Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infecté(résolu)

xbob

Par xbob
dans Analyses et éradication malwares

 Partager

Messages recommandés

xbob Member

xbob

Posté(e)
  • Auteur
Posté(e)

j ai reesseiller combofix apres (mbam) et ca a fonctionné :P

 

 

ComboFix 08-12-26.03 - Propriétaire 2008-12-28 12:27:17.4 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.162 [GMT -5:00]

Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\documents and settings\Propriétaire\Application Data\inst.exe

c:\documents and settings\Propriétaire\Mes documents\My Documents.url

c:\temp\PRE45

c:\windows\Downloaded Program Files\setup.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\ebekuzet.ini

c:\windows\system32\erenawop.ini

c:\windows\system32\nayazezi.dll

c:\windows\system32\sX3i19

c:\windows\system32\tmp.reg

c:\windows\system32\ugifasik.ini

D:\Autorun.inf

D:\resycled

d:\resycled\boot.com

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-28 01:51 . 2008-12-28 01:51 <REP> d-------- c:\program files\WiniGuard Software

2008-12-22 18:08 . 2008-12-22 18:08 2,724 ---hs---- c:\windows\system32\babopeni.exe

2008-12-21 23:40 . 2008-12-21 23:41 <REP> d--hs---- c:\documents and settings\Propriétaire\ADACDECE5E961EB4

2008-12-21 23:40 . 2008-12-21 23:41 <REP> d--hs---- c:\documents and settings\Propriétaire\ADACDECE5E961EB4

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Malwarebytes

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-17 14:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-17 14:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-16 10:22 . 2008-12-16 10:22 <REP> d--h----- C:\creatiel

2008-12-16 10:21 . 2008-12-16 10:21 <REP> d-------- c:\program files\Microsoft Synchronization Services

2008-12-16 10:21 . 2008-12-16 10:21 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition

2008-12-16 10:16 . 2008-12-16 10:16 <REP> d-------- c:\windows\system32\XPSViewer

2008-12-16 10:16 . 2008-12-16 10:16 <REP> d-------- c:\program files\Reference Assemblies

2008-12-16 10:15 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-12 11:14 . 2008-12-12 11:14 <REP> d--hs---- C:\FOUND.008

2008-12-10 10:09 . 2008-12-28 02:05 502 --a------ c:\windows\0

2008-12-10 10:09 . 2008-12-28 02:05 81 --a------ c:\windows\Times New Roman

2008-12-10 10:08 . 2008-12-10 10:08 <REP> d-------- c:\program files\SoftwarePassport

2008-12-10 10:08 . 2008-12-10 10:08 <REP> d-------- c:\program files\Mindscape

2008-12-10 10:08 . 2003-01-30 14:04 1,500,160 --a------ c:\windows\system32\CC3260MT.DLL

2008-12-10 10:08 . 2002-02-01 08:00 1,326,080 --a------ c:\windows\system32\vcl60.bpl

2008-12-10 10:08 . 1999-03-03 21:00 908,800 --a------ c:\windows\system32\CP3245MT.DLL

2008-12-10 10:08 . 2003-01-30 07:04 685,056 --a------ c:\windows\system32\rtl60.bpl

2008-12-10 10:08 . 2004-09-28 20:25 478,208 --a------ c:\windows\system32\radevcl.bpl

2008-12-10 10:08 . 2002-02-01 08:00 262,656 --a------ c:\windows\system32\vcldb60.bpl

2008-12-10 10:08 . 2002-02-01 08:00 254,464 --a------ c:\windows\system32\dbrtl60.bpl

2008-12-10 10:08 . 2002-03-06 06:00 213,504 --a------ c:\windows\system32\vclx60.bpl

2008-12-10 10:08 . 2004-08-09 06:04 73,728 --a------ c:\windows\system32\ISUSPM.cpl

2008-12-10 10:08 . 2007-02-26 00:42 53,248 --a------ c:\windows\system32\ArmAccess.dll

2008-12-10 10:08 . 1998-02-09 20:00 29,952 --a------ c:\windows\system32\BORLNDMM.DLL

2008-12-10 10:08 . 2007-06-15 15:03 29,656 --a------ c:\windows\system32\Lanceur2.exe

