st22026

Mbam n'a rien trouvé : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2656 Windows 5.1.2600 Service Pack 3 21/08/2009 13:38:40 mbam-log-2009-08-21 (13-38-40).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 189217 Temps écoulé: 55 minute(s), 54 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) J'ai supprimé pc antispyware à la main puis redémarrer et pour l'instant il n'est pas revenu.Braviax n'est plus dans system32. Par contre j'ai un problème je ne peux pas activer le pare feu windows,ça doit venir d'un virus?

Oui c'est bon c'est fait. Je lance une analyse?

Non je ne peux pas relancer combofix,voici le rapport mbam : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2656 Windows 5.1.2600 Service Pack 3 20/08/2009 18:33:07 mbam-log-2009-08-20 (18-33-07).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 189563 Temps écoulé: 49 minute(s), 3 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\08202009_145900\program files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\08202009_145900\program files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\08202009_145900\program files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\zyjaqaji.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\apaqudi.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

1ere bonne nouvelle j'ai enfin pu démarrer le PC en mode normal.

Effectivement il me dit 2 fichiers copiés commande ECHO désactivée,mais je ne peux toujours pas désinstaller combofix.

All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT moved successfully. c:\program files\PC_Antispyware2010\data moved successfully. c:\program files\PC_Antispyware2010 moved successfully. File/Folder c:\windows\obive.sys not found. File/Folder c:\windows\xemuzyji.sys not found. File/Folder c:\documents and settings\LocalService\Local Settings\Application Data\daqud.bat not found. File/Folder c:\documents and settings\LocalService\Application Data\ygal.exe not found. File/Folder c:\windows\duxibesoga.bin not found. File/Folder c:\documents and settings\LocalService\Application Data\caxepuhaw.bat not found. File/Folder c:\windows\gyzomygib.dat not found. File/Folder c:\windows\evugo.dll not found. File/Folder c:\documents and settings\All Users\Application Data\gydybyj.com not found. File/Folder c:\documents and settings\All Users\Application Data\butofaqoc.scr not found. File/Folder c:\documents and settings\LocalService\Local Settings\Application Data\zaqota.bat not found. File/Folder c:\documents and settings\All Users\Application Data\ziredowot.bat not found. File/Folder c:\windows\uxoras.com not found. File/Folder c:\documents and settings\LocalService\Application Data\unuhiha.bat not found. File/Folder c:\windows\dulav.dll not found. File/Folder c:\program files\Fichiers communs\datoteky.bat not found. File/Folder c:\program files\Fichiers communs\sejibuhelu.reg not found. File/Folder c:\documents and settings\LocalService\Application Data\ilamajeje.dat not found. File/Folder c:\documents and settings\All Users\Application Data\firi.dat not found. File/Folder c:\documents and settings\All Users\Application Data\oboroxyt.bin not found. File/Folder c:\documents and settings\All Users\Application Data\ahonywu.vbs not found. File/Folder c:\program files\Fichiers communs\laheviqi.lib not found. File/Folder c:\program files\Fichiers communs\guzuvizil.db not found. File/Folder c:\program files\Fichiers communs\evadamafi.inf not found. File/Folder c:\program files\configmm.ini not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\PC Antispyware 2010 not found. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\braviax not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Adrien ->Temp folder emptied: 1148744 bytes ->Temporary Internet Files folder emptied: 8327974 bytes ->Java cache emptied: 42027612 bytes ->FireFox cache emptied: 83080277 bytes ->Google Chrome cache emptied: 856432 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 3567867 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: P %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 323224 bytes RecycleBin emptied: 19049613 bytes Total Files Cleaned = 151,13 mb OTM by OldTimer - Version 3.0.0.6 log created on 08202009_145900

Combofix est toujours bloqué,voici le rapport : C:\Combofix.txt: trouvé ! C:\avenger: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\Adrien\Bureau\SdFix.exe: trouvé ! C:\Documents and Settings\Adrien\Bureau\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\Adrien\Bureau\SmitFraudfix: trouvé ! C:\Documents and Settings\Adrien\Bureau\Raccourcis Bureau non utilisés\Rsit.exe: trouvé ! C:\Documents and Settings\Adrien\Bureau\Raccourcis Bureau non utilisés\SmitFraudfix: trouvé !

