Aller au contenu

David64800

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par David64800

  1. David64800
    Bonjour Apollo, penses-tu que je puisse en rester là ? J'ai toujours quelques fenêtre IExplorer qui s'ouvrent de temps à autre. Merci David
  2. David64800
    Bonsoir, pas besoin de t'excuser, je suis déjà bien content de trouver un support tel que le tien. Dans l'ordre, tu trouveras : - le rapport après Lop S&D en option 2 - J'ai double cliqué sur le fichier repar.bat : il m'a affiché 1 copie de fichiers, et ensuite il m'a demandé d'appuyer sur une touche mais la fenêtre a disparu et ne m'a pas marqué deux fois "1 fichier(s) copié(s)" ?? J'ai recommencé une fois et même résultat. - Le rapport TDSSkiller Merci pour tout David Le rapport après Lop S&D en option 2 --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : coccinelle ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go) E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go) G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 02/02/2010|20:46 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ... C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 -> n'existe pas ! ... C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 -> n'existe pas ! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon [18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind [14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software [28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso [20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes [20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU [15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon [01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX [14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala [13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard [10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities [14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia [30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes [20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks [12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla [28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound [28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero [30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save [21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza [13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun [30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird [12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc [14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso [13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun [26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [02/02/2010 19:32][--ah-----] C:\WINDOWS\tasks\SA.DAT [06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [13/09/2008|22:00] C:\Program Files\7-Zip [21/06/2009|10:53] C:\Program Files\Adobe [06/10/2009|19:54] C:\Program Files\AGEIA Technologies [14/09/2008|19:38] C:\Program Files\alcohol [14/09/2008|19:39] C:\Program Files\Alcohol Soft [14/09/2008|19:28] C:\Program Files\Alwil Software [13/09/2008|22:03] C:\Program Files\Analog Devices [28/03/2009|12:40] C:\Program Files\Apple Software Update [14/11/2008|22:56] C:\Program Files\ATI [14/11/2008|22:52] C:\Program Files\ATI Technologies [28/06/2009|11:11] C:\Program Files\AVS4YOU [01/12/2008|09:54] C:\Program Files\Bonjour [30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial [04/09/2009|19:40] C:\Program Files\CCleaner [13/09/2008|19:47] C:\Program Files\ComPlus Applications [13/09/2008|21:55] C:\Program Files\Defraggler [01/05/2009|13:49] C:\Program Files\Disney Interactive [01/05/2009|17:56] C:\Program Files\DivX [28/01/2010|20:37] C:\Program Files\Empire Interactive [21/06/2009|10:48] C:\Program Files\Emtec.No [01/02/2010|13:37] C:\Program Files\Fichiers communs [14/09/2008|19:44] C:\Program Files\Google [13/10/2009|20:49] C:\Program Files\Hewlett-Packard [28/06/2009|18:19] C:\Program Files\HotzicBurner [24/10/2009|14:17] C:\Program Files\INFORAD [20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS [04/09/2009|12:19] C:\Program Files\InstallShield Installation Information [13/09/2008|22:15] C:\Program Files\Intel [13/09/2008|20:03] C:\Program Files\Internet Explorer [21/06/2009|10:27] C:\Program Files\Java [04/10/2009|19:56] C:\Program Files\JeffProd [13/09/2008|19:57] C:\Program Files\JEUX [13/09/2008|22:04] C:\Program Files\Lavalys [14/09/2008|09:02] C:\Program Files\Lavasoft [30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware [20/10/2008|18:18] C:\Program Files\MATLAB [13/09/2008|19:50] C:\Program Files\microsoft frontpage [14/09/2008|19:41] C:\Program Files\Microsoft Office [25/08/2009|21:22] C:\Program Files\Microsoft Silverlight [14/09/2008|19:41] C:\Program Files\Microsoft.NET [13/09/2008|19:48] C:\Program Files\Movie Maker [02/02/2010|20:43] C:\Program Files\Mozilla Firefox [02/02/2010|19:58] C:\Program Files\Mozilla Thunderbird [28/06/2009|19:07] C:\Program Files\MSBuild [13/09/2008|19:47] C:\Program Files\MSN Gaming Zone [13/09/2008|20:01] C:\Program Files\MSXML 4.0 [28/01/2010|20:20] C:\Program Files\Navilog1 [28/06/2009|18:08] C:\Program Files\NCH Software [28/06/2009|11:14] C:\Program Files\NCH Swift Sound [06/10/2009|22:09] C:\Program Files\Nero [14/09/2008|19:01] C:\Program Files\NETGEAR [13/09/2008|19:48] C:\Program Files\NetMeeting [13/09/2008|19:48] C:\Program Files\Outlook Express [28/01/2010|20:35] C:\Program Files\PeerTV [28/06/2009|12:46] C:\Program Files\PQDVD [28/03/2009|12:40] C:\Program Files\QuickTime [28/06/2009|19:00] C:\Program Files\Reference Assemblies [15/11/2009|10:26] C:\Program Files\SFR [21/10/2008|18:57] C:\Program Files\Shareaza [28/06/2009|11:23] C:\Program Files\SlySoft [01/02/2010|13:37] C:\Program Files\Spyware Doctor [31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware [23/02/2009|11:49] C:\Program Files\THQ [13/09/2008|21:55] C:\Program Files\ToniArts [31/01/2010|01:02] C:\Program Files\Trend Micro [13/09/2008|19:47] C:\Program Files\Uninstall Information [14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter [13/09/2008|19:57] C:\Program Files\UTILS [31/01/2010|10:15] C:\Program Files\Veetle [13/09/2008|21:56] C:\Program Files\VideoLAN [14/06/2009|21:32] C:\Program Files\VSO [13/09/2008|20:11] C:\Program Files\Windows Media Connect 2 [13/09/2008|20:12] C:\Program Files\Windows Media Player [13/09/2008|19:47] C:\Program Files\Windows NT [13/09/2008|19:49] C:\Program Files\WindowsUpdate [13/09/2008|20:12] C:\Program Files\WMV9_VCM [13/09/2008|19:57] C:\Program Files\WSTARTUP [13/09/2008|19:50] C:\Program Files\xerox [06/10/2009|22:05] C:\Program Files\Yahoo! [14/09/2008|08:55] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe [28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia [14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER [01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared [13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard [23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield [13/09/2008|20:13] C:\Program Files\Fichiers communs\Java [20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared [13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap [06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero [13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC [13/09/2008|19:48] C:\Program Files\Fichiers communs\Services [13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines [13/09/2008|19:48] C:\Program Files\Fichiers communs\System [31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 41 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-02 20:48:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:1][D:0]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp [F:9][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies [F:52][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 01/02/2010|22:26 - Option : [4] 4 - "C:\Lop SD\LopR_4.txt" - 01/02/2010|22:35 - Option : [1] 5 - "C:\Lop SD\LopR_5.txt" - 02/02/2010|20:50 - Option : [2] --------------------\\ Fin du rapport a 20:50:34 [ u] Le rapport TDSSkiller[/u] 20:56:38:484 2416 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 20:56:38:484 2416 ================================================================================ 20:56:38:484 2416 SystemInfo: 20:56:38:484 2416 OS Version: 5.1.2600 ServicePack: 2.0 20:56:38:484 2416 Product type: Workstation 20:56:38:484 2416 ComputerName: DAVID 20:56:38:500 2416 UserName: coccinelle 20:56:38:500 2416 Windows directory: C:\WINDOWS 20:56:38:500 2416 Processor architecture: Intel x86 20:56:38:500 2416 Number of processors: 1 20:56:38:500 2416 Page size: 0x1000 20:56:38:500 2416 Boot type: Normal boot 20:56:38:500 2416 ================================================================================ 20:56:38:500 2416 UnloadDriverW: NtUnloadDriver error 2 20:56:38:500 2416 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 20:56:38:515 2416 UtilityInit: KLMD drop and load success 20:56:38:515 2416 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 20:56:38:515 2416 UtilityInit: KLMD open success 20:56:38:515 2416 UtilityInit: Initialize success 20:56:38:515 2416 20:56:38:515 2416 Scanning Services ... 20:56:38:515 2416 CreateRegParser: Registry parser init started 20:56:38:515 2416 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 20:56:38:515 2416 CreateRegParser: DisableWow64Redirection error 20:56:38:515 2416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 20:56:38:515 2416 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:56:38:515 2416 wfopen_ex: Trying to KLMD file open 20:56:38:515 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 20:56:38:515 2416 wfopen_ex: File opened ok (Flags 2) 20:56:38:515 2416 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B80 20:56:38:515 2416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 20:56:38:515 2416 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:56:38:515 2416 wfopen_ex: Trying to KLMD file open 20:56:38:515 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 20:56:38:531 2416 wfopen_ex: File opened ok (Flags 2) 20:56:38:531 2416 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384C28 20:56:38:531 2416 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 20:56:38:531 2416 CreateRegParser: EnableWow64Redirection error 20:56:38:531 2416 CreateRegParser: RegParser init completed 20:56:38:828 2416 GetAdvancedServicesInfo: Raw services enum returned 343 services 20:56:38:843 2416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 20:56:38:843 2416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 20:56:38:843 2416 20:56:38:843 2416 Scanning Kernel memory ... 20:56:38:843 2416 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 20:56:38:843 2416 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89C22770 20:56:38:843 2416 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 20:56:38:843 2416 20:56:38:843 2416 DetectCureTDL3: DEVICE_OBJECT: 893CAC68 20:56:38:843 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 893CAC68 20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0x893CAC68[0x38] 20:56:38:843 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770 20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8] 20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18] 20:56:38:843 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 20:56:38:843 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30 20:56:38:843 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30 20:56:38:843 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B 20:56:38:843 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B 20:56:38:843 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366 20:56:38:843 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D 20:56:38:843 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3 20:56:38:843 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366 20:56:38:843 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3 20:56:38:843 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24 20:56:38:843 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E 20:56:38:843 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E 20:56:38:843 2416 TDL3_FileDetect: Processing driver: Disk 20:56:38:843 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:843 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:859 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 20:56:38:859 2416 20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 8973B520 20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8973B520 20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 8980EEA0 20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8980EEA0 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x8980EEA0[0x38] 20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT: 892BB3B8 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x892BB3B8[0xA8] 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xE196B368[0x1E] 20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 20:56:38:859 2416 DetectCureTDL3: IrpHandler (0) addr: F773C218 20:56:38:859 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (2) addr: F773C218 20:56:38:859 2416 DetectCureTDL3: IrpHandler (3) addr: F773C23C 20:56:38:859 2416 DetectCureTDL3: IrpHandler (4) addr: F773C23C 20:56:38:859 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (9) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (14) addr: F773C180 20:56:38:859 2416 DetectCureTDL3: IrpHandler (15) addr: F77379E6 20:56:38:859 2416 DetectCureTDL3: IrpHandler (16) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (22) addr: F773B5F0 20:56:38:859 2416 DetectCureTDL3: IrpHandler (23) addr: F7739A6E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E 20:56:38:859 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xF7738F26[0x400] 20:56:38:859 2416 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 20:56:38:859 2416 TDL3_FileDetect: Processing driver: USBSTOR 20:56:38:859 