2008-12-02 23:29 . 2008-12-02 23:29 <REP> d-------- c:\program files\iTunes

2008-12-02 23:29 . 2008-12-02 23:29 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-02 23:24 . 2008-12-02 23:24 <REP> d-------- c:\program files\QuickTime

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-28 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead

2008-11-28 01:31 --------- d-----w c:\program files\Nero

2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-11-08 02:21 47,360 ----a-w c:\windows\system32\drivers\Pcouffin.sys

2008-11-08 02:21 47,360 ----a-w c:\documents and settings\Propriétaire\Application Data\pcouffin.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-17 06:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll

2008-10-12 02:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll

2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-05-22 17:30 81,920 ----a-w c:\documents and settings\Propriétaire\Application Data\ezpinst.exe

2008-05-04 05:42 16,865,248 ----a-w c:\program files\gimp-2.4.4-i686-setup.exe

2007-12-24 07:10 1,800,920 ----a-w c:\program files\Paint.NET.3.20.SkyOrb.exe

2007-12-24 06:54 9,439,584 ----a-w c:\program files\tuxpaint-0.9.18-win32-installer.exe

2007-11-13 06:10 927,779 ----a-w c:\program files\SetupXnBeep.exe

2007-09-09 22:09 1,959,112 ----a-w c:\program files\FLVPlayerSetup.exe

2007-09-09 21:45 883,808 ----a-w c:\program files\Google_Updater.exe

2007-09-08 23:50 43,423,968 ----a-w c:\program files\PalmDesktopWin414e.zip

2007-09-07 01:18 6,801,128 ----a-w c:\program files\wmcsetup.exe

2007-09-07 00:22 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe

2007-09-04 15:28 26,730,808 ----a-w c:\program files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe

2007-09-02 18:31 17,733,474 ----a-w c:\program files\RCALyraTrayAppInstall_v1035a.exe

2007-08-22 14:53 2,624,373 ----a-w c:\program files\XnView-win-fr.exe

2007-08-22 14:36 7,494 ----a-w c:\program files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip

2007-08-22 14:21 5,053,286 ----a-w c:\program files\converter.exe

2007-05-13 20:22 899,414 ----a-w c:\program files\SetupDVDDecrypter_3.5.4.0.exe

2007-04-10 01:22 696,814 ----a-w c:\program files\uTorrent-1.6.1-install.exe

2007-03-20 01:44 10,420,936 ----a-w c:\program files\xlviewer.exe

2007-03-05 06:15 1,367,553 ----a-w c:\program files\mirc621.exe

2007-02-25 02:23 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2007-02-22 09:17 7,564,315 ----a-w c:\program files\ezcddax10.exe

2007-02-22 09:03 6,710,040 ----a-w c:\program files\smart-audio-converter-pro-setup.exe

2007-01-25 22:58 17,741,094 ----a-w c:\program files\VideoConvertMaster_Fr.exe

2007-01-20 16:17 27,100,264 ----a-w c:\program files\PowerPointViewer.exe

2007-01-19 20:44 5,646,848 ----a-w c:\program files\PC Camer@.msi

2007-01-19 20:44 31,232 ----a-w c:\program files\1036.MST

2007-01-19 20:43 5,481 ----a-w c:\program files\0x040c.ini

2008-06-07 09:43 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys

2007-03-30 02:40 56 --sh--r c:\windows\system32\D270FADD90.sys

2008-06-07 09:42 88 --sh--r c:\windows\system32\90DDFA70D2.sys

2008-09-24 05:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092420080925\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Horloge Parlante 3000"="c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms" [X]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-24 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-24 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-24 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 1404928]

"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]

"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"atwtusb"="atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"SENTINEL"= snti386.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk

backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]

path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk

backup=c:\windows\pss\palmOne Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-16 09:27 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 22:34 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 10:54 262210 c:\program files\epson\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]

--a------ 2004-03-31 10:01 286720 c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Play+Smile\\Texas Hold'em Poker 3D - Deluxe Edition\\Poker3d.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\System32\\SPOOLSV.EXE"=

"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=

"c:\\WINDOWS\\System32\\PSIService.exe"=

"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe"=

 

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-05-06 22272]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S2 ADACDECE5E961EB4;ADACDECE5E961EB4;\??\c:\documents and settings\Propriétaire\ADACDECE5E961EB4\ADACDECE5E961EB4 []