Bonjour,votre lien pour reparzip ne fonctionne pas. C'est ça? http://www.commentcamarche.net/telecharger...055044-ziprepar

Maintenant combofix ne se lance plus et lorsque j'essaye de le desinstaller via demarrer,exécuter il me dit que windows ne le trouve pas. Il se nomme 15021-CF sur le bureau et j'ai un dossier "32788R22FWJFW" dans le disque C.

Non je n'ai pas le cd windows,je peux essayer de me le procurer. Voici le rapport Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2639 Windows 5.1.2600 Service Pack 3 (Safe Mode) 17/08/2009 15:46:48 mbam-log-2009-08-17 (15-46-48).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 187367 Temps écoulé: 17 minute(s), 31 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 62 Processus mémoire infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb1536 (Trojan.KillAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd3417 (Trojan.KillAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb2411 (Trojan.KillAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd290 (Trojan.KillAV) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V2H43HK6\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\htmlayout.dll.vir (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\wscui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000056.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000059.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000063.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000064.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000065.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000069.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000073.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000074.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000075.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000079.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000085.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000086.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000091.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000095.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000096.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000101.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000104.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000105.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000112.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000118.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000122.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP0\A0000123.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BNA.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BNB.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BNC.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Il n'y a pas ce fichier dans system32.

Bonjour, Je fais un glisser-déposer sur l'icone de combofix,je clique sur exécuter,une fenêtre noir s'affiche pendant moins d'une seconde et puis plus rien.

Est ce que je risque quelque chose si je branche un peripherique sur le port USB?

SVP quelqu'un a t-il une solution qui marche pour enlever ce virus? Est ce que ca peut marcher ça? http://forums.cnetfrance.fr/index.php?showtopic=90073

