Utilisateur indésirable?

[Ordinoob]

Déjà le 1er rapport pour les 2 merdes, l'autre va suivre:

 

02/09/2008 ---- 21:00:18,60

 

----------------------------------

§§§§§§ [KOKUKEQUOO] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1007\Software\Microsoft\Windows\CurrentVersion\Run]

"wapa"="C:\\Documents and Settings\\Valérian\\Application Data\\Microsoft\\kokukequoo.exe"

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo"

 

*******************

[Fichier]

*******************

 

c:\Documents and Settings\Fr‚d‚rique\Application Data\Microsoft\kokukequoo.exe

c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

 

02/09/2008 ---- 21:03:27,97

 

----------------------------------

§§§§§§ [MyWay Search Assistant] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}]

@="MyWay Search Assistant"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8829557EB322C354F96043E0B32EE193]

"ProductName"="MyWay Search Assistant"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8829557EB322C354F96043E0B32EE193\InstallProperties]

"DisplayName"="MyWay Search Assistant"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7559288-223B-453C-9F06-340E3BE21E39}]

"DisplayName"="MyWay Search Assistant"

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

[Ordinoob]

Voila l"autre rapport.

 

c:\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe moved successfully.

File move failed. c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe scheduled to be moved on reboot.

< EmptyTemp >

File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\fb_2992.lck scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\sqlite_nUsTQR9emfY5bK9 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DF51AF.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DFF588.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\fb_1768.lck scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcafee_8z2DOUAXrdjWbIF scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcafee_kNMDhv8a3LG7Bo9 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_0DNkxDVXWH8s1qa scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_7E59FBGRPNqYFWh scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_jJLQZP3riRnBDgX scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_P6OUCqAwbAyfXji scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_ZWzg4u1pHIF4rIZ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\sqlite_FSDa4U5SVnMzCsa scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\sqlite_vdRr0Scl3PMVcop scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_211037

 

Files moved on Reboot...

File move failed. c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe scheduled to be moved on reboot.

File C:\DOCUME~1\Pascal\LOCALS~1\Temp\fb_2992.lck not found!

File C:\DOCUME~1\Pascal\LOCALS~1\Temp\sqlite_nUsTQR9emfY5bK9 not found!

C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DF51AF.tmp moved successfully.

C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DFF588.tmp moved successfully.

File C:\WINDOWS\temp\fb_1768.lck not found!

C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.

File C:\WINDOWS\temp\mcafee_8z2DOUAXrdjWbIF not found!

File C:\WINDOWS\temp\mcafee_kNMDhv8a3LG7Bo9 not found!

File C:\WINDOWS\temp\mcmsc_0DNkxDVXWH8s1qa not found!

C:\WINDOWS\temp\mcmsc_7E59FBGRPNqYFWh moved successfully.

File C:\WINDOWS\temp\mcmsc_jJLQZP3riRnBDgX not found!

File C:\WINDOWS\temp\mcmsc_P6OUCqAwbAyfXji not found!

File C:\WINDOWS\temp\mcmsc_ZWzg4u1pHIF4rIZ not found!

C:\WINDOWS\temp\sqlite_FSDa4U5SVnMzCsa moved successfully.

C:\WINDOWS\temp\sqlite_vdRr0Scl3PMVcop moved successfully.

[Ordinoob]

Au fait, j'ai une question: kokukequoo.exe: c'est quoi ce truc?

[chrifleur]

c'est la co.. rie qui t'infecte

 

Télécharge ComboFix.exe (par sUBs) sur ton Bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel officiel de ComboFix, afin de l’utiliser correctement

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.

Voir ici comment désactiver tes protections

http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm

Double clique sur ComboFix.exe (ComboFix)

Tape 1 puis tape sur Entrée

A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.

Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...

A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

Pour tous les lecteurs :

-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

[Ordinoob]

Après un scan très long, un peu de lecture:

ComboFix 08-09-01.05 - Pascal 2008-09-03 18:43:16.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1359 [GMT 2:00]

Endroit: C:\ComboFix.exe

* Création d'un nouveau point de restauration

* Resident AV is active

 

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\#SharedObjects\7CK4KJ2Y\bin.clearspring.com

C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\#SharedObjects\7CK4KJ2Y\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\Documents and Settings\LocalService\Cookies\system@trafiz[1].txt

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_poof

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-03 17:28 . 2008-09-03 17:28 268 --ah----- C:\sqmdata01.sqm

2008-09-03 17:28 . 2008-09-03 17:28 244 --ah----- C:\sqmnoopt01.sqm

2008-09-03 12:44 . 2008-09-03 12:44 268 --ah----- C:\sqmdata00.sqm

2008-09-03 12:44 . 2008-09-03 12:44 244 --ah----- C:\sqmnoopt00.sqm

2008-09-02 21:10 . 2008-09-02 21:10 <REP> d-------- C:\_OTMoveIt

2008-09-02 18:49 . 2008-09-03 15:42 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-09-02 18:42 . 2008-09-02 18:42 <REP> d-------- C:\Program Files\Buena Vista Games

