Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan low zones et autres

Neija

Par Neija
dans Analyses et éradication malwares

 Partager

Messages recommandés

Neija Junior Member

Neija

Posté(e)
Posté(e)

Bonjour,

 

Je suis infectée (enfin pas moi mais mon ordinateur ^^) par de nombreux trojans, malgré mon antivirus je n'arrive pas à m'en débarrasser. Cela m'ouvre de nombreuses fenêtre de pop up ....

Je viens donc demander votre aide.

Je vous poste mon rapport Hijackthis afin que vous puissez l'analyser.

 

Je vous remercie infiniment par avance.

 

Neija

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:03:15, on 2008-10-29

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\rouimet\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2A2462BA-8A0D-436E-8811-66E69AD36B7D} - C:\WINDOWS\system32\nNeDWOee.dll (file missing)

O2 - BHO: {e7721787-d105-9898-7024-0b8440200186} - {68100204-48b0-4207-8989-501d7871277e} - C:\WINDOWS\system32\zyahky.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {98AB1C50-3AD4-4399-80D6-DD14871418D6} - C:\WINDOWS\system32\xxyxYpnK.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {D299A8E1-2F92-43D5-817D-5242CB4A2B35} - C:\WINDOWS\system32\pMdabxXr.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [\\cad2\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\cad2\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouimet.local

O17 - HKLM\Software\..\Telephony: DomainName = ouimet.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouimet.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ouimet.local

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ouimet.local

O20 - AppInit_DLLs: zyahky.dll

O20 - Winlogon Notify: nNeDWOee - nNeDWOee.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Symantec Corporation - C:\TEMP\Clt-Inst\vpremote.exe

 

--

End of file - 8252 bytes

angelique Devil Member !

angelique

Posté(e)
Posté(e)

'soir

 

1• relance Hijackthis " do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked:

 

O2 - BHO: (no name) - {2A2462BA-8A0D-436E-8811-66E69AD36B7D} - C:\WINDOWS\system32\nNeDWOee.dll (file missing)

O2 - BHO: (no name) - {D299A8E1-2F92-43D5-817D-5242CB4A2B35} - C:\WINDOWS\system32\pMdabxXr.dll (file missing)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O20 - Winlogon Notify: nNeDWOee - nNeDWOee.dll (file missing)

 

==> clic Fixchecked

 

2• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

Ne le lance pas !!

 

» ComboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\zyahky.dll
C:\WINDOWS\system32\xxyxYpnK.dll
Folder::
C:\Program Files\MyWebSearch

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

3• Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

tuto:: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Neija Junior Member

Neija

Posté(e)
  • Auteur
Posté(e)

Merci de votre réponse rapide.

 

Voila le rapport de combo Fix :

 

ComboFix 08-10-29.07 - rouimet 2008-10-29 14:10:34.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.627 [GMT -4:00]

Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFScript.txt

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\xxyxYpnK.dll

C:\WINDOWS\system32\zyahky.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\fbonneau\Application Data\FunWebProducts

C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\avatar.dat

C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\register.dat

C:\Documents and Settings\fbonneau\Application Data\FunWebProducts\Data\fbonneau\zbucks.dat