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:56:38:859 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:56:38:859 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 20:56:38:859 2416 20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 89C1C030 20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C1C030 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C1C030[0x38] 20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8] 20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18] 20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 20:56:38:875 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30 20:56:38:875 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30 20:56:38:875 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B 20:56:38:875 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B 20:56:38:875 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366 20:56:38:875 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D 20:56:38:875 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3 20:56:38:875 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366 20:56:38:875 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3 20:56:38:875 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24 20:56:38:875 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E 20:56:38:875 2416 TDL3_FileDetect: Processing driver: Disk 20:56:38:875 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:875 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:875 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 20:56:38:875 2416 20:56:38:875 2416 DetectCureTDL3: DEVICE_OBJECT: 89C1B030 20:56:38:875 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C1B030 20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C1B030[0x38] 20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770 20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8] 20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18] 20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 20:56:38:875 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30 20:56:38:875 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30 20:56:38:875 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B 20:56:38:875 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B 20:56:38:875 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366 20:56:38:875 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D 20:56:38:875 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3 20:56:38:875 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366 20:56:38:875 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3 20:56:38:875 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24 20:56:38:875 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E 20:56:38:875 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E 20:56:38:875 2416 TDL3_FileDetect: Processing driver: Disk 20:56:38:875 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:875 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 20:56:38:890 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 20:56:38:890 2416 20:56:38:890 2416 DetectCureTDL3: DEVICE_OBJECT: 89B9DAB8 20:56:38:890 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89B9DAB8 20:56:38:890 2416 DetectCureTDL3: DEVICE_OBJECT: 89BE4D98 20:56:38:890 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89BE4D98 20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0x89BE4D98[0x38] 20:56:38:890 2416 DetectCureTDL3: DRIVER_OBJECT: 89C179F8 20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C179F8[0xA8] 20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0xE102EC28[0x1A] 20:56:38:890 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 20:56:38:890 2416 DetectCureTDL3: IrpHandler (0) addr: F74A3572 20:56:38:890 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (2) addr: F74A3572 20:56:38:890 2416 DetectCureTDL3: IrpHandler (3) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (4) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (9) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (14) addr: F74A3592 20:56:38:890 2416 DetectCureTDL3: IrpHandler (15) addr: F749F7B4 20:56:38:890 2416 DetectCureTDL3: IrpHandler (16) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (22) addr: F74A35BC 20:56:38:890 2416 DetectCureTDL3: IrpHandler (23) addr: F74AA164 20:56:38:890 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E 20:56:38:890 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E 20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0xF74A07C6[0x400] 20:56:38:890 2416 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 20:56:38:890 2416 TDL3_FileDetect: Processing driver: atapi 20:56:38:890 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 20:56:38:890 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 20:56:38:906 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 20:56:38:906 2416 20:56:38:906 2416 Completed 20:56:38:906 2416 20:56:38:906 2416 Results: 20:56:38:906 2416 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 20:56:38:906 2416 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:56:38:906 2416 File objects infected / cured / cured on reboot: 0 / 0 / 0 20:56:38:906 2416 20:56:38:906 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 20:56:38:906 2416 UtilityDeinit: KLMD(ARK) unloaded successfully
  3. David64800
    Bonsoir, Suite à action 4, voici le rapport Merci pour votre aide Cordialement David --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : coccinelle ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:5 Go) D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go) E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go) G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [4] ( 01/02/2010|22:21 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 ... C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 -> n'existe pas ! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon [18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind [14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software [28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso [20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes [20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU [15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon [01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX [14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala [13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard [10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities [14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia [30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes [20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks [12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla [28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound [28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero [30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save [21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza [13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun [30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird [12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc [14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso [13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun [26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [01/02/2010 13:38][--ah-----] C:\WINDOWS\tasks\SA.DAT [06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [13/09/2008|22:00] C:\Program Files\7-Zip [21/06/2009|10:53] C:\Program Files\Adobe [06/10/2009|19:54] C:\Program Files\AGEIA Technologies [14/09/2008|19:38] C:\Program Files\alcohol [14/09/2008|19:39] C:\Program Files\Alcohol Soft [14/09/2008|19:28] C:\Program Files\Alwil Software [13/09/2008|22:03] C:\Program Files\Analog Devices [28/03/2009|12:40] C:\Program Files\Apple Software Update [14/11/2008|22:56] C:\Program Files\ATI [14/11/2008|22:52] C:\Program Files\ATI Technologies [28/06/2009|11:11] C:\Program Files\AVS4YOU [01/12/2008|09:54] C:\Program Files\Bonjour [30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial [04/09/2009|19:40] C:\Program Files\CCleaner [13/09/2008|19:47] C:\Program Files\ComPlus Applications [13/09/2008|21:55] C:\Program Files\Defraggler [01/05/2009|13:49] C:\Program Files\Disney Interactive [01/05/2009|17:56] C:\Program Files\DivX [28/01/2010|20:37] C:\Program Files\Empire Interactive [21/06/2009|10:48] C:\Program Files\Emtec.No [01/02/2010|13:37] C:\Program Files\Fichiers communs [14/09/2008|19:44] C:\Program Files\Google [13/10/2009|20:49] C:\Program Files\Hewlett-Packard [28/06/2009|18:19] C:\Program Files\HotzicBurner [24/10/2009|14:17] C:\Program Files\INFORAD [20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS [04/09/2009|12:19] C:\Program Files\InstallShield Installation Information [13/09/2008|22:15] C:\Program Files\Intel [13/09/2008|20:03] C:\Program Files\Internet Explorer [21/06/2009|10:27] C:\Program Files\Java [04/10/2009|19:56] C:\Program Files\JeffProd [13/09/2008|19:57] C:\Program Files\JEUX [13/09/2008|22:04] C:\Program Files\Lavalys [14/09/2008|09:02] C:\Program Files\Lavasoft [30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware [20/10/2008|18:18] C:\Program Files\MATLAB [13/09/2008|19:50] C:\Program Files\microsoft frontpage [14/09/2008|19:41] C:\Program Files\Microsoft Office [25/08/2009|21:22] C:\Program Files\Microsoft Silverlight [14/09/2008|19:41] C:\Program Files\Microsoft.NET [13/09/2008|19:48] C:\Program Files\Movie Maker [01/02/2010|20:32] C:\Program Files\Mozilla Firefox [01/02/2010|19:50] C:\Program Files\Mozilla Thunderbird [28/06/2009|19:07] C:\Program Files\MSBuild [13/09/2008|19:47] C:\Program Files\MSN Gaming Zone [13/09/2008|20:01] C:\Program Files\MSXML 4.0 [28/01/2010|20:20] C:\Program Files\Navilog1 [28/06/2009|18:08] C:\Program Files\NCH Software [28/06/2009|11:14] C:\Program Files\NCH Swift Sound [06/10/2009|22:09] C:\Program Files\Nero [14/09/2008|19:01] C:\Program Files\NETGEAR [13/09/2008|19:48] C:\Program Files\NetMeeting [13/09/2008|19:48] C:\Program Files\Outlook Express [28/01/2010|20:35] C:\Program Files\PeerTV [28/06/2009|12:46] C:\Program Files\PQDVD [28/03/2009|12:40] C:\Program Files\QuickTime [28/06/2009|19:00] C:\Program Files\Reference Assemblies [15/11/2009|10:26] C:\Program Files\SFR [21/10/2008|18:57] C:\Program Files\Shareaza [28/06/2009|11:23] C:\Program Files\SlySoft [01/02/2010|13:37] C:\Program Files\Spyware Doctor [31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware [23/02/2009|11:49] C:\Program Files\THQ [13/09/2008|21:55] C:\Program Files\ToniArts [31/01/2010|01:02] C:\Program Files\Trend Micro [13/09/2008|19:47] C:\Program Files\Uninstall Information [14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter [13/09/2008|19:57] C:\Program Files\UTILS [31/01/2010|10:15] C:\Program Files\Veetle [13/09/2008|21:56] C:\Program Files\VideoLAN [14/06/2009|21:32] C:\Program Files\VSO [13/09/2008|20:11] C:\Program Files\Windows Media Connect 2 [13/09/2008|20:12] C:\Program Files\Windows Media Player [13/09/2008|19:47] C:\Program Files\Windows NT [13/09/2008|19:49] C:\Program Files\WindowsUpdate [13/09/2008|20:12] C:\Program Files\WMV9_VCM [13/09/2008|19:57] C:\Program Files\WSTARTUP [13/09/2008|19:50] C:\Program Files\xerox [06/10/2009|22:05] C:\Program Files\Yahoo! [14/09/2008|08:55] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe [28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia [14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER [01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared [13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard [23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield [13/09/2008|20:13] C:\Program Files\Fichiers communs\Java [20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared [13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap [06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero [13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC [13/09/2008|19:48] C:\Program Files\Fichiers communs\Services [13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines [13/09/2008|19:48] C:\Program Files\Fichiers communs\System [31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 41 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[1].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 22:24:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:9][D:1]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp [F:37][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies [F:257][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 01/02/2010|22:26 - Option : [4] --------------------\\ Fin du rapport a 22:26:10
  4. David64800
    Bonsoir, merci pour votre aide. Ci-dessous donc les trois rapports demandés : - le rapport de ComboFix qui se trouve en C:\Combofix.txt. - le rapport généré (C:\lopR.txt) après recherche (option 1) et avant suppression (option 2) - le rapport généré (C:\lopR.txt) après suppression (option 2) Juste une question avant, j'ai deux processus IEXPLORER assez gros qui tournent tous le temps, je ne sais pas à quoi ils servent ? Est-ce lié à mon problème ? Merci et bonne soirée. Voici les trois rapports à la suite : Combofix : ComboFix 10-01-29.09 - coccinelle 30/01/2010 21:32:43.