S2 SessionLauncher;SessionLauncher;c:\docume~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2005-10-17 96256]

S3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2008-02-22 1112560]

S3 s3legacy;s3legacy;c:\windows\system32\DRIVERS\s3legacy.sys [2005-10-17 65664]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdb40db6-bda0-11dd-8739-0016761bd459}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

 

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe

MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

MSConfigStartUp-LogitechCameraAssistant - c:\program files\Logitech\Video\CameraAssistant.exe

MSConfigStartUp-LogitechCameraService(E) - c:\windows\system32\ElkCtrl.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe

MSConfigStartUp-MsgCenterExe - c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-PVR - c:\program files\XemiComputers\Pocket Voice Recorder\PVR.exe

MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

MSConfigStartUp-RoxAssistant - c:\program files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe

MSConfigStartUp-RoxioEngineUtility - c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.whatwashomepage.com/?q=http://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.147.17.64/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\2hg8zprk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 12:33:04

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ADACDECE5E961EB4]

"ImagePath"="\??\c:\documents and settings\Propriétaire\ADACDECE5E961EB4\ADACDECE5E961EB4"

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE

c:\program files\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE

c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

c:\program files\BONJOUR\MDNSRESPONDER.EXE

c:\program files\JAVA\JRE6\BIN\JQS.EXE

c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

c:\program files\MICROSOFT LIFECAM\MSCAMS32.EXE

c:\windows\SYSTEM32\PSISERVICE.EXE

c:\windows\SYSTEM32\MSPMSPSV.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\SYSTEM32\TBLMOUSE.EXE

c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Heure de fin: 2008-12-28 12:40:02 - La machine a redémarré [Propriétaire]

ComboFix2.txt 2008-05-22 15:34:00

ComboFix-quarantined-files.txt 2008-12-28 17:39:58

 

Avant-CF: 6,019,022,848 octets libres

Après-CF: 10,721,329,152 octets libres

 

295 --- E O F --- 2008-12-28 17:36:59

 

je voi deja une grosse amelioration! merci!!!!!!!!

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il faudra laisser s'installer la console de récupération, au prochain passage (qui arrive ci dessous).

Branche avant de commencer tes supports amovibles (clés usb, disques durs etxernes, etc).

 

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

 

file::

c:\windows\system32\babopeni.exe

 

folder::

c:\documents and settings\Propriétaire\ADACDECE5E961EB4

 

driver::

ADACDECE5E961EB4

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

img-2258535my8h.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là.

xbob Member

xbob

Posté(e)
  • Auteur
Posté(e)

je n ai aucun suport amovible.

 

 

 

ComboFix 08-12-28.01 - Propriétaire 2008-12-28 17:54:46.5 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.181 [GMT -5:00]

Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\system32\babopeni.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Propriétaire\ADACDECE5E961EB4

c:\windows\system32\babopeni.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ADACDECE5E961EB4

-------\Service_ADACDECE5E961EB4

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-28 01:51 . 2008-12-28 01:51 <REP> d-------- c:\program files\WiniGuard Software

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Malwarebytes

2008-12-17 14:54 . 2008-12-17 14:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-17 14:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-17 14:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-16 10:22 . 2008-12-16 10:22 <REP> d--h----- C:\creatiel

2008-12-16 10:21 . 2008-12-16 10:21 <REP> d-------- c:\program files\Microsoft Synchronization Services

2008-12-16 10:21 . 2008-12-16 10:21 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition

2008-12-16 10:16 . 2008-12-16 10:16 <REP> d-------- c:\windows\system32\XPSViewer

2008-12-16 10:16 . 2008-12-16 10:16 <REP> d-------- c:\program files\Reference Assemblies

2008-12-16 10:15 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-12 11:14 . 2008-12-12 11:14 <REP> d--hs---- C:\FOUND.008

2008-12-10 10:09 . 2008-12-28 02:05 502 --a------ c:\windows\0

2008-12-10 10:09 . 2008-12-28 02:05 81 --a------ c:\windows\Times New Roman

2008-12-10 10:08 . 2008-12-10 10:08 <REP> d-------- c:\program files\SoftwarePassport