J'ai fait un nettoyage avec smitfraudfix voici le rapport SmitFraudFix v2.423 Rapport fait à 13:08:41,46, 17/08/2009 Executé à partir de C:\Documents and Settings\A\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\braviax.exe supprimé C:\WINDOWS\system32\_scui.cpl supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{DCC7F6EA-DA39-4CC7-9A93-3CAC7253A050}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DCC7F6EA-DA39-4CC7-9A93-3CAC7253A050}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DCC7F6EA-DA39-4CC7-9A93-3CAC7253A050}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Fichier beep.sys reçu le 2009.08.17 10:26:39 (UTC) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 34/41 (82.93%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 2. L'heure estimée de démarrage est entre 50 et 71 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Formaté Impression des résultats Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.17 Backdoor.Win32.UltimateDefender!IK AhnLab-V3 5.0.0.2 2009.08.15 Win-Trojan/AVKiller.29184.D AntiVir 7.9.1.1 2009.08.17 TR/Rootkit.Gen Antiy-AVL 2.0.3.7 2009.08.17 Backdoor/Win32.UltimateDefender Authentium 5.1.2.4 2009.08.17 W32/SYStroj.H.gen!Eldorado Avast 4.8.1335.0 2009.08.17 Win32:FakeAV-NO AVG 8.5.0.406 2009.08.17 BackDoor.Generic11.AIVI BitDefender 7.2 2009.08.17 Generic.Malware.P!.80497AAE CAT-QuickHeal 10.00 2009.08.17 Backdoor.UltimateDefender.xm ClamAV 0.94.1 2009.08.17 - Comodo 1999 2009.08.17 Backdoor.Win32.UltimateDefender.xm DrWeb 5.0.0.12182 2009.08.17 Trojan.NtRootKit.3206 eSafe 7.0.17.0 2009.08.16 - eTrust-Vet 31.6.6681 2009.08.17 Win32/Eldycow!generic F-Prot 4.4.4.56 2009.08.16 W32/SYStroj.H.gen!Eldorado F-Secure 8.0.14470.0 2009.08.17 Rootkit:W32/Xanti.gen!A Fortinet 3.120.0.0 2009.08.17 W32/FakeAlert.XM!tr.bdr GData 19 2009.08.17 Generic.Malware.P!.80497AAE Ikarus T3.1.1.68.0 2009.08.17 Backdoor.Win32.UltimateDefender Jiangmin 11.0.800 2009.08.17 Rootkit.Agent.cll K7AntiVirus 7.10.819 2009.08.14 - Kaspersky 7.0.0.125 2009.08.17 Backdoor.Win32.UltimateDefender.xm McAfee 5711 2009.08.16 FakeAlert-C.dr McAfee+Artemis 5711 2009.08.16 FakeAlert-C.dr McAfee-GW-Edition 6.8.5 2009.08.17 Heuristic.BehavesLike.Win32.Rootkit.B Microsoft 1.4903 2009.08.17 VirTool:WinNT/Xantvi.gen!A NOD32 4341 2009.08.17 a variant of Win32/UltimateDefender.A Norman 6.01.09 2009.08.14 W32/UltimateDefender.E nProtect 2009.1.8.0 2009.08.17 Backdoor/W32.UltimateDefender.29184 Panda 10.0.0.14 2009.08.16 Adware/UltimateDefender PCTools 4.4.2.0 2009.08.16 - Prevx 3.0 2009.08.17 - Rising 21.43.02.00 2009.08.17 Trojan.DL.Win32.Braviax.ae Sophos 4.44.0 2009.08.17 Mal/FakeAle-C Sunbelt 3.2.1858.2 2009.08.16 Trojan.Win32.Generic!BT Symantec 1.4.4.12 2009.08.17 Hacktool.Rootkit TheHacker 6.3.4.3.383 2009.08.13 - TrendMicro 8.950.0.1094 2009.08.17 TROJ_VIRANTIX.BF VBA32 3.12.10.9 2009.08.17 Backdoor.Win32.UltimateDefender.igk ViRobot 2009.8.17.1887 2009.08.17 Backdoor.Win32.UltimateDefender.29184.E VirusBuster 4.6.5.0 2009.08.16 - Information additionnelle File size: 29184 bytes MD5...: c4000a48f953d36167a7df84f98a2634 SHA1..: 51d31bbe993ca550ba40f4a756ce0fe8c08930ad SHA256: ff0260a3b944b3b97c7eff5c153b66cfe0445f747946dd63d5a64bf4f4d57372 ssdeep: 384:oQC3w/4aSYQEUWUmppBPtM5cuBSy42AJqcSr7n1Rn8Ucs/QjfamGePodlDC1 kX5o:3Sw1SeByhKzw1RbDGfaHtC1k PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1f52 timedatestamp.....: 0x4a842462 (Thu Aug 13 14:34:10 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1839 0x1a00 5.58 f4bd2fd136b6a52f63e1303ac3e66e42 .data 0x3000 0x47b8 0x4800 7.82 f0a5e99a5782d52d444a97ab5db75e38 INIT 0x8000 0x4b4 0x600 4.51 c8136faed724ee1b165396291f2ce94c .rsrc 0x9000 0xb0 0x200 4.10 9354afdd3424b559a0b57a6c2eec82b4 .reloc 0xa000 0x310 0x400 4.52 0ee88ee5e3c26109f0dded63f8641ef8 ( 2 imports ) > ntoskrnl.exe: IoReleaseCancelSpinLock, KeRemoveDeviceQueue, IoAcquireCancelSpinLock, IoStartPacket, IoDeleteDevice, KeSetTimer, MmMapLockedPages, MmBuildMdlForNonPagedPool, MmCreateMdl, KeServiceDescriptorTable, MmPageEntireDriver, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, PsSetLoadImageNotifyRoutine, ZwQuerySystemInformation, IoCreateDevice, IoStartNextPacket, ExFreePoolWithTag, ZwClose, ZwWriteFile, ExAllocatePoolWithTag, ZwCreateFile, ExAcquireResourceExclusiveLite, RtlInitUnicodeString, ZwSetValueKey, ZwCreateKey, ZwDeleteValueKey, tolower, RtlFreeAnsiString, ZwTerminateProcess, ZwOpenProcess, RtlInitAnsiString, RtlUnicodeStringToAnsiString, KeRemoveEntryDeviceQueue, KeCancelTimer, MmUnlockPagableImageSection, MmLockPagableDataSection, ExReleaseResourceLite, IofCompleteRequest > HAL.dll: KfLowerIrql, ExAcquireFastMutex, ExReleaseFastMutex, HalMakeBeep, KfRaiseIrql ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set Je n'ai pas de cd windows. J'ai analysé le fichier beep qui est dans system32/drivers