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1534 [GMT 1:00] Lancé depuis: c:\documents and settings\coccinelle\Mes documents\Téléchargements\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\coccinelle\Application Data\inst.exe c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c} c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\chrome.manifest c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\chrome\xulcache.jar c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\defaults\preferences\xulcache.js c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\install.rdf c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995} c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\chrome.manifest c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\chrome\xulcache.jar c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\defaults\preferences\xulcache.js c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\install.rdf c:\documents and settings\coccinelle\Application Data\SystemProc c:\windows\Fonts\MyriadPro-Regular.otf c:\windows\system32\drivers\refblhlo.sys c:\windows\system32\drivers\sxeffiog.sys c:\windows\system32\images c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR' c:\windows\system32\images\1.ico c:\windows\system32\images\2.ico c:\windows\system32\images\3.ico c:\windows\system32\images\4.ico c:\windows\system32\images\5.ico c:\windows\system32\images\Flèche bas.ico c:\windows\system32\images\Flèche haut.ico c:\windows\system32\pzlvzrh.dll c:\windows\system32\vgiyvwy.dll c:\windows\system32\wgspitsg.dll Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty ate it . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_REFBLHLO -------\Legacy_WINSVC -------\Service_refblhlo -------\Service_WinSvc ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-30 )))))))))))))))))))))))))))))))))))) . 2010-01-30 18:25 . 2010-01-30 18:39 -------- d-----w- C:\VundoFix Backups 2010-01-30 18:15 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-30 18:15 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-30 18:15 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-30 18:15 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2010-01-30 18:15 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip 2010-01-30 18:15 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip 2010-01-30 18:13 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-01-30 18:13 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-01-30 18:13 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-01-30 18:13 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-01-30 18:13 . 2010-01-30 20:49 -------- d-----w- c:\program files\Spyware Doctor 2010-01-30 18:13 . 2010-01-30 18:16 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-01-30 18:13 . 2010-01-30 18:13 -------- d-----w- c:\documents and settings\coccinelle\Application Data\PC Tools 2010-01-30 18:13 . 2010-01-30 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-01-30 18:13 . 2010-01-30 20:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-30 17:51 . 2010-01-30 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-01-30 17:50 . 2010-01-30 17:51 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-30 17:50 . 2010-01-30 17:50 -------- d-----w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com 2010-01-30 16:09 . 2010-01-30 16:09 54016 ----a-w- c:\windows\system32\drivers\orblxlrv.sys 2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Malwarebytes 2010-01-30 14:47 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-30 14:47 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-28 18:47 . 2010-01-28 19:20 -------- d-----w- c:\program files\Navilog1 2010-01-10 08:11 . 2004-08-19 16:09 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-01-10 08:11 . 2010-01-10 08:11 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2010-01-10 08:10 . 2010-01-10 08:11 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-01-10 08:10 . 2010-01-10 08:10 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2010-01-10 08:10 . 2010-01-10 08:10 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-01-10 08:08 . 2010-01-10 08:08 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Icones . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-30 20:53 . 2008-09-14 08:11 44120096 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-30 20:48 . 2009-02-12 07:36 8650978 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-01-30 20:46 . 2008-09-14 08:11 518912 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-30 19:12 . 2008-10-13 21:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-30 18:52 . 2009-12-18 21:17 729088 ----a-w- c:\documents and settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe 2010-01-30 17:51 . 2010-01-30 17:51 52224 ----a-w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-30 17:51 . 2010-01-30 17:51 117760 ----a-w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-30 17:50 . 2008-09-14 08:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2010-01-30 03:25 . 2009-03-11 09:59 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Save 2010-01-28 19:37 . 2009-09-04 11:19 -------- d-----w- c:\program files\Empire Interactive 2010-01-28 19:35 . 2009-07-05 15:04 -------- d-----w- c:\program files\PeerTV 2010-01-24 22:02 . 2002-09-06 19:59 83476 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-24 22:02 . 2002-09-06 19:59 504040 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-24 17:54 . 2010-01-24 17:54 79488 ----a-w- c:\documents and settings\coccinelle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-20 19:34 . 2010-01-20 19:37 3129856 ----a-w- c:\windows\Internet Logs\xDB1B.tmp 2010-01-08 22:10 . 2010-01-09 08:01 3086848 ----a-w- c:\windows\Internet Logs\xDB1A.tmp 2009-12-18 21:17 . 2009-06-14 20:09 278528 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\Safe16Online.exe 2009-12-18 21:17 . 2009-06-14 20:08 -------- d-----w- c:\documents and settings\coccinelle\Application Data\trans ooze heck 2009-12-18 21:17 . 2009-08-19 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Book Second Eggs Kind 2009-12-18 21:17 . 2009-12-18 21:17 729088 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\wvvkvtys.exe 2009-12-18 21:16 . 2009-12-18 21:16 -------- d-----w- c:\program files\trans ooze heck 2009-12-18 21:16 . 2009-06-14 20:08 430080 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\Send bolt grid.exe 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2006-11-18 . 7BA68DF484B550C1F75DD80AE1D7EF67 . 1035264 . . [6.00.2900.2649] . . c:\windows\explorer.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll c:\windows\System32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NURB PILE"="c:\docume~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe" [2009-12-18 430080] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "nwiz"="nwiz.exe" [2005-05-06 1495040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-06 5562368] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "eggs kind grey up"="c:\documents and settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe" [2010-01-30 729088] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] c:\documents and settings\coccinelle\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-9-13 112128] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk backup=c:\windows\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr] 2003-05-08 10:34 69632 ------w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/01/2010 19:13 207792] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/09/2008 19:28 78416] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/09/2008 19:28 20560] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/01/2010 19:15 112592] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/01/2010 19:13 359624] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408] S0 crgqe;crgqe;c:\windows\system32\drivers\sbwp.sys --> c:\windows\system32\drivers\sbwp.sys [?] S0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [14/09/2008 19:39 5248] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [30/01/2010 15:47 38224] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [14/11/2008 19:40 260608] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] S4 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [14/09/2008 19:39 159616] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - REFBLHLO *Deregistered* - PCTSDInjDriver32 *Deregistered* - refblhlo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pwrkkhav . Contenu du dossier 'Tâches planifiées' 2010-01-30 c:\windows\Tasks\ABE59449906A0CE5.job - c:\docume~1\coccin~1\applic~1\transo~1\Safe16Online.exe [2009-06-14 21:17] 2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm FF - ProfilePath - c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\ FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q= . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Save - c:\documents and settings\coccinelle\Application Data\Save\Save.exe MSConfigStartUp-NetPumper - c:\program files\NetPumper\NetPumperIEProxy.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-30 21:51 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\wuauclt.exe.wusetup.338984.bak 53080 bytes executable c:\windows\system32\wuaueng.dll.wusetup.340687.bak 1712984 bytes executable Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1096) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\sxs.dll - - - - - - - > 'explorer.exe'(2844) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\browselc.dll c:\windows\system32\SXS.DLL c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\windows\system32\acs.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe . ************************************************************************** . Heure de fin: 2010-01-30 21:59:14 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-30 20:59 Avant-CF: 6 146 899 968 octets libres Après-CF: 6 143 234 048 octets libres - - End Of File - - 6CE1293C84D8F8F380EACB8B5570AAEB le rapport généré (C:\lopR.txt) après recherche (option 1) et avant suppression (option 2) --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : coccinelle ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go) E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go) G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 31/01/2010|23:00 ) --------------------\\ Listing des dossiers dans APPLIC~1 [21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon [18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind [14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software [28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [19/08/2009|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind [30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso [20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes [20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU [15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon [01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX [14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala [13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard [10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities [14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia [30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes [20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks [12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla [28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound [28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero [30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save [21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza [13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun [30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird [18/12/2009|22:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\trans ooze heck [12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc [14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso [13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun [26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [31/01/2010 23:00][--ah-----] C:\WINDOWS\tasks\ABE59449906A0CE5.job [18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [31/01/2010 09:36][--ah-----] C:\WINDOWS\tasks\SA.DAT [06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( ABE59449906A0CE5.job )=( c:\docume~1\coccin~1\applic~1\transo~1\Safe16Online.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [13/09/2008|22:00] C:\Program Files\7-Zip [21/06/2009|10:53] C:\Program Files\Adobe [06/10/2009|19:54] C:\Program Files\AGEIA Technologies [14/09/2008|19:38] C:\Program Files\alcohol [14/09/2008|19:39] C:\Program Files\Alcohol Soft [14/09/2008|19:28] C:\Program Files\Alwil Software [13/09/2008|22:03] C:\Program Files\Analog Devices [28/03/2009|12:40] C:\Program Files\Apple Software Update [14/11/2008|22:56] C:\Program Files\ATI [14/11/2008|22:52] C:\Program Files\ATI Technologies [28/06/2009|11:11] C:\Program Files\AVS4YOU [01/12/2008|09:54] C:\Program Files\Bonjour [30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial [04/09/2009|19:40] C:\Program Files\CCleaner [13/09/2008|19:47] C:\Program Files\ComPlus Applications [13/09/2008|21:55] C:\Program Files\Defraggler [01/05/2009|13:49] C:\Program Files\Disney Interactive [01/05/2009|17:56] C:\Program Files\DivX [28/01/2010|20:37] C:\Program Files\Empire Interactive [21/06/2009|10:48] C:\Program Files\Emtec.No [30/01/2010|21:40] C:\Program Files\Fichiers communs [14/09/2008|19:44] C:\Program Files\Google [13/10/2009|20:49] C:\Program Files\Hewlett-Packard [28/06/2009|18:19] C:\Program Files\HotzicBurner [24/10/2009|14:17] C:\Program Files\INFORAD [20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS [04/09/2009|12:19] C:\Program Files\InstallShield Installation Information [13/09/2008|22:15] C:\Program Files\Intel [13/09/2008|20:03] C:\Program Files\Internet Explorer [21/06/2009|10:27] C:\Program Files\Java [04/10/2009|19:56] C:\Program Files\JeffProd [13/09/2008|19:57] C:\Program Files\JEUX [13/09/2008|22:04] C:\Program Files\Lavalys [14/09/2008|09:02] C:\Program Files\Lavasoft [30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware [20/10/2008|18:18] C:\Program Files\MATLAB [13/09/2008|19:50] C:\Program Files\microsoft frontpage [14/09/2008|19:41] C:\Program Files\Microsoft Office [25/08/2009|21:22] C:\Program Files\Microsoft Silverlight [14/09/2008|19:41] C:\Program Files\Microsoft.NET [13/09/2008|19:48] C:\Program Files\Movie Maker [31/01/2010|19:46] C:\Program Files\Mozilla Firefox [31/01/2010|18:03] C:\Program Files\Mozilla Thunderbird [28/06/2009|19:07] C:\Program Files\MSBuild [13/09/2008|19:47] C:\Program Files\MSN Gaming Zone [13/09/2008|20:01] C:\Program Files\MSXML 4.0 [28/01/2010|20:20] C:\Program Files\Navilog1 [28/06/2009|18:08] C:\Program Files\NCH Software [28/06/2009|11:14] C:\Program