2008-12-10 10:08 . 2008-12-10 10:08 <REP> d-------- c:\program files\Mindscape

2008-12-10 10:08 . 2003-01-30 14:04 1,500,160 --a------ c:\windows\system32\CC3260MT.DLL

2008-12-10 10:08 . 2002-02-01 08:00 1,326,080 --a------ c:\windows\system32\vcl60.bpl

2008-12-10 10:08 . 1999-03-03 21:00 908,800 --a------ c:\windows\system32\CP3245MT.DLL

2008-12-10 10:08 . 2003-01-30 07:04 685,056 --a------ c:\windows\system32\rtl60.bpl

2008-12-10 10:08 . 2004-09-28 20:25 478,208 --a------ c:\windows\system32\radevcl.bpl

2008-12-10 10:08 . 2002-02-01 08:00 262,656 --a------ c:\windows\system32\vcldb60.bpl

2008-12-10 10:08 . 2002-02-01 08:00 254,464 --a------ c:\windows\system32\dbrtl60.bpl

2008-12-10 10:08 . 2002-03-06 06:00 213,504 --a------ c:\windows\system32\vclx60.bpl

2008-12-10 10:08 . 2004-08-09 06:04 73,728 --a------ c:\windows\system32\ISUSPM.cpl

2008-12-10 10:08 . 2007-02-26 00:42 53,248 --a------ c:\windows\system32\ArmAccess.dll

2008-12-10 10:08 . 1998-02-09 20:00 29,952 --a------ c:\windows\system32\BORLNDMM.DLL

2008-12-10 10:08 . 2007-06-15 15:03 29,656 --a------ c:\windows\system32\Lanceur2.exe

2008-12-02 23:29 . 2008-12-02 23:29 <REP> d-------- c:\program files\iTunes

2008-12-02 23:29 . 2008-12-02 23:29 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-02 23:24 . 2008-12-02 23:24 <REP> d-------- c:\program files\QuickTime

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-11-28 01:35 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead

2008-11-28 01:31 --------- d-----w c:\program files\Nero

2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-11-08 02:21 47,360 ----a-w c:\windows\system32\drivers\Pcouffin.sys

2008-11-08 02:21 47,360 ----a-w c:\documents and settings\Propriétaire\Application Data\pcouffin.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll

2008-10-12 02:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll

2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-05-22 17:30 81,920 ----a-w c:\documents and settings\Propriétaire\Application Data\ezpinst.exe

2008-05-04 05:42 16,865,248 ----a-w c:\program files\gimp-2.4.4-i686-setup.exe

2007-12-24 07:10 1,800,920 ----a-w c:\program files\Paint.NET.3.20.SkyOrb.exe

2007-12-24 06:54 9,439,584 ----a-w c:\program files\tuxpaint-0.9.18-win32-installer.exe

2007-11-13 06:10 927,779 ----a-w c:\program files\SetupXnBeep.exe

2007-09-09 22:09 1,959,112 ----a-w c:\program files\FLVPlayerSetup.exe

2007-09-09 21:45 883,808 ----a-w c:\program files\Google_Updater.exe

2007-09-08 23:50 43,423,968 ----a-w c:\program files\PalmDesktopWin414e.zip

2007-09-07 01:18 6,801,128 ----a-w c:\program files\wmcsetup.exe

2007-09-07 00:22 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe

2007-09-04 15:28 26,730,808 ----a-w c:\program files\musicmatch-jukebox_musicmatch_jukebox_10.0.4033_anglais_10317.exe

2007-09-02 18:31 17,733,474 ----a-w c:\program files\RCALyraTrayAppInstall_v1035a.exe

2007-08-22 14:53 2,624,373 ----a-w c:\program files\XnView-win-fr.exe

2007-08-22 14:36 7,494 ----a-w c:\program files\Image_Converter_Plus_[demo]_v4.00_by_TNT.zip

2007-08-22 14:21 5,053,286 ----a-w c:\program files\converter.exe

2007-05-13 20:22 899,414 ----a-w c:\program files\SetupDVDDecrypter_3.5.4.0.exe

2007-04-10 01:22 696,814 ----a-w c:\program files\uTorrent-1.6.1-install.exe

2007-03-20 01:44 10,420,936 ----a-w c:\program files\xlviewer.exe

2007-03-05 06:15 1,367,553 ----a-w c:\program files\mirc621.exe

2007-02-25 02:23 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2007-02-22 09:17 7,564,315 ----a-w c:\program files\ezcddax10.exe