Il me met ça : "Error : acces is denied in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\current version windows Microsoft windows XP OK Recherche du service pack installé Error : acces is denied in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\current version windows Service pack 3 OK" Le bloc note ne s'ouvre pas mais il me propose de continuer.

2009-08-16 14:00:27 . 2009-08-16 14:00:27 12,155 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-08-16 13:56:44 . 2009-08-16 13:56:44 29,184 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir 2009-08-16 13:56:37 . 2009-08-16 13:56:37 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-08-16 11:39:51 . 2009-08-16 13:53:23 6,144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir 2009-08-16 11:39:51 . 2009-08-16 13:53:23 6,144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir 2009-08-16 11:39:51 . 2009-08-16 13:53:23 11,264 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir 2009-08-16 11:38:58 . 2009-08-16 13:56:59 114,811 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir 2009-08-16 11:38:56 . 2009-08-16 13:56:44 11,264 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir 2009-08-16 11:33:22 . 2009-08-16 13:56:44 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir braviax est toujours dans system 32

A la fin de l'analyse le pc s'est eteint sans laisser de pop up.Je n'ai pas de dossier combofix dans C. J'ai un dossier 65026-CF et un dossier Qoobox.

Les lignes je les colle dans le document texte nomé combofix dans le lecteur c:\?