2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\fr

2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\bits

2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\l2schemas

2008-09-02 08:51 . 2008-09-02 08:51 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-09-02 08:48 . 2008-09-02 08:59 2,639 --a------ C:\WINDOWS\imsins.BAK

2008-09-02 00:40 . 2008-09-02 00:40 <REP> d-------- C:\DiagHelp

2008-09-01 19:37 . 2008-09-02 18:39 <REP> d-------- C:\Program Files\Navilog1

2008-08-31 12:43 . 2008-08-31 12:43 <REP> d-------- C:\Documents and Settings\Paul-Emile\Application Data\Grisoft

2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Malwarebytes

2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-30 18:59 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-30 18:59 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-30 12:21 . 2008-08-30 13:08 6,018 --a------ C:\Documents and Settings\Orph.egd

2008-08-30 12:19 . 2008-08-30 13:08 <REP> d-------- C:\ToolBar SD

2008-08-30 09:21 . 2008-08-30 09:21 <REP> d-------- C:\Program Files\Trend Micro

2008-08-30 09:21 . 2008-08-30 09:21 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe

2008-08-29 22:04 . 2008-08-31 22:56 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Grisoft

2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-08-29 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-08-29 21:46 . 2008-08-29 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-08-29 21:43 . 2008-08-29 21:43 <REP> d-------- C:\Program Files\Yahoo!

2008-08-29 21:43 . 2008-08-29 21:44 <REP> d-------- C:\Program Files\CCleaner

2008-08-29 21:16 . 2008-08-29 22:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-29 20:54 . 2008-08-29 20:54 <REP> d-------- C:\Program Files\Sun

2008-08-29 20:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-29 19:48 . 2008-08-29 20:03 <REP> d-------- C:\Documents and Settings\Paul-Emile\.housecall6.6

2008-08-26 13:33 . 2001-05-17 05:18 190,976 --a------ C:\WINDOWS\RRKW.POL

2008-08-24 15:32 . 2008-08-24 15:32 792,685 --a------ C:\voute.pdf

2008-08-23 21:59 . 2008-08-24 10:34 <REP> d---s---- C:\Program Files\Xfire

2008-08-23 21:59 . 2008-09-03 18:40 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Xfire

2008-08-16 20:50 . 2008-08-16 20:50 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Apple Computer

2008-08-16 20:49 . 2008-08-16 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-16 20:49 . 2008-08-16 20:49 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-15 18:05 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-15 18:04 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-14 23:57 . 2008-08-15 00:05 512 --a------ C:\drmHeader.bin

2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-08-09 13:14 . 2008-09-03 20:18 182,038 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-09 13:13 . 2008-08-09 13:13 <REP> d-------- C:\WINDOWS\nview

2008-08-09 13:13 . 2008-08-09 13:14 <REP> d-------- C:\WINDOWS\NV2044220.TMP

2008-08-09 13:06 . 2008-08-09 13:06 <REP> d-------- C:\Program Files\MSI

2008-08-09 13:05 . 2008-08-09 13:05 <REP> d-------- C:\Program Files\Setup Files

2008-08-09 12:57 . 2008-08-09 12:57 0 --a------ C:\WINDOWS\msicpl.ini

2008-08-09 12:34 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe

2008-08-09 12:32 . 2008-08-09 13:11 <REP> d-------- C:\WINDOWS\NV18241376.TMP

2008-08-09 12:32 . 2006-12-15 04:58 208,896 -ra------ C:\WINDOWS\system32\sw20.exe

2008-08-09 12:32 . 2006-12-15 04:57 200,704 -ra------ C:\WINDOWS\system32\WinSys.exe

2008-08-09 12:32 . 2006-06-01 11:22 114,688 -ra------ C:\WINDOWS\system32\sysinfo.dll

2008-08-09 12:32 . 2006-12-15 04:58 69,632 -ra------ C:\WINDOWS\system32\sw24.exe

2008-08-09 12:32 . 2006-06-01 11:22 9,728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys

2008-08-09 12:32 . 2006-06-01 11:22 8,883 -ra------ C:\WINDOWS\system32\sysinfo.vxd

2008-08-09 12:32 . 2006-06-01 11:22 8,192 -ra------ C:\WINDOWS\system32\sysinfo.sys

2008-08-08 08:42 . 2008-08-08 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell

2008-08-07 21:15 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-07 21:09 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-07 21:09 . 2008-06-05 16:50 18,818 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-07 18:47 . 2008-08-07 18:47 <REP> d-------- C:\Program Files\NVIDIA Corporation

2008-08-07 18:46 . 2008-08-07 20:58 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-08-05 00:09 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-08-05 00:09 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-08-05 00:09 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-08-05 00:09 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-08-05 00:07 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-03 16:38 2,841,308 ----a-r C:\ComboFix.exe

2008-09-03 14:12 137,656 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-02 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-02 07:01 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9533.sys

2008-09-01 18:59 --------- d-----w C:\Program Files\Steam

2008-08-29 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-08-29 19:58 --------- d-----w C:\Program Files\Google