2007-02-22 09:03 6,710,040 ----a-w c:\program files\smart-audio-converter-pro-setup.exe

2007-01-25 22:58 17,741,094 ----a-w c:\program files\VideoConvertMaster_Fr.exe

2007-01-20 16:17 27,100,264 ----a-w c:\program files\PowerPointViewer.exe

2007-01-19 20:44 5,646,848 ----a-w c:\program files\PC Camer@.msi

2007-01-19 20:44 31,232 ----a-w c:\program files\1036.MST

2007-01-19 20:43 5,481 ----a-w c:\program files\0x040c.ini

2008-06-07 09:43 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys

2007-03-30 02:40 56 --sh--r c:\windows\system32\D270FADD90.sys

2008-06-07 09:42 88 --sh--r c:\windows\system32\90DDFA70D2.sys

2008-09-24 05:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092420080925\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-28_12.39.12.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-17 06:48:40 3,593,216 ------w c:\windows\ie7updates\KB960714-IE7\mshtml.dll

+ 2007-03-06 01:34:38 216,800 ------w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 ------w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll

- 2008-10-17 06:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-28 22:57:58 16,384 ----a-w c:\windows\temp\Perflib_Perfdata_378.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Horloge Parlante 3000"="c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms" [X]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-24 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-24 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-24 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-24 1404928]

"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]

"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]

"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"atwtusb"="atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"SENTINEL"= snti386.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk

backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]

path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk

backup=c:\windows\pss\palmOne Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-16 09:27 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 22:34 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 10:54 262210 c:\program files\epson\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]

--a------ 2004-03-31 10:01 286720 c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Play+Smile\\Texas Hold'em Poker 3D - Deluxe Edition\\Poker3d.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\System32\\SPOOLSV.EXE"=

"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=

"c:\\WINDOWS\\System32\\PSIService.exe"=

"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe"=

 

R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-05-06 22272]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S2 SessionLauncher;SessionLauncher;c:\docume~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2005-10-17 96256]

S3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2008-02-22 1112560]

S3 s3legacy;s3legacy;c:\windows\system32\DRIVERS\s3legacy.sys [2005-10-17 65664]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdb40db6-bda0-11dd-8739-0016761bd459}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

 

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.whatwashomepage.com/?q=http://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.147.17.64/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\2hg8zprk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 17:58:29

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE

c:\program files\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE

c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

c:\program files\BONJOUR\MDNSRESPONDER.EXE

c:\program files\JAVA\JRE6\BIN\JQS.EXE

c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

c:\program files\MICROSOFT LIFECAM\MSCAMS32.EXE

c:\windows\SYSTEM32\PSISERVICE.EXE

c:\windows\SYSTEM32\MSPMSPSV.EXE

c:\program files\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

c:\windows\system32\TBLMOUSE.EXE

c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Heure de fin: 2008-12-28 18:01:26 - La machine a redémarré

ComboFix3.txt 2008-05-22 15:34:00

ComboFix-quarantined-files.txt 2008-12-28 23:01:24

ComboFix2.txt 2008-12-28 17:40:04

 

Avant-CF: 11 961 794 560 octets libres

Après-CF: 11,885,412,352 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

286 --- E O F --- 2008-12-28 22:29:18

 

 

 

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:10:37, on 2008-12-28

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatwashomepage.com/?q=http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\palmOne\FireConverterBrowserHelperObject.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe

O4 - HKCU\..\Run: [Horloge Parlante 3000] C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.147.17.64/activex/AMC.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

 

--

End of file - 9272 bytes

 

 

 

 

MERCI!!!!!

xbob Member

xbob

Posté(e)
  • Auteur
Posté(e)

pour l instan ce va mais j ai pas beaucoup de temp pour faire de l ordi,laisse moi 1 journée encore pour voir.j ai fais un scan avec antivir ce matin,je te poste le raport.