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico

C:\Program Files\MyWebSearch\bar\Cache\0ACD20DD

C:\Program Files\MyWebSearch\bar\Cache\0ACD264B

C:\Program Files\MyWebSearch\bar\Cache\0ACD289D.bin

C:\Program Files\MyWebSearch\bar\Cache\13895483.bin

C:\Program Files\MyWebSearch\bar\Cache\138956E5.bin

C:\Program Files\MyWebSearch\bar\Cache\13895752.bin

C:\Program Files\MyWebSearch\bar\Cache\1389586B.bin

C:\Program Files\MyWebSearch\bar\Cache\138958C9.bin

C:\Program Files\MyWebSearch\bar\Cache\138959D3.bin

C:\Program Files\MyWebSearch\bar\Cache\140B17C0.bin

C:\Program Files\MyWebSearch\bar\Cache\140B2F6F.bin

C:\Program Files\MyWebSearch\bar\Cache\140B30B7.bin

C:\Program Files\MyWebSearch\bar\Cache\140B3182.bin

C:\Program Files\MyWebSearch\bar\Cache\140B3357.bin

C:\Program Files\MyWebSearch\bar\Cache\140B34BE.bin

C:\Program Files\MyWebSearch\bar\Cache\140B3AF8

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\WINDOWS\BM8325773a.txt

C:\WINDOWS\BM8325773a.xml

C:\WINDOWS\system32\aefxsqqx.ini

C:\WINDOWS\system32\aefxsqqx.ini2

C:\WINDOWS\system32\bmqprbvq.dll

C:\WINDOWS\system32\bnrvqqrl.ini

C:\WINDOWS\system32\bnxouyeu.ini

C:\WINDOWS\system32\bskevu.dll

C:\WINDOWS\system32\cqwxlrfq.ini

C:\WINDOWS\system32\dyafqivt.dll

C:\WINDOWS\system32\ecefkmjs.ini

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\ggopyqon.ini

C:\WINDOWS\system32\hitjnwbk.ini

C:\WINDOWS\system32\icvtxovg.ini

C:\WINDOWS\system32\jhhbbwri.ini

C:\WINDOWS\system32\jxdxlvce.ini

C:\WINDOWS\system32\kbwnjtih.dll

C:\WINDOWS\system32\kbwwtkra.dll

C:\WINDOWS\system32\KnpYxyxx.ini

C:\WINDOWS\system32\KnpYxyxx.ini2

C:\WINDOWS\system32\koullwpc.ini

C:\WINDOWS\system32\lhibnxkl.ini

C:\WINDOWS\system32\llyfonyn.dll

C:\WINDOWS\system32\mglpywjq.ini

C:\WINDOWS\system32\nggjpaal.dll

C:\WINDOWS\system32\nuhwaboi.ini

C:\WINDOWS\system32\ouaenwou.ini

C:\WINDOWS\system32\pygeov.dll

C:\WINDOWS\system32\qacflsjr.ini

C:\WINDOWS\system32\qjgsmewp.dll

C:\WINDOWS\system32\qkfvugsg.ini

C:\WINDOWS\system32\quliph.dll

C:\WINDOWS\system32\rchmvs.dll

C:\WINDOWS\system32\rpsivjhp.ini

C:\WINDOWS\system32\rxvavrmy.dll

C:\WINDOWS\system32\rXxbadMp.ini

C:\WINDOWS\system32\rXxbadMp.ini2

C:\WINDOWS\system32\setup.ini

C:\WINDOWS\system32\tocfsw.dll

C:\WINDOWS\system32\tultbrgw.ini

C:\WINDOWS\system32\tviqfayd.ini

C:\WINDOWS\system32\unqgukex.dll

C:\WINDOWS\system32\uqemni.dll

C:\WINDOWS\system32\uwkwxwhy.ini

C:\WINDOWS\system32\vcxekeqd.ini

C:\WINDOWS\system32\vjiqonip.ini

C:\WINDOWS\system32\vvhvhwgc.ini

C:\WINDOWS\system32\wcqviugx.dll

C:\WINDOWS\system32\wgrbtlut.dll

C:\WINDOWS\system32\xfllwm.dll

C:\WINDOWS\system32\xtpwmqge.ini

C:\WINDOWS\system32\xxyxYpnK.dll

C:\WINDOWS\system32\zyahky.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-10-27 10:56 . 2006-11-13 16:43 29,799 --a------ C:\WINDOWS\_detmp.1

2008-10-27 10:56 . 2001-08-08 12:58 28,672 --a------ C:\WINDOWS\_detmp.2

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression

2008-10-27 10:38 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles

2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents

2008-10-27 10:38 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer

2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau

2008-10-27 10:38 . 2008-10-27 10:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET

2008-10-24 13:43 . 2008-10-24 13:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems

2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau

2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression

2008-10-23 16:22 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles

2008-10-23 16:22 . 2008-10-23 16:25 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents

2008-10-23 16:22 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer

2008-10-23 16:22 . 2008-10-23 16:25 <REP> dr------- C:\Documents and Settings\rouimet\Favoris

2008-10-23 16:22 . 2008-10-29 14:10 <REP> d-------- C:\Documents and Settings\rouimet\Bureau

2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- C:\Documents and Settings\rouimet

2008-10-23 16:11 . 2008-10-23 16:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll

2008-10-23 16:11 . 2008-10-23 16:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll

2008-10-23 16:11 . 2008-10-23 16:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll

2008-10-23 16:11 . 2008-10-23 16:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-10-23 16:11 . 2008-10-23 16:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll

2008-10-23 15:28 . 2008-10-23 16:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-10-23 15:28 . 2008-10-23 16:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-10-23 15:28 . 2008-10-23 16:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-10-23 15:28 . 2008-10-23 16:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-10-23 15:22 . 2008-10-29 13:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec

2008-10-23 15:19 . 2008-10-23 15:19 <REP> d-------- C:\TEMP\Clt-Inst

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression

2008-10-23 15:14 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles

2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents

2008-10-23 15:14 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer

2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau

2008-10-23 15:13 . 2008-10-23 15:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET

2008-10-23 14:51 . 2008-10-23 14:51 <REP> d-------- C:\Program Files\MSECache

2008-10-23 13:49 . 2008-10-23 13:49 <REP> d-------- C:\Program Files\Microsoft Works

2008-10-23 13:43 . 2008-10-23 13:43 <REP> d-------- C:\Program Files\Microsoft.NET

2008-10-23 11:57 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-10-23 11:21 . 2008-10-23 14:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-10-23 11:17 . 2008-10-23 11:17 <REP> dr-h----- C:\MSOCache

2008-10-20 10:11 . 2008-10-20 10:11 <REP> d-------- C:\Program Files\NetworkStreaming

2008-10-06 14:29 . 2008-10-06 14:29 754 --a------ C:\WINDOWS\WORDPAD.INI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared

2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004

2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0

2008-10-29 14:10 --------- d-----w C:\Program Files\winsim

2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec

2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared

2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak

2008-10-23 16:55 --------- d-----w C:\Program Files\Google

2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update

2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-23 16:07 --------- d-----w C:\Program Files\ESET

2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM

2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime

2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll

2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip

2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat

2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat

2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX

2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe

2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst

2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX

2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX

2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp

2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll

2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe

2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX

2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe

2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe

2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt

2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz

2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt

2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt

2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt

2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt

2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt

2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt

2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt

2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt

2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt

2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst

2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf

2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini

2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt

2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion

2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560]

"\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sahrwx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888]

S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ]

S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ]

S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{4b07e25d-54df-4a90-af91-95fefa46a344} - C:\WINDOWS\system32\sahrwx.dll

BHO-{68100204-48b0-4207-8989-501d7871277e} - C:\WINDOWS\system32\zyahky.dll

BHO-{D299A8E1-2F92-43D5-817D-5242CB4A2B35} - C:\WINDOWS\system32\pMdabxXr.dll

ShellExecuteHooks-{2A2462BA-8A0D-436E-8811-66E69AD36B7D} - (no file)

SafeBoot-Symantec Antvirus

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-29 14:25:01

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

.

**************************************************************************

.

Heure de fin: 2008-10-29 14:32:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-10-29 18:32:41

 

Avant-CF: 554 195 968 octets libres

Après-CF: 6,382,894,592 octets libres

 

371 --- E O F --- 2008-09-10 14:57:24

 

 

et le rapport de MBAM :

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1337

Windows 5.1.2600 Service Pack 3

 

2008-10-29 15:12:43

mbam-log-2008-10-29 (15-12-43).txt

 

Type de recherche: Examen rapide

Eléments examinés: 67698

Temps écoulé: 27 minute(s), 34 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 97

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Encore Merci !

 

Neija

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• vide la quarantaine de MBAM

 

• Telecharge ce CFScript là: http://www.sendspace.com/file/wde9md

 

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• » telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

le prochain reboot sera un petit peu plus long, le %windir%\prefetch ayant été vidé.

Neija Junior Member

Neija

Posté(e)
  • Auteur
Posté(e)

Voici le dernier rapport de COMBOFIX :

 

ComboFix 08-10-30.12 - rouimet 2008-10-31 10:18:37.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.580 [GMT -4:00]

Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\_detmp.1\

C:\WINDOWS\_detmp.2\

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\Malwarebytes

2008-10-29 14:38 . 2008-10-29 14:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-10-29 14:38 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-29 14:38 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-29 14:35 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-29 14:34 . 2008-08-14 09:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-29 14:34 . 2008-08-14 09:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-29 14:34 . 2008-08-14 09:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-29 14:34 . 2008-08-14 09:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-29 14:34 . 2008-09-15 11:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-29 14:33 . 2008-10-15 12:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-27 10:56 . 2006-11-13 16:43 29,799 --a------ C:\WINDOWS\_detmp.1

2008-10-27 10:56 . 2001-08-08 12:58 28,672 --a------ C:\WINDOWS\_detmp.2

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression

2008-10-27 10:38 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles

2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents

2008-10-27 10:38 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer

2008-10-27 10:38 . 2008-10-27 10:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris

2008-10-27 10:38 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau

2008-10-27 10:38 . 2008-10-27 10:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET

2008-10-24 13:43 . 2008-10-24 13:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems

2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau

2008-10-23 16:22 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression

2008-10-23 16:22 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles

2008-10-23 16:22 . 2008-10-29 16:17 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents

2008-10-23 16:22 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer

2008-10-23 16:22 . 2008-10-29 16:23 <REP> dr------- C:\Documents and Settings\rouimet\Favoris

2008-10-23 16:22 . 2008-10-31 10:18 <REP> d-------- C:\Documents and Settings\rouimet\Bureau

2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- C:\Documents and Settings\rouimet

2008-10-23 16:11 . 2008-10-23 16:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll

2008-10-23 16:11 . 2008-10-23 16:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll

2008-10-23 16:11 . 2008-10-23 16:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll

2008-10-23 16:11 . 2008-10-23 16:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-10-23 16:11 . 2008-10-23 16:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll

2008-10-23 15:28 . 2008-10-23 16:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-10-23 15:28 . 2008-10-23 16:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-10-23 15:28 . 2008-10-23 16:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-10-23 15:28 . 2008-10-23 16:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-10-23 15:22 . 2008-10-29 13:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec

2008-10-23 15:19 . 2008-10-23 15:19 <REP> d-------- C:\TEMP\Clt-Inst

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression

2008-10-23 15:14 . 2006-10-16 08:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles

2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents

2008-10-23 15:14 . 2006-10-15 08:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer

2008-10-23 15:14 . 2008-10-23 15:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris

2008-10-23 15:14 . 2006-10-15 08:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau

2008-10-23 15:13 . 2008-10-23 15:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET

2008-10-23 14:51 . 2008-10-23 14:51 <REP> d-------- C:\Program Files\MSECache

2008-10-23 13:49 . 2008-10-23 13:49 <REP> d-------- C:\Program Files\Microsoft Works

2008-10-23 13:43 . 2008-10-23 13:43 <REP> d-------- C:\Program Files\Microsoft.NET

2008-10-23 11:57 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-10-23 11:21 . 2008-10-30 03:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-10-23 11:17 . 2008-10-23 11:17 <REP> dr-h----- C:\MSOCache

2008-10-20 10:11 . 2008-10-20 10:11 <REP> d-------- C:\Program Files\NetworkStreaming

2008-10-06 14:29 . 2008-10-06 14:29 754 --a------ C:\WINDOWS\WORDPAD.INI

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\system32\fr

2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\system32\bits

2008-09-03 11:00 . 2008-09-03 11:00 <REP> d-------- C:\WINDOWS\l2schemas

2008-09-03 10:30 . 2008-09-03 10:30 <REP> d-------- C:\WINDOWS\ServicePackFiles

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared

2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004

2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0

2008-10-29 14:10 --------- d-----w C:\Program Files\winsim

2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec

2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared

2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak

2008-10-23 16:55 --------- d-----w C:\Program Files\Google

2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update

2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-23 16:07 --------- d-----w C:\Program Files\ESET

2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM

2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll

2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip

2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat

2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat

2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX

2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe

2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst

2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX

2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX

2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp

2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll

2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe

2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX

2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe

2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe

2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt

2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz

2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt

2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt

2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt

2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt

2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt

2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt

2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt

2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt

2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt

2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst

2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf

2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini

2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt

2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion

2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR

.

 

((((((((((((((((((((((((((((( snapshot@2008-10-29_14.31.59.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-26 09:10:25 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll

+ 2008-08-26 09:10:25 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll

+ 2008-08-26 09:10:25 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll

+ 2008-08-26 09:10:25 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll

+ 2008-08-26 09:10:25 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll

+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe

+ 2008-08-26 09:10:26 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll

+ 2008-08-26 09:10:26 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll

+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat

+ 2008-08-26 09:10:26 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll

+ 2008-08-26 09:10:26 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll

+ 2008-10-03 16:22:30 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll

+ 2008-08-26 09:10:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll

+ 2008-08-26 09:10:27 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll

+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe

+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

+ 2008-08-26 09:10:27 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll

+ 2008-08-26 09:10:27 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll

+ 2008-08-26 09:10:27 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll

+ 2008-08-26 09:10:28 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

+ 2008-08-26 09:10:28 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll

+ 2008-08-26 09:10:28 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll

+ 2008-08-26 09:10:29 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll

+ 2008-08-26 09:10:29 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll

+ 2008-08-26 09:10:29 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll

+ 2008-08-26 09:10:29 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll

+ 2008-08-26 09:10:29 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll

+ 2008-08-26 09:10:29 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll

+ 2008-08-26 09:10:29 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll

+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe

+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll

+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe

+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll

+ 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:23:49 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:23:49 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2008-06-23 16:28:17 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll

+ 2008-06-23 16:28:17 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll

+ 2008-06-23 16:28:17 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll

+ 2008-06-23 16:28:17 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll

+ 2008-06-23 16:28:17 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll

+ 2008-06-23 09:21:30 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe

+ 2008-06-23 16:28:18 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll

+ 2008-06-23 16:28:18 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll

+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll

+ 2008-06-23 16:28:18 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll

+ 2008-06-23 16:28:18 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll

+ 2008-06-23 16:28:19 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll

+ 2008-06-23 16:28:19 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll

+ 2008-06-23 16:28:20 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll

+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe

+ 2008-06-23 09:21:49 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe

+ 2008-06-23 16:28:20 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll

+ 2008-06-23 16:28:20 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll

+ 2008-06-23 16:28:20 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll

+ 2008-06-24 14:28:24 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll

+ 2008-06-23 16:28:22 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll

+ 2008-06-23 16:28:22 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll

+ 2008-06-23 16:28:22 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll

+ 2008-06-23 16:28:22 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll

+ 2008-06-23 16:28:22 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll

+ 2008-06-23 16:28:22 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll

+ 2008-06-23 16:28:23 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll

+ 2008-06-23 16:28:23 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll

+ 2008-06-23 16:28:23 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll

+ 2006-09-15 20:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2007-08-29 03:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\CONTAB32.DLL

+ 2007-08-24 08:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\DLGSETP.DLL

+ 2007-10-06 00:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\EXCEL.EXE

+ 2007-08-24 08:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MIMEDIR.DLL

+ 2007-09-15 01:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MSO.DLL

+ 2007-08-29 04:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OGL.DLL

+ 2007-08-29 03:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OLMAPI32.DLL