2008-08-29 18:53 --------- d-----w C:\Program Files\Java

2008-08-29 18:48 --------- d-----w C:\Program Files\McAfee

2008-08-29 16:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-08-29 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-08-28 19:13 --------- d-----w C:\Program Files\eMule

2008-08-26 11:33 --------- d-----w C:\Program Files\Mindscape

2008-08-25 19:46 --------- d-----w C:\Program Files\Activision

2008-08-07 15:29 106,496 ----a-w C:\WINDOWS\DUMP65af.tmp

2008-08-05 21:41 --------- d-----w C:\Documents and Settings\Pascal\Application Data\SiteAdvisor

2008-07-06 08:35 --------- d-----w C:\Program Files\Sony

2008-07-06 08:35 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-07-03 16:30 --------- d-----w C:\Program Files\THQ

2008-05-09 07:28 22,328 ----a-w C:\Documents and Settings\Pascal\Application Data\PnkBstrK.sys

2006-01-20 21:35 251 ----a-w C:\Program Files\wt3d.ini

2006-04-16 10:10 104 --sh--r C:\WINDOWS\system32\0853486DF1.sys

2006-04-16 10:10 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-22 4838952]

"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 200704]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 C:\WINDOWS\KHALMNPR.Exe]

"CTHelper"="CTHELPER.EXE" [2005-09-20 C:\WINDOWS\CTHELPER.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common\i386

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Xfire\\Xfire.exe"=

"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Steam\\steam.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

 

R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2007-12-13 18944]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 1093632]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S2 oxu4yena7n0e;ASUSKeyboardService;C:\WINDOWS\system32\cuciquud.exe [ ]

S3 38f1b4w7;38f1b4w7;C:\DOCUME~1\FRDRIQ~1\LOCALS~1\Temp\f0YmHzHK [ ]

S3 asbp2poa;asbp2poa;C:\DOCUME~1\PAUL-E~1\LOCALS~1\Temp\asbp2poa.sys [ ]

S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-CTxfiReg - CTxfiReg.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\xydr4bpf.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-03 20:17:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet017\Services\38f1b4w7]

"ImagePath"="\??\C:\DOCUME~1\FRDRIQ~1\LOCALS~1\Temp\f0YmHzHK"

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\SiteAdvisor\6253\saHook.dll

-> C:\Program Files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe

C:\Program Files\McAfee\VirusScan\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\CTXFISPI.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.exe

C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe

C:\PROGRA~1\McAfee\MSC\mcshell.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-03 20:21:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-03 18:21:46

 

Pre-Run: 187,895,652,352 octets libres

Post-Run: 188,378,161,152 octets libres

 

271 --- E O F --- 2008-09-03 15:29:43

[chrifleur]

fais examiner ces fichiers sur virus total

http://forum.pcastuces.com/scan_chez_virus_total-f31s15.htm

 

C:\WINDOWS\system32\cuciquud.exe

C:\DOCUME~1\FRDRIQ~1\LOCALS~1\Temp\f0YmHzHK

C:\DOCUME~1\PAUL-E~1\LOCALS~1\Temp\asbp2poa.sys

poste les rapports obtenus

[Ordinoob]

C'est étonnant mais je ne trouve pas ces fichiers la même en cochant l'option montrer les fichiers cahcés ou en faisant une recherche sous Wexploreur???!!! Oo

[chrifleur]

on va vérifier ainsi

Télécharge OAD ( par !aur3n7) http://sosvirus.changelog.fr/OAD.exe

- Enregistre-le sur ton Bureau

 

Double clique sur le OAD pour le lancer

 

- nom de fichier à rechercher tape ou fais un copier coller de : cuciquud

- Type de recherche : Sélectionne l'option 6 puis valide [entrée]

 

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.

Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

 

- Fais un copier / coller de ce rapport dans ton prochain post.

 

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

recommence avec

f0YmHzHK

asbp2poa.sys

poste les rapports obtenus

[Ordinoob]

Ben oui, il y est cuciquud... mais wexplorer ne le trouve pas...

J'

 

04/09/2008 ---- 19:07:34,26

 

----------------------------------

§§§§§§ [cuciquud] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cuciquud]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cuciquud\DEBUG]

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\cuciquud.exe"="cuciquud"

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

 

04/09/2008 ---- 19:21:12,29

 

----------------------------------

§§§§§§ [f0YmHzHK] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

Aucune entrée détectée

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

04/09/2008 ---- 19:23:28,07

 

----------------------------------

§§§§§§ [asbp2poa.sys] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

Aucune entrée détectée

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

04/09/2008 ---- 19:26:55,17

 

----------------------------------

§§§§§§ [kokukequoo.exe] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\Documents and Settings\\Frédérique\\Application Data\\Microsoft\\kokukequoo.exe"="kokukequoo"

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo"

 

[HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo"

 

*******************

[Fichier]

*******************

 

c:\_OTMoveIt\MovedFiles\09022008_211037\Documents and Settings\Fr‚d‚rique\Application Data\Microsoft\kokukequoo.exe

c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

J'ai aussi scanné le fameux kokukequoo.exe... résultat ci dessus -> présent

[chrifleur]

as tu fait la manip OAD avec les autres noms?

f0YmHzHK

asbp2poa.sys