 

 

 

 

Avira AntiVir Personal

Report file date: 29 décembre 2008 07:08

 

Scanning for 1132234 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: CLIENT-A3C075D7

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-26 03:44:32

AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-07-19 23:11:30

LUKE.DLL : 8.1.4.5 164097 Bytes 2008-07-19 23:11:30

LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-07-19 23:11:30

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 22:33:56

ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 2008-12-24 20:00:32

ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 2008-12-24 20:00:32

ANTIVIR3.VDF : 7.1.1.45 185344 Bytes 2008-12-29 12:07:14

Engineversion : 8.2.0.45

AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-15 20:00:52

AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-11 20:00:40

AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-08 00:54:50

AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-06 20:02:34

AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 20:01:12

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-11 20:00:40

AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-11 20:00:38

AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-18 20:01:26

AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-11 20:00:36

AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 20:00:48

AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-28 20:01:24

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 20:00:46

AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-19 23:11:30

AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-07-19 23:11:30

AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 20:00:26

AVREG.DLL : 8.0.0.1 33537 Bytes 2008-07-19 23:11:30

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-15 20:13:50

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-07-19 23:11:30

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-15 20:13:50

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-07-19 23:11:30

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-15 20:13:50

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-19 23:11:28

RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-07-19 23:11:28

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 29 décembre 2008 07:08

 

Starting search for hidden objects.

'65718' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'MpCmdRun.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'TBLMOUSE.EXE' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'atwtusb.exe' - '1' Module(s) have been scanned

Scan process 'vVX3000.exe' - '1' Module(s) have been scanned

Scan process 'E_FATIACA.EXE' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'SMAX4PNP.EXE' - '1' Module(s) have been scanned

Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned

Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned

Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'PSIService.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'JQS.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned

Scan process 'SCHED.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

47 processes with 47 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '66' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <SYSTEM>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '49c5c232.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP355\A0044601.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '4988c4e7.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP355\A0044615.dll

[DETECTION] Is the TR/PSW.Magania.apnl Trojan

[NOTE] A backup was created as '4988c4e8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP356\A0044655.EXE

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '4988c4ee.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP356\A0044669.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

[NOTE] A backup was created as '4988c4ef.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP356\A0044675.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '480a75c8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP358\A0045641.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '4988c4fc.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP358\A0045657.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

[NOTE] A backup was created as '4988c4fd.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP358\A0045665.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '480a75c6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP358\A0045677.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '4988c4ff.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP359\A0045706.EXE

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '480a7438.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP359\A0045720.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

[NOTE] A backup was created as '4988c501.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP359\A0045726.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '480a743a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP361\A0047060.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '4988c532.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP361\A0047080.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] A backup was created as '480a740b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{D3105DB7-8A86-4AB3-84C6-418E9AB61B74}\RP361\A0047093.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] A backup was created as '4988c535.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Qoobox\Quarantine\C\WINDOWS\system32\nayazezi.dll.vir

[DETECTION] Is the TR/PSW.Magania.apnl Trojan

[NOTE] A backup was created as '49d1c5f2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'D:\' <DONNEES>

 

 

End of the scan: 29 décembre 2008 07:48

Used time: 40:42 Minute(s)

 

The scan has been done completely.

 

10389 Scanning directories

227748 Files were scanned

33 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

17 files were deleted

0 files were repaired

17 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

227714 Files not concerned

2180 Archives were scanned

1 Warnings

17 Notes

65718 Objects were scanned with rootkit scan

0 Hidden objects were found

 

 

 

il a decouver des trucs,est ce que c est combofix?

Zonk Godlike Member

Zonk

Posté(e)
Posté(e) (modifié)
mon pc va No 1 merci!!!!!! :P

Salut Xbob

Reviens faire un tour car Falkra n'a peut être pas tout terminer à son gout

(au fait c'était quoi le (s) peste(s)de xbob ?)

@+ et bonne année à toi et Falkra !!! :P:P

Modifié par Zonk
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Un peu de ménage, ça fait toujours du bien.

 

Désinstalle combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

C:\32788R22FWJFW

xbob Member

xbob

Posté(e)
  • Auteur
Posté(e)

voila ce que ca dit,une fenetre avec un x rouge aparai et c est marqué.

 

 

windows ne trouve pas (combofix/u).verifiez que vous avez entré le nom correctement et esseyez a nouveau.pour rechercher un fichier,cliquez sur le bouton demarrer,puis sur rechercher.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...