+ 2007-08-24 09:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OMSMAIN.DLL

+ 2007-08-24 09:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OMSXP32.DLL

+ 2007-08-29 03:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLMIME.DLL

+ 2007-09-06 22:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLOOK.EXE

+ 2007-08-29 03:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\OUTLPH.DLL

+ 2007-08-24 08:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\PSTPRX32.DLL

+ 2007-08-24 08:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\SCNPST32.DLL

+ 2007-08-24 08:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\SCNPST64.DLL

+ 2007-08-29 03:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WINWORD.EXE

+ 2007-09-06 22:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12CNV.DLL

+ 2007-08-29 04:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12EXE.EXE

+ 2007-09-06 21:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WWLIB.DLL

+ 2007-10-03 00:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\XL12CNV.EXE

+ 2007-08-24 09:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\XLCALL32.DLL

- 2008-10-23 18:46:36 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-10-30 07:15:39 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

- 2008-10-23 18:46:36 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-10-30 07:15:40 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-23 18:46:36 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2008-10-30 07:15:39 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-23 18:46:36 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-10-30 07:15:40 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-23 18:46:36 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-10-30 07:15:40 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-23 18:46:36 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-10-30 07:15:39 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2008-10-23 18:46:36 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-10-30 07:15:39 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-23 18:46:36 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-10-30 07:15:40 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-23 18:46:36 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-10-30 07:15:40 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-23 18:46:36 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-10-30 07:15:39 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-06-23 16:28:17 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-08-26 08:11:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2008-06-23 16:28:17 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-26 08:11:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-06-23 16:28:17 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-06-23 16:28:17 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-06-23 16:28:17 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-26 08:11:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-06-23 16:28:17 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-08-26 08:11:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-06-23 09:21:30 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-08-25 08:39:40 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-06-23 16:28:18 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-06-23 16:28:18 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-08-23 05:54:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-06-23 16:28:18 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-06-23 16:28:18 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-06-23 16:28:19 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-10-03 17:12:27 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-06-23 16:28:19 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-08-26 08:11:48 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-06-23 16:28:20 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-08-26 08:11:48 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-06-23 09:21:49 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-08-23 05:56:15 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-06-23 16:28:20 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2008-06-23 16:28:20 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-06-23 16:28:20 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-06-24 14:28:24 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-27 09:11:52 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-06-23 16:28:22 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-06-23 16:28:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-26 08:11:52 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-06-23 16:28:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-26 08:11:52 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-06-23 16:28:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-08-26 08:11:52 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-06-23 16:28:22 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-26 08:11:52 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2008-06-23 16:28:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-08-26 08:11:52 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2008-06-23 16:28:23 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-06-23 16:28:23 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-08-26 08:11:53 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-06-23 16:28:23 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-26 08:11:54 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

- 2008-06-23 16:28:17 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-06-23 16:28:17 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-06-23 16:28:17 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-26 08:11:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-10-29 15:51:12 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-30 07:22:33 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-06-23 16:28:17 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-08-26 08:11:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-08-25 08:39:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2008-06-23 16:28:19 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-10-03 17:12:27 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-06-23 16:28:19 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-08-26 08:11:48 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-08-26 08:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-06-24 14:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-27 09:11:52 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-08-26 08:11:52 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-08-26 08:11:52 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2008-04-14 02:33:34 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll

+ 2008-10-15 16:35:43 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll

- 2008-04-14 02:07:26 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

+ 2008-08-14 13:23:49 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

- 2008-04-14 02:08:03 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

+ 2008-08-14 13:23:49 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

- 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-08-26 08:11:52 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-26 08:11:52 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-08-26 08:11:52 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-08-26 08:11:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2008-04-14 01:58:06 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

+ 2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

- 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-08-26 08:11:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b07e25d-54df-4a90-af91-95fefa46a344}]

C:\WINDOWS\system32\sahrwx.dll [bU]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560]

"\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{2A2462BA-8A0D-436E-8811-66E69AD36B7D}"= "C:\WINDOWS\system32\nNeDWOee.dll" [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888]

S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ]

S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ]

S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{2A2462BA-8A0D-436E-8811-66E69AD36B7D} - C:\WINDOWS\system32\nNeDWOee.dll

Notify-nNeDWOee - nNeDWOee.dll

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-31 10:25:51

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

.

**************************************************************************

.