ComboFix 09-08-10.06 - Adrien 16/08/2009 15:57.2.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.561 [GMT 2:00] Running from: c:\documents and settings\Adrien\Bureau\65026-CF.exe AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\figaro.sys c:\windows\system32\wisdstr.exe c:\windows\system32\drivers\beep.sys . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-15 22:43 . 2009-08-15 22:43 -------- d-s---w- C:\scan 2009-08-15 20:44 . 2009-08-15 20:44 18460 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\daqud.bat 2009-08-15 20:44 . 2009-08-15 20:44 16815 ----a-w- c:\windows\xemuzyji.sys 2009-08-15 20:44 . 2009-08-15 20:44 16292 ----a-w- c:\documents and settings\LocalService\Application Data\ygal.exe 2009-08-15 20:44 . 2009-08-15 20:44 16219 ----a-w- c:\windows\duxibesoga.bin 2009-08-15 20:44 . 2009-08-15 20:44 15767 ----a-w- c:\documents and settings\LocalService\Application Data\caxepuhaw.bat 2009-08-15 20:44 . 2009-08-15 20:44 14677 ----a-w- c:\windows\gyzomygib.dat 2009-08-15 20:44 . 2009-08-15 20:44 12237 ----a-w- c:\windows\evugo.dll 2009-08-15 20:43 . 2009-08-15 20:45 -------- d-----w- c:\program files\PC_Antispyware2010 2009-08-15 12:37 . 2009-08-15 12:37 -------- d-----w- C:\rsit 2009-08-15 11:30 . 2009-08-15 11:30 17890 ----a-w- c:\documents and settings\All Users\Application Data\gydybyj.com 2009-08-15 11:30 . 2009-08-15 11:30 17368 ----a-w- c:\documents and settings\All Users\Application Data\butofaqoc.scr 2009-08-15 11:30 . 2009-08-15 11:30 17263 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\zaqota.bat 2009-08-15 11:30 . 2009-08-15 11:30 17153 ----a-w- c:\documents and settings\All Users\Application Data\ziredowot.bat 2009-08-15 11:30 . 2009-08-15 11:30 15694 ----a-w- c:\windows\uxoras.com 2009-08-15 11:30 . 2009-08-15 11:30 15430 ----a-w- c:\documents and settings\LocalService\Application Data\unuhiha.bat 2009-08-15 11:30 . 2009-08-15 11:30 15115 ----a-w- c:\windows\dulav.dll 2009-08-15 11:30 . 2009-08-15 11:30 11755 ----a-w- c:\program files\Fichiers communs\datoteky.bat 2009-08-15 11:30 . 2009-08-15 11:30 10188 ----a-w- c:\windows\obive.sys 2009-08-15 09:01 . 2009-08-15 09:01 61440 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-15 09:01 . 2009-08-15 09:01 832776 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\lea.dll 2009-08-15 09:01 . 2009-08-15 09:01 439560 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\jlea.dll 2009-08-15 09:01 . 2009-08-15 09:01 42320 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\dsvout.dll 2009-08-15 09:01 . 2009-08-15 09:01 183356 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-15 09:01 . 2009-08-15 11:03 -------- d-----w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 15:19 . 2009-08-14 15:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-14 15:11 . 2009-08-14 15:11 18818 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\suwymugynu.reg 2009-08-14 15:11 . 2009-08-14 15:11 17234 ----a-w- c:\documents and settings\All Users\Application Data\gemoputecy.bat 2009-08-14 15:11 . 2009-08-14 15:11 14688 ----a-w- c:\windows\calusexav.vbs 2009-08-14 15:11 . 2009-08-14 15:11 13398 ----a-w- c:\program files\Fichiers communs\sejibuhelu.reg 2009-08-14 11:33 . 2009-08-14 11:33 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-08-13 21:51 . 2009-08-13 21:51 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-12 01:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 16:20 . 2009-08-11 16:20 15240 ----a-w- c:\documents and settings\Adrien\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-05 21:08 . 2009-08-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-08-05 17:38 . 2009-08-05 17:38 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-21 11:17 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 20:44 . 2009-08-15 20:44 12357 ----a-w- c:\documents and settings\LocalService\Application Data\ilamajeje.dat 2009-08-15 11:30 . 2009-08-15 11:30 14126 ----a-w- c:\documents and settings\All Users\Application Data\firi.dat 2009-08-14 16:49 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\BitTorrent 2009-08-14 15:11 . 2009-08-14 15:11 11536 ----a-w- c:\documents and settings\All Users\Application Data\oboroxyt.bin 2009-08-14 15:11 . 2009-08-14 15:11 10092 ----a-w- c:\documents and settings\All Users\Application Data\ahonywu.vbs 2009-08-13 21:53 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\DNA 2009-08-13 21:51 . 2004-08-10 20:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-13 07:42 . 2009-03-16 18:47 -------- d-----w- c:\program files\DNA 2009-08-13 06:23 . 2007-12-26 21:42 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-12 02:21 . 2009-01-09 16:06 -------- d-----w- c:\documents and settings\Adrien\Application Data\Orbit 2009-08-09 16:33 . 2006-12-23 21:15 58616 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-08-09 01:18 . 2006-08-11 17:43 85636 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-09 01:18 . 2006-08-11 17:43 512292 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-05 09:00 . 2004-08-10 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 08:43 . 2008-12-17 10:35 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-24 15:04 . 2009-01-10 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-17 19:03 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 20:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 22:20 . 2006-12-24 17:25 -------- d-----w- c:\program files\Fichiers communs\Real 2009-07-03 16:57 . 