and settings\sda\Application Data\LimeWire
2008-12-01 11:06 --------- d-----w c:\program files\ZikiTranslator
2008-11-28 10:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.001\Application Data\SACore
2008-11-27 13:27 --------- d-----w c:\program files\e-bat
2008-11-17 12:59 --------- d-----w c:\program files\McAfee
2008-11-12 02:07 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 16:25 --------- d-----w d:\documents and settings\sda\Application Data\Ulead Systems
2008-10-20 10:41 --------- d-----w d:\documents and settings\sda\Application Data\Sprite Software
2008-10-20 10:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 10:40 --------- d-----w c:\program files\Sprite Software
2008-10-20 10:34 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-20 10:12 --------- d-----w c:\program files\Ressources Windows Mobile
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-10 18:06 --------- d-----w c:\program files\Common Files\HP
2008-10-10 16:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-10-09 16:34 --------- d-----w c:\program files\HP
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-04-04 09:49 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2007-10-30 08:54 100,680 ----a-w d:\documents and settings\sda\Application Data\GDIPFONTCACHEV1.DAT
2007-08-01 14:48 9,644 ----a-w c:\program files\uninstal.log
2007-06-07 10:46 81,920 ----a-w d:\documents and settings\sda\Application Data\ezpinst.exe
2007-06-07 10:46 47,360 ----a-w d:\documents and settings\sda\Application Data\pcouffin.sys
2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
2005-09-09 17:55 4,588,454 ----a-w c:\program files\setup.exe
2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
2005-09-09 17:55 35 ----a-w c:\program files\SCSSDist.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.58.59.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 16:35:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-07 12:43:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-06 16:35:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-07 12:43:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-06 16:35:03 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 12:43:42 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-08-05 01:13 1610264 --a------ c:\program files\myBabylon\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\apps\skype\Phone\Skype.exe" [2008-02-01 21974824]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-03-16 1186304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-06 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IdiomaX Office"="c:\program files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2007-01-18 397872]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

d:\documents and settings\sda\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-06-06 49254]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-06 6379080]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 08:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\RealVNC\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"d:\\film a graver\\emule.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Documents and Settings\\sda\\Desktop\\SymNRT.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 203280]
S1 3672251a;3672251a;c:\windows\system32\drivers\3672251a.sys [2008-11-27 0]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-18 1527900]
S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-03-18 544768]
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\apps\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-12-07 13:57:01
ComboFix-quarantined-files.txt 2008-12-07 12:56:37
ComboFix2.txt 2008-12-06 18:00:10

Pre-Run: 12.135.178.240 bytes free
Post-Run: 12,112,945,152 bytes free

234 --- E O F --- 2008-12-01 18:53:21

en glissant CFScript sur combo, il me dit que le nom du fichier est incorecte.
quid?

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1471
Windows 5.1.2600 Service Pack 2

7/12/2008 19:41:09
mbam-log-2008-12-07 (19-41-09).txt

Type de recherche: Examen rapide
Eléments examinés: 68886
Temps écoulé: 6 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\hpi4.hpi2 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehelper3.iehelperop (Spyware-Logger.Unknown) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e0e0f0-5c30-11d4-945d-000000000000} (Spyware-Logger.Unknown) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

ok pour l'instant il scan. on verra si des problème subsiste.
Au bureau j'ai une autre bécanne qui est infectée. D'ailleur je pense que c'est elle qui a infecté celle-ci par le reseau.
Le probleme, si c'en est un est que j'ai effacé des fichier dll suite au rapport que mcafee me faisait sur les fichier infecté.
on verra ça ultérieurement si cela ne te dérange pas.
Et encore un tout grand merci pour ton aide.

BitDefender Online Scanner



Scan report generated at: Sun, Dec 07, 2008 - 22:32:55





Scan path: D:\Documents and Settings\sda\My Documents;D:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;J:\;X:\;Y:\;Z:\;







Statistics

Time
02:28:18

Files
650140

Folders
14895

Boot Sectors
0

Archives
13163

Packed Files
43355




Results

Identified Viruses
6

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7




Engines Info

Virus Definitions
2335645

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
44

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qtoprtuq.sys.vir
Infected with: Rootkit.Agent.AIXB

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qtoprtuq.sys.vir
Deleted

C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP557\A0074132.dll
Infected with: Win32.Adware.LTM