Heure de fin: 2008-10-31 10:31:58 - La machine a redémarré [rouimet]

ComboFix-quarantined-files.txt 2008-10-31 14:31:52

ComboFix2.txt 2008-10-29 18:32:49

 

Avant-CF: 7,050,198,016 octets libres

Après-CF: 7,067,354,624 octets libres

 

457 --- E O F --- 2008-10-30 07:15:45

 

Merci

 

Neija

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\sahrwx.dll
C:\WINDOWS\system32\nNeDWOee.dll

Dirlook::
C:\WINDOWS\_detmp.1
C:\WINDOWS\_detmp.2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b07e25d-54df-4a90-af91-95fefa46a344}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{2A2462BA-8A0D-436E-8811-66E69AD36B7D}"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Déconnecte toi d'internet physiquement, debranche le cable et attend 10 MN apres l'operation ci dessous pour te reconnecter et poster le rapport

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto:: http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

 

Poste le rapport du scan online

Neija Junior Member

Neija

Posté(e)
  • Auteur
Posté(e)

Bonjour

 

Rapport combofix :

 

ComboFix 08-10-30.12 - rouimet 2008-11-05 9:08:12.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.508 [GMT -5:00]

Lancé depuis: C:\Documents and Settings\rouimet\Bureau\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\rouimet\Bureau\CFSCRIPT.txt

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\nNeDWOee.dll

C:\WINDOWS\system32\sahrwx.dll

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-03 13:52 . 2008-11-03 13:52 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\AdobeUM

2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\Malwarebytes

2008-10-29 13:38 . 2008-10-29 13:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-10-29 13:38 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-29 13:38 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-29 13:35 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-29 13:34 . 2008-08-14 08:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-29 13:34 . 2008-08-14 08:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-29 13:34 . 2008-08-14 08:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-29 13:34 . 2008-08-14 08:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-29 13:34 . 2008-09-15 10:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-29 13:33 . 2008-10-15 11:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-27 09:56 . 2006-11-13 15:43 29,799 --a------ C:\WINDOWS\_detmp.1

2008-10-27 09:56 . 2001-08-08 11:58 28,672 --a------ C:\WINDOWS\_detmp.2

2008-10-27 09:38 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage réseau

2008-10-27 09:38 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Voisinage d'impression

2008-10-27 09:38 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\fbonneau.OUIMET\Modèles

2008-10-27 09:38 . 2008-10-27 09:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Mes documents

2008-10-27 09:38 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Menu Démarrer

2008-10-27 09:38 . 2008-10-27 09:39 <REP> dr------- C:\Documents and Settings\fbonneau.OUIMET\Favoris

2008-10-27 09:38 . 2006-10-15 07:12 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET\Bureau

2008-10-27 09:38 . 2008-10-27 09:38 <REP> d-------- C:\Documents and Settings\fbonneau.OUIMET

2008-10-24 12:43 . 2008-10-24 12:43 <REP> d-------- C:\Documents and Settings\rouimet\Application Data\ACD Systems

2008-10-23 15:22 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage réseau

2008-10-23 15:22 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\rouimet\Voisinage d'impression

2008-10-23 15:22 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\rouimet\Modèles

2008-10-23 15:22 . 2008-11-03 13:50 <REP> dr------- C:\Documents and Settings\rouimet\Mes documents

2008-10-23 15:22 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\rouimet\Menu Démarrer

2008-10-23 15:22 . 2008-10-29 15:23 <REP> dr------- C:\Documents and Settings\rouimet\Favoris

2008-10-23 15:22 . 2008-11-05 09:07 <REP> d-------- C:\Documents and Settings\rouimet\Bureau

2008-10-23 15:22 . 2008-10-31 11:01 <REP> d-------- C:\Documents and Settings\rouimet

2008-10-23 15:11 . 2008-10-23 15:11 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll

2008-10-23 15:11 . 2008-10-23 15:11 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll

2008-10-23 15:11 . 2008-10-23 15:11 107,840 --a------ C:\WINDOWS\system32\SymVPN.dll

2008-10-23 15:11 . 2008-10-23 15:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-10-23 15:11 . 2008-10-23 15:11 49,472 --a------ C:\WINDOWS\system32\FwsVpn.dll

2008-10-23 14:28 . 2008-10-23 15:13 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-10-23 14:28 . 2008-10-23 15:13 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-10-23 14:28 . 2008-10-23 15:13 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-10-23 14:28 . 2008-10-23 15:13 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-10-23 14:22 . 2008-10-29 12:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec

2008-10-23 14:19 . 2008-10-23 14:19 <REP> d-------- C:\TEMP\Clt-Inst

2008-10-23 14:14 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage réseau

2008-10-23 14:14 . 2006-10-15 07:12 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Voisinage d'impression

2008-10-23 14:14 . 2006-10-16 07:15 <REP> d--h----- C:\Documents and Settings\administrateur.OUIMET\Modèles

2008-10-23 14:14 . 2008-10-23 14:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Mes documents

2008-10-23 14:14 . 2006-10-15 07:12 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Menu Démarrer

2008-10-23 14:14 . 2008-10-23 14:15 <REP> dr------- C:\Documents and Settings\administrateur.OUIMET\Favoris

2008-10-23 14:14 . 2006-10-15 07:12 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET\Bureau

2008-10-23 14:13 . 2008-10-23 14:14 <REP> d-------- C:\Documents and Settings\administrateur.OUIMET

2008-10-23 13:51 . 2008-10-23 13:51 <REP> d-------- C:\Program Files\MSECache

2008-10-23 12:49 . 2008-10-23 12:49 <REP> d-------- C:\Program Files\Microsoft Works