Files\NCH Swift Sound [06/10/2009|22:09] C:\Program Files\Nero [14/09/2008|19:01] C:\Program Files\NETGEAR [13/09/2008|19:48] C:\Program Files\NetMeeting [13/09/2008|19:48] C:\Program Files\Outlook Express [28/01/2010|20:35] C:\Program Files\PeerTV [28/06/2009|12:46] C:\Program Files\PQDVD [28/03/2009|12:40] C:\Program Files\QuickTime [28/06/2009|19:00] C:\Program Files\Reference Assemblies [15/11/2009|10:26] C:\Program Files\SFR [21/10/2008|18:57] C:\Program Files\Shareaza [28/06/2009|11:23] C:\Program Files\SlySoft [31/01/2010|22:58] C:\Program Files\Spyware Doctor [31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware [23/02/2009|11:49] C:\Program Files\THQ [13/09/2008|21:55] C:\Program Files\ToniArts [18/12/2009|22:16] C:\Program Files\trans ooze heck [31/01/2010|01:02] C:\Program Files\Trend Micro [13/09/2008|19:47] C:\Program Files\Uninstall Information [14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter [13/09/2008|19:57] C:\Program Files\UTILS [31/01/2010|10:15] C:\Program Files\Veetle [13/09/2008|21:56] C:\Program Files\VideoLAN [14/06/2009|21:32] C:\Program Files\VSO [13/09/2008|20:11] C:\Program Files\Windows Media Connect 2 [13/09/2008|20:12] C:\Program Files\Windows Media Player [13/09/2008|19:47] C:\Program Files\Windows NT [13/09/2008|19:49] C:\Program Files\WindowsUpdate [13/09/2008|20:12] C:\Program Files\WMV9_VCM [13/09/2008|19:57] C:\Program Files\WSTARTUP [13/09/2008|19:50] C:\Program Files\xerox [06/10/2009|22:05] C:\Program Files\Yahoo! [14/09/2008|08:55] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe [28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia [14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER [01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared [13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard [23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield [13/09/2008|20:13] C:\Program Files\Fichiers communs\Java [20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared [13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap [06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero [13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC [31/01/2010|22:58] C:\Program Files\Fichiers communs\PC Tools [13/09/2008|19:48] C:\Program Files\Fichiers communs\Services [13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines [13/09/2008|19:48] C:\Program Files\Fichiers communs\System [31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 46 Processes ) iexplore.exe ~ [PID:3452] iexplore.exe ~ [PID:2368] --------------------\\ Recherche avec S_Lop C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\bfzgqeqg.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\doqgswwa.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\mlplflzs.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\rpkvburz.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Safe16Online.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\wvvkvtys.exe --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\bfzgqeqg.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\doqgswwa.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\mlplflzs.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\rpkvburz.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Safe16Online.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Send bolt grid.exe C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\wvvkvtys.exe C:\Program Files\transo~1 C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[2].txt C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertising[1].txt C:\WINDOWS\Tasks\ABE59449906A0CE5.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flap second tick] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NURB PILE"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe" "NURB PILE"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 23:04:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:17][D:3]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp [F:51][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies [F:320][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1] --------------------\\ Fin du rapport a 23:05:32 le rapport généré (C:\lopR.txt) après suppression (option 2) --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : coccinelle ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go) E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go) G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 31/01/2010|23:06 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\bfzgqeqg.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\doqgswwa.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\mlplflzs.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\rpkvburz.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Safe16Online.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Send bolt grid.exe Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\wvvkvtys.exe Supprime! - C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[2].txt Supprime! - C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertising[1].txt Supprime! - C:\WINDOWS\Tasks\ABE59449906A0CE5.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 Supprime! - C:\Program Files\transo~1 Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon [18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind [14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software [28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso [20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes [20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer [14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI [28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU [15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon [01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX [14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala [13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard [10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones [13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities [14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia [30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes [20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks [12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla [28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound [28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero [30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save [21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza [13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun [30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com [12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird [31/01/2010|23:06] C:\DOCUME~1\COCCIN~1\APPLIC~1\trans ooze heck [12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc [14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso [13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities [10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun [26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [31/01/2010 09:36][--ah-----] C:\WINDOWS\tasks\SA.DAT [06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [13/09/2008|22:00] C:\Program Files\7-Zip [21/06/2009|10:53] C:\Program Files\Adobe [06/10/2009|19:54] C:\Program Files\AGEIA Technologies [14/09/2008|19:38] C:\Program Files\alcohol [14/09/2008|19:39] C:\Program Files\Alcohol Soft [14/09/2008|19:28] C:\Program Files\Alwil Software [13/09/2008|22:03] C:\Program Files\Analog Devices [28/03/2009|12:40] C:\Program Files\Apple Software Update [14/11/2008|22:56] C:\Program Files\ATI [14/11/2008|22:52] C:\Program Files\ATI Technologies [28/06/2009|11:11] C:\Program Files\AVS4YOU [01/12/2008|09:54] C:\Program Files\Bonjour [30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial [04/09/2009|19:40] C:\Program Files\CCleaner [13/09/2008|19:47] C:\Program Files\ComPlus Applications [13/09/2008|21:55] C:\Program Files\Defraggler [01/05/2009|13:49] C:\Program Files\Disney Interactive [01/05/2009|17:56] C:\Program Files\DivX [28/01/2010|20:37] C:\Program Files\Empire Interactive [21/06/2009|10:48] C:\Program Files\Emtec.No [30/01/2010|21:40] C:\Program Files\Fichiers communs [14/09/2008|19:44] C:\Program Files\Google [13/10/2009|20:49] C:\Program Files\Hewlett-Packard [28/06/2009|18:19] C:\Program Files\HotzicBurner [24/10/2009|14:17] C:\Program Files\INFORAD [20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS [04/09/2009|12:19] C:\Program Files\InstallShield Installation Information [13/09/2008|22:15] C:\Program Files\Intel [13/09/2008|20:03] C:\Program Files\Internet Explorer [21/06/2009|10:27] C:\Program Files\Java [04/10/2009|19:56] C:\Program Files\JeffProd [13/09/2008|19:57] C:\Program Files\JEUX [13/09/2008|22:04] C:\Program Files\Lavalys [14/09/2008|09:02] C:\Program Files\Lavasoft [30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware [20/10/2008|18:18] C:\Program Files\MATLAB [13/09/2008|19:50] C:\Program Files\microsoft frontpage [14/09/2008|19:41] C:\Program Files\Microsoft Office [25/08/2009|21:22] C:\Program Files\Microsoft Silverlight [14/09/2008|19:41] C:\Program Files\Microsoft.NET [13/09/2008|19:48] C:\Program Files\Movie Maker [31/01/2010|19:46] C:\Program Files\Mozilla Firefox [31/01/2010|18:03] C:\Program Files\Mozilla Thunderbird [28/06/2009|19:07] C:\Program Files\MSBuild [13/09/2008|19:47] C:\Program Files\MSN Gaming Zone [13/09/2008|20:01] C:\Program Files\MSXML 4.0 [28/01/2010|20:20] C:\Program Files\Navilog1 [28/06/2009|18:08] C:\Program Files\NCH Software [28/06/2009|11:14] C:\Program Files\NCH Swift Sound [06/10/2009|22:09] C:\Program Files\Nero [14/09/2008|19:01] C:\Program Files\NETGEAR [13/09/2008|19:48] C:\Program Files\NetMeeting [13/09/2008|19:48] C:\Program Files\Outlook Express [28/01/2010|20:35] C:\Program Files\PeerTV [28/06/2009|12:46] C:\Program Files\PQDVD [28/03/2009|12:40] C:\Program Files\QuickTime [28/06/2009|19:00] C:\Program Files\Reference Assemblies [15/11/2009|10:26] C:\Program Files\SFR [21/10/2008|18:57] C:\Program Files\Shareaza [28/06/2009|11:23] C:\Program Files\SlySoft [31/01/2010|22:58] C:\Program Files\Spyware Doctor [31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware [23/02/2009|11:49] C:\Program Files\THQ [13/09/2008|21:55] C:\Program Files\ToniArts [31/01/2010|01:02] C:\Program Files\Trend Micro [13/09/2008|19:47] C:\Program Files\Uninstall Information [14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter [13/09/2008|19:57] C:\Program Files\UTILS [31/01/2010|10:15] C:\Program Files\Veetle [13/09/2008|21:56] C:\Program Files\VideoLAN [14/06/2009|21:32] C:\Program Files\VSO [13/09/2008|20:11] C:\Program Files\Windows Media Connect 2 [13/09/2008|20:12] C:\Program Files\Windows Media Player [13/09/2008|19:47] C:\Program Files\Windows NT [13/09/2008|19:49] C:\Program Files\WindowsUpdate [13/09/2008|20:12] C:\Program Files\WMV9_VCM [13/09/2008|19:57] C:\Program Files\WSTARTUP [13/09/2008|19:50] C:\Program Files\xerox [06/10/2009|22:05] C:\Program Files\Yahoo! [14/09/2008|08:55] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe [28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia [14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER [01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared [13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard [23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield [13/09/2008|20:13] C:\Program Files\Fichiers communs\Java [20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared [13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap [06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero [13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC [31/01/2010|22:58] C:\Program Files\Fichiers communs\PC Tools [13/09/2008|19:48] C:\Program Files\Fichiers communs\Services [13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines [13/09/2008|19:48] C:\Program Files\Fichiers communs\System [31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 44 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\trans ooze heck --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 23:09:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:16][D:3]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp [F:49][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies [F:320][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2] --------------------\\ Fin du rapport a 23:11:32
  5. David64800
    Bonsoir, merci pour votre réponse. Mais j'ai peut-être fais une bêtise. Pour gagner du temps, j'ai téléchargé Combofix et croyant juste installer le programme, en fait je l'ai lancé ... Après, il disait de ne surtout pas l'arrêter manuellement donc je l'ai laissé faire. Cela "semble" s'être bien passé (je n'ai plus d'élément infecté d'après Malwarebytes mais même si j'en ai beaucoup moins, j'ai toujours quelques fenêtre IE qui s'ouvrent spontanément). Toutefois, je viens de faire un log avec HJT comme demandé Voici le résultat (merci pour vos conseils): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:02:32, on 31/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\IcoSauve.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eggs kind grey up] C:\Documents and Settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [NURB PILE] C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8944 bytes
  6. David64800
    Bonjour, mon PC est infecté par un virus Trojan.Vundo.H (dixit Malwarebytes') mais tous les outils testés jusqu'ici ne réussissent pas à l'éliminer (ou les éliminer, Vundofix ne trouve pas les même .dll que Malwarebytes) J'en viens à tester Combofix mais le site officiel conseille très fortement d'être guidé dans cette démarche et c'est donc ce que je fais. Merci pour votre aide. Les symptômes sont : - des ouvertures inopinées de fenêtre de pub sur IE (je suis sur Fire Fox) - ouverture sur Firefox de nouveaux onglets sans demande - lorsque je clique sur une réponse de Goggle, je suis dirigé sur un autre site que celui demandé. Merci David
×
×
  • Créer...