C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP557\A0074132.dll
Deleted

C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP558\A0075288.sys
Infected with: Rootkit.Agent.AIXB

C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP558\A0075288.sys
Deleted

C:\WINDOWS\system32\HPI4.dll
Detected with: Adware.BHO

C:\WINDOWS\system32\HPI4.dll
Deleted

D:\film a graver\limewire telechargement\traceo ip_Crack.zip=>Crack.exe
Infected with: Trojan.Buzus.CH

D:\film a graver\limewire telechargement\traceo ip_Crack.zip=>Crack.exe
Deleted

D:\film a graver\limewire telechargement\traceo ip_Crack.zip
Updated

D:\film a graver\Nero.v8.2.8.0.PATENT.AUTH.CRACK.ONLY.MERRY.XMAS-PHiL8900.rar.rar=>Nero8Keygen.exe
Infected with: Trojan.Packed.28063

D:\film a graver\Nero.v8.2.8.0.PATENT.AUTH.CRACK.ONLY.MERRY.XMAS-PHiL8900.rar.rar=>Nero8Keygen.exe
Deleted

D:\film a graver\Nero.v8.2.8.0.PATENT.AUTH.CRACK.ONLY.MERRY.XMAS-PHiL8900.rar.rar
Update failed

D:\Software\Isobuster 1.9.1+serial+crack.rar=>Isobuster 1.9.1+serial+crack\Smart[1].Projects.IsoBuster.Pro.v1.9.1.1.Multilingual.Incl.KeyMaker-DVT.rar=>Smart.Projects.IsoBuster.Pro.v1.9.1.1.Multilingual.Incl.KeyMaker-DVT\DVT\KeyMaker.exe
Infected with: Trojan.Packed.31356

D:\Software\Isobuster 1.9.1+serial+crack.rar=>Isobuster 1.9.1+serial+crack\Smart[1].Projects.IsoBuster.Pro.v1.9.1.1.Multilingual.Incl.KeyMaker-DVT.rar=>Smart.Projects.IsoBuster.Pro.v1.9.1.1.Multilingual.Incl.KeyMaker-DVT\DVT\KeyMaker.exe
Deleted

D:\Software\Isobuster 1.9.1+serial+crack.rar=>Isobuster 1.9.1+serial+crack\Smart[1].Projects.IsoBuster.Pro.v1.9.1.1.Multilingual.Incl.KeyMaker-DVT.rar
Update failed




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:29, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\APPS\skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\APPS\SKYPE\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

,
j'ai effacer les prorammes et ce que j'avais sur mon bureau en executable.
j'ai également fait un restore comme demandé
Pour en finir avec malware, j'ai du redemerer le pc. Maintenant il bip sans Le message sur fond noir est Boot from cd.
que faire.??
merci

fait ctrl+alt+suppr ( les trois touche en meme temps)

dans "nouvelle tache " tape explorer

pas de disque window pour cette becane ici
malware c'est juste une partie d'un programme que tu m'a demandé de charger et puis de détruire. Le message après destruction etaiit de devoir redemarer le pc.
n'y a t'il pas moyen de revenir sur le bureau par manipulationavec F5 ou F8 et ensuite choisir qlque chose

voila ce que j'ai fait :

Ça dit egalement que norton a disparu

tu vas supprimer les anciens points de restauration
Pour ca tu fais
demarrer ,clic droit sur poste de travail ,onglet propriiété, onglet restauration systeme ,
Supprime tous les logiciels que je t'ai fait passer
coche : Desactiver la restauration système, et appliquer , puis redecoche.

puis rien. pas eu le temps d'aller sur le lien

quid???
je ne sais pas demarer en mode sans echec ou derniere configurationconnue.
que faire???

effectivement je ne sais plus aller sur window.
Maintenant il tourne en boucle. Message sur ecran noir :
BOOT FROM CD
ensuite BIP et la fenetre bleue apparait avec F2 F3 F8.
Quand je fais F8 et mode save, je reviens sur ecran noir avec bip et à nouveau fenetre bleu et ceci n'arrete pas.

voilaz il grave

c'est fait

il'instal a demaré et me demande sur quelle installation de window xp je veux ouvrir une session

voila on avance, mais mainteant il me demande le pass administrateur/
quid??
je n'en ai pas ou du moins ceux que je connais ne passent pas

merci regis, c'est fait. mainteant il demande l'administrateur??

non