2008-10-23 12:43 . 2008-10-23 12:43 <REP> d-------- C:\Program Files\Microsoft.NET

2008-10-23 10:57 . 2006-10-26 18:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-10-23 10:21 . 2008-10-31 10:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-10-23 10:17 . 2008-10-23 10:17 <REP> dr-h----- C:\MSOCache

2008-10-06 13:29 . 2008-10-06 13:29 754 --a------ C:\WINDOWS\WORDPAD.INI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 14:34 --------- d---a-w C:\Program Files\Fichiers communs\Autodesk Shared

2008-10-29 14:34 --------- d-----w C:\Program Files\AutoCAD 2004

2008-10-29 14:34 --------- d-----w C:\Program Files\AnswerWorks 4.0

2008-10-29 14:10 --------- d-----w C:\Program Files\winsim

2008-10-29 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-23 20:13 --------- d---a-w C:\Program Files\Symantec

2008-10-23 20:05 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-10-23 20:05 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-10-23 20:05 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-10-23 19:42 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared

2008-10-23 17:21 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-10-23 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-10-23 17:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak

2008-10-23 16:55 --------- d-----w C:\Program Files\Google

2008-10-23 16:55 --------- d-----w C:\Program Files\Apple Software Update

2008-10-23 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-23 16:07 --------- d-----w C:\Program Files\ESET

2008-10-22 18:31 --------- d-----w C:\Documents and Settings\fbonneau\Application Data\AdobeUM

2008-10-17 15:41 --------- d-----w C:\Program Files\Windows Live

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared

2008-10-17 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-10-08 19:33 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-09-24 13:30 --------- d-----w C:\Program Files\QuickTime

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2007-08-10 18:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll

2006-10-16 18:26 20,633,812 ----a-w C:\Documents and Settings\fbonneau\C-media-5.12.1.34.zip

2004-02-09 16:09 22 -c--a-w C:\Program Files\zipnew.dat

2004-02-09 16:09 20 -c--a-w C:\Program Files\rarnew.dat

2003-05-15 19:43 95,112 -c--a-w C:\Program Files\Dos.SFX

2003-05-15 19:43 94,720 -c--a-w C:\Program Files\Uninstall.exe

2003-05-15 19:43 607 -c--a-w C:\Program Files\Uninstall.lst

2003-05-15 19:43 51,712 -c--a-w C:\Program Files\Default.SFX

2003-05-15 19:43 35,328 -c--a-w C:\Program Files\Zip.SFX

2003-05-15 19:43 348,796 -c--a-w C:\Program Files\WinRAR.hlp

2003-05-15 19:43 119,808 -c--a-w C:\Program Files\RarExt.dll

2003-05-15 19:42 823,296 -c--a-w C:\Program Files\WinRAR.exe

2003-05-15 19:42 38,912 -c--a-w C:\Program Files\WinCon.SFX

2003-05-15 19:42 288,256 -c--a-w C:\Program Files\Rar.exe

2003-05-15 19:42 191,488 -c--a-w C:\Program Files\UnRAR.exe

2003-05-15 19:41 59,577 -c--a-w C:\Program Files\Rar.txt

2003-05-15 19:29 495 -c--a-w C:\Program Files\File_Id.diz

2003-05-15 19:28 10,917 -c--a-w C:\Program Files\WhatsNew.txt

2003-04-24 17:02 10,377 -c--a-w C:\Program Files\Rar_Site.txt

2003-03-04 01:17 9,042 -c--a-w C:\Program Files\TechNote.txt

2003-03-02 17:07 8,417 -c--a-w C:\Program Files\WinRAR.cnt

2003-01-28 16:41 3,323 -c--a-w C:\Program Files\Order.txt

2003-01-03 07:48 128 -c--a-w C:\Program Files\UnrarSrc.txt

2002-11-06 22:20 5,460 -c--a-w C:\Program Files\License.txt

2002-11-01 02:58 1,673 -c--a-w C:\Program Files\ReadMe.txt

2002-09-15 23:33 2,708 -c--a-w C:\Program Files\Register.txt

2002-09-07 05:36 1,082 -c--a-w C:\Program Files\RarFiles.lst

2002-08-27 16:40 55,313 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf

2002-05-15 19:27 271 --sh--w C:\Program Files\desktop.ini

2002-05-15 19:27 22,115 -c-ha-w C:\Program Files\folder.htt

2001-10-22 06:56 1,100 -c--a-w C:\Program Files\Descript.ion

2001-08-17 19:45 0 -c-ha-r C:\Program Files\Fichiers communs\MSCREATE.DIR

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\WINDOWS\_detmp.1 ----

 

C:\WINDOWS\_detmp.1\

 

---- Directory of C:\WINDOWS\_detmp.2 ----

 

C:\WINDOWS\_detmp.2\

 

 

((((((((((((((((((((((((((((( snapshot_2008-10-31_10.31.18.44 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE

- 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

- 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe

+ 2000-08-31 13:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe

- 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

- 2008-10-29 13:45:14 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-04 01:04:29 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-10-29 13:45:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-11-04 01:04:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-10-29 13:45:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-04 01:04:29 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-30 07:22:33 1,493,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-11-03 14:04:15 1,492,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-10-24 14:54:52 66,264 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-11-03 14:18:55 66,264 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-10-24 14:54:52 80,564 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-11-03 14:18:55 80,564 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-10-24 14:54:52 419,590 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-11-03 14:18:55 419,590 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-10-24 14:54:52 487,536 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-11-03 14:18:55 487,536 ----a-w C:\WINDOWS\system32\perfh00C.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A2462BA-8A0D-436E-8811-66E69AD36B7D}]

C:\WINDOWS\system32\nNeDWOee.dll [bU]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-23 115560]

"\\cad2\EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nNeDWOee]

nNeDWOee.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sahrwx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

S2 OkiPar;OkiPar;C:\WINDOWS\system32\Drivers\OkiPar.SYS [ ]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-10-23 23888]

S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [ ]

S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [ ]

S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2008-09-11 140216]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-05 10:22:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

.

**************************************************************************

.

Heure de fin: 2008-11-05 10:30:46 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-05 15:30:39

ComboFix2.txt 2008-10-31 16:00:06

ComboFix3.txt 2008-10-31 14:32:00

ComboFix4.txt 2008-10-29 18:32:49

 

Avant-CF: 6,838,564,352 octets libres

Après-CF: 6,903,069,696 octets libres

 

233 --- E O F --- 2008-10-30 07:15:45

 

rapport kasperksy

 

Wednesday, November 5, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, November 03, 2008 17:50:06

Records in database: 1369040

 

 

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

 

Scan area My Computer

A:\

C:\

D:\

G:\

H:\

M:\

N:\

O:\

 

Scan statistics

Files scanned 118562

Threat name 20

Infected objects 45

Suspicious objects 0

Duration of the scan 06:05:27

 

File name Threat name Threats count

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700000\4B765610.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.eqq 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700001\4B770F86.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03700002\4B773B00.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100000\4D10DDBE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ema 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100001\4D11EECE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.eky 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100002\4D11EEE4.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ema 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100003\4D11F4B0.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100005\4D122FA1.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100006\4D1381A2.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\05100007\4D14D338.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AE00000\4BE5BDDA.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0C1C0001\4D1CDAC7.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.ekm 1

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0CC80001\4DC86CEE.VBN Infected: not-a-virus:NetTool.Win32.Agent.ay 1

 

C:\Program Files\eMule\Incoming\[spanish] Adobe Acrobat 8 Professional activation crack keygen serial.zip Infected: Backdoor.Win32.Agent.aou 1

 

C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

 

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\bskevu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eqt 1

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\nggjpaal.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.eqt 1

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\qjgsmewp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.emh 1

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\xfllwm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.emh 1

 

D:\Installe\kazaalite\first stage\kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o 1

 

D:\Installe\kazaalite\kazaalite_202_b1.zip Infected: not-a-virus:AdWare.Win32.Altnet.o 1

 

G:\ScannerKM\Bureau\SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2

 

The selected area was scanned.

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• vide ta quarantaine de symantec antivirus

 

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

• retelecharge ComboFix sur ton bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

» ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\Program Files\eMule\Incoming\[Spanish] Adobe Acrobat 8 Professional activation crack keygen serial.zip
C:\Program Files\MSN Messenger\riched20.dll
G:\ScannerKM\Bureau\SetupRevelationV2.exe
C:\WINDOWS\system32\nNeDWOee.dll
Folder::
D:\Installe\kazaalite
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A2462BA-8A0D-436E-8811-66E69AD36B7D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nNeDWOee]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

=========== c'est pénible de voir toujours du P2P avec des cracks vérolés!!!!!!!!!!==========

 

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation de ce type de programmes.

Fais gaffe avec l'utilisation des logiciels P2P!! ce sont les principaux vecteurs d'infection avec les craks/keygens etc...! Pour t'en convaincre, lis ces deux topics très clairs:

le premier est de Malekal et concerne les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

le second de Tesgaz concerne le P2P en général => http://forum.zebulon.fr/prevention-le-p2p-...ces-t85544.html

Les infections véhiculées pas le p2p sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)?

Neija Junior Member

Neija

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Merci du conseil mais voila je suis contre le P2P je suis donc très étonnée de savoir qu'il y a non seulement un logiciel P2P d'installé sur le pc mais qu'en plus il y a des cracks aussi.

Peux-tu me dire quel logiciel de P2P est installé et de quel crack il s'agit ???

 

Merci beaucoup pour tout

 

N.

angelique Devil Member !

angelique

Posté(e)
Posté(e)

c'est flagrant en gras!il doit meme etre en programmes autorisés dans ton firewall symantec

 

C:\Program Files\eMule\Incoming\[spanish] Adobe Acrobat 8 Professional activation crack keygen serial.zip

desinstalle le via ajout\suppression de programmes

 

et execute ma procedure stp!et poste le rapport

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...