2006-03-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 15:32 . 2009-06-25 15:32 287 ----a-w- c:\windows\EReg072.dat 2009-06-25 09:22 . 2009-06-24 06:41 -------- d-----w- c:\documents and settings\Adrien\Application Data\Wuala 2009-06-25 09:20 . 2009-06-25 09:20 335872 ------w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\swt-win32-3448.dll 2009-06-24 06:54 . 2009-06-24 06:54 53248 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32Utils.dll 2009-06-24 06:41 . 2009-06-24 06:41 592175 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\orangevolt-4n-1.0.7.dll 2009-06-24 06:41 . 2009-06-24 06:41 184336 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Roaming\Wuala.exe 2009-06-24 06:40 . 2009-06-24 06:40 69632 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32NetBIOS.dll 2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-10 20:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-10 20:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 13:33 . 2009-07-13 14:05 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2009-06-03 19:10 . 2005-08-30 04:16 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-28 09:46 . 2009-05-28 09:46 318904 ----a-w- C:\wmpfirefoxplugin.exe 2008-12-28 18:05 . 2008-12-28 18:05 2402832 -c--a-w- c:\program files\WLinstaller.exe 2008-10-18 14:30 . 2008-10-18 14:30 12688 -c--a-w- c:\program files\Fichiers communs\laheviqi.lib 2008-10-18 14:30 . 2008-10-18 14:30 18914 -c--a-w- c:\program files\Fichiers communs\guzuvizil.db 2008-10-18 14:30 . 2008-10-18 14:30 11846 -c--a-w- c:\program files\Fichiers communs\evadamafi.inf 2007-02-19 14:48 . 2007-02-19 14:48 3 -c--a-w- c:\program files\configmm.ini 2009-04-18 06:52 . 2009-04-18 06:52 109 --sha-w- c:\windows\system32\1220883340.dat 2006-05-03 10:06 . 2009-01-09 22:07 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-09 22:07 31232 -csh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-09 22:07 216064 -csh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys [-] 2009-08-16 13:56 29184 4B55931CBB561351CA370D732763EA2C c:\windows\system32\dllcache\beep.sys [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-13 21:51 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-13 21:51 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingD3417"="del" [X] "SpybotDeletingD290"="del" [X] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544] "SpybotDeletingB1536"="command.com" - c:\windows\system32\command.com [2004-08-10 52103] "SpybotDeletingB2411"="command.com" - c:\windows\system32\command.com [2004-08-10 52103] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-11-10 1065984] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] path=c:\documents and settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide "Regedit32"=c:\windows\system32\regedit.exe "braviax"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Free Music Zilla\\FMZilla.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\NetXfer\\NetTransport.exe"= "d:\\StationRipper\\StationRipperConsole.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\Program Files\\TVAnts\\Tvants.exe"= "d:\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server "7000:UDP"= 7000:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7001:UDP"= 7001:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7002:UDP"= 7002:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [07/01/2007 13:02 13824] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/04/2008 22:14 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 22:14 20560] S2 BroadCamService;BroadCam Service;"c:\program files\NCH Software\BroadCam\broadCam.exe" -service --> c:\program files\NCH Software\BroadCam\broadCam.exe [?] S2 EyelineService;Eyeline Service;"c:\program files\NCH Software\Eyeline\eyeline.exe" -service --> c:\program files\NCH Software\Eyeline\eyeline.exe [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 951632] S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320] . Contents of the 'Scheduled Tasks' folder 2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204 IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202 IE: Download with &Shareaza - c:\program files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Tout télécharger avec NetXfer - d:\netxfer\NXAddList.html IE: Télécharger avec NetXfer - d:\netxfer\NXAddLink.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html FF - ProfilePath - c:\documents and settings\Adrien\Application Data\Mozilla\Firefox\Profiles\hjj3vx4k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q= FF - plugin: c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: d:\divx content uploader\npUpload.dll FF - plugin: d:\divx player\npDivxPlayerPlugin.dll FF - plugin: d:\divx web player\npdivx32.dll FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 16:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-16 16:04 ComboFix-quarantined-files.txt 2009-08-16 14:04 ComboFix2.txt 2009-08-16 11:38 Pre-Run: 35 865 980 928 octets libres Post-Run: 35 836 583 936 octets libres 279 --- E O F --- 2009-08-12 02:24

Combofix n'a rien supprimé et je n'ai rien dans le dossier c/combofix. J'ai un dossier qoobox. Je suis en mode sans echec et mon pc n'arrete pas de s'eteindre tout seul.

Bonjour, Comment je supprime ces 2 saloperies? On ma dit de télécharger combofix sur un autre forum et de le renommer en scan.exe mais il me dit que je dois utiliser des caracteres alphanumérique. Je fais quoi? Merci.