fenetre "freevirusscan" et autres :(

[MrPoke]

le rapport combofix (fait en ayant desactivé f secure ,qui a du le bloquer avant mais il m'a rien dit)

 

ComboFix 08-12-17.01 - GENE02.BES.AVENAO2 2008-12-18 20:36:55.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3582.2947 [GMT 1:00]

Lancé depuis: c:\documents and settings\GENE02.BES.AVENAO2\Bureau\FixCF.exe

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

ADS - WINDOWS: deleted 48 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\bold.log

c:\windows\system32\404Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-18 au 2008-12-18 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-18 20:05 . 2008-12-18 20:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-18 20:05 . 2008-12-18 20:05 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Malwarebytes

2008-12-18 20:05 . 2008-12-18 20:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-18 20:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-18 20:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-18 19:07 . 2008-12-18 19:45 <REP> d-------- c:\program files\FindyKill

2008-12-18 12:25 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe

2008-12-16 21:36 . 2008-12-16 21:36 <REP> d-------- c:\program files\Fichiers communs\PC Tools

2008-12-16 21:36 . 2008-12-16 22:39 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-12-16 19:53 . 2008-12-16 19:53 <REP> d-------- c:\program files\Panda Security

2008-12-16 19:53 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-14 23:53 . 2008-12-14 23:53 <REP> dr------- c:\documents and settings\LocalService\Favoris

2008-12-14 22:42 . 2008-12-14 22:42 <REP> d-------- c:\windows\report

2008-12-14 22:41 . 2008-12-14 22:40 21,415,977 --a------ c:\windows\LPT$VPN.707

2008-12-14 22:40 . 2008-12-14 22:40 <REP> d-------- c:\windows\AU_Backup

2008-12-14 22:40 . 2008-12-14 22:40 21,415,977 --a------ c:\windows\VPTNFILE.707

2008-12-14 22:40 . 2008-12-14 22:40 1,973,120 --a------ c:\windows\tsc.ptn

2008-12-14 22:40 . 2008-12-14 22:40 1,213,784 --a------ c:\windows\vsapi32.dll

2008-12-14 22:40 . 2008-12-14 22:40 345,157 --a------ c:\windows\tsc.exe

2008-12-14 22:40 . 2008-12-14 22:40 91,744 --a------ c:\windows\BPMNT.dll

2008-12-14 22:40 . 2008-12-14 22:40 71,749 --a------ c:\windows\hcextoutput.dll

2008-12-14 22:40 . 2008-12-15 06:39 823 --a------ c:\windows\tsc.ini

2008-12-14 22:36 . 2008-12-14 22:40 <REP> d-------- c:\windows\AU_Temp

2008-12-14 22:36 . 2008-12-14 22:36 <REP> d-------- c:\windows\AU_Log

2008-12-14 22:36 . 2008-12-14 22:36 507,904 --a------ c:\windows\TMUPDATE.DLL

2008-12-14 22:36 . 2008-12-14 22:36 170 --a------ c:\windows\GetServer.ini

2008-12-14 22:35 . 2008-12-14 22:35 286,720 --a------ c:\windows\PATCH.EXE

2008-12-14 22:35 . 2008-12-14 22:35 69,689 --a------ c:\windows\UNZIP.DLL

2008-12-13 18:15 . 2008-12-13 18:15 34 --a------ c:\windows\cdplayer.ini

2008-12-13 17:29 . 2008-12-13 17:30 69 --a------ c:\windows\NeroDigital.ini

2008-12-10 21:02 . 2008-12-10 21:02 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Nero

2008-12-10 19:32 . 2008-12-16 16:56 <REP> d-------- c:\program files\Fichiers communs\Nero

2008-12-10 19:32 . 2008-12-16 16:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero

2008-12-10 09:30 . 2008-12-10 09:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Elaborate Bytes

2008-12-10 09:29 . 2008-12-10 09:31 <REP> d-------- c:\program files\Elaborate Bytes

2008-12-10 08:51 . 2008-12-10 08:51 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink

2008-12-03 20:09 . 2008-12-03 20:30 <REP> d-------- c:\windows\system32\Adobe

2008-12-02 20:41 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\system32\AudFile.dll

2008-12-02 20:41 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll

2008-12-02 20:41 . 2005-02-24 12:51 348,160 --a------ c:\windows\system32\WMAFile.dll

2008-12-02 20:41 . 1998-07-12 22:00 141,312 --a------ c:\windows\system32\MSCMCFR.DLL

2008-12-02 20:41 . 2005-01-10 13:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx

2008-12-02 20:41 . 1999-03-25 18:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL

2008-12-02 20:41 . 2003-04-18 15:29 44,544 --a------ c:\windows\system32\msxml4a.dll

2008-12-02 20:41 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll

2008-12-02 20:41 . 1998-07-12 18:00 32,768 --a------ c:\windows\system32\CMDLGFR.DLL

2008-12-02 20:41 . 1998-07-12 22:00 15,360 --a------ c:\windows\system32\inetfr.DLL

2008-12-01 10:52 . 2008-12-01 10:52 30,856 --a------ c:\windows\system32\drivers\fsbts.sys

2008-12-01 10:44 . 2008-12-01 11:25 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg

2008-11-28 22:42 . 2008-12-16 18:23 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\F-Secure

2008-11-27 10:49 . 2008-11-27 10:49 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\SolidWorks 2008

2008-11-27 10:35 . 2008-11-27 10:35 <REP> d-------- c:\program files\Fichiers communs\eDrawings2008

2008-11-27 10:35 . 2008-11-27 10:38 <REP> d-------- c:\program files\AGEIA Technologies

2008-11-27 10:25 . 2008-11-27 10:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\F-Secure

2008-11-27 08:44 . 2008-12-18 08:27 <REP> d-------- C:\SolidWorks Admin

2008-11-26 19:52 . 2008-12-18 20:42 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\IM

2008-11-23 15:30 . 2008-11-23 15:42 <REP> d-------- c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Command & Conquer 3  La Fureur de Kane

2008-11-23 14:56 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll

2008-11-23 14:56 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll

2008-11-23 14:56 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll

2008-11-23 14:56 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll

2008-11-23 14:56 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll

2008-11-22 18:36 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-11-21 11:25 . 2008-11-21 11:25 268 --ah----- C:\sqmdata01.sqm

2008-11-21 11:25 . 2008-11-21 11:25 244 --ah----- C:\sqmnoopt01.sqm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-18 19:42 --------- d-----w c:\program files\DNA

2008-12-18 19:42 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\DNA

2008-12-18 18:49 --------- d-----w c:\program files\F-Secure

2008-12-18 17:01 --------- d-----w c:\documents and settings\Administrateur\Application Data\IM

2008-12-18 15:40 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\SolidWorks

2008-12-16 15:17 93,798 --sha-w c:\windows\system32\musebehi.dll

2008-12-15 21:01 --------- d-----w c:\program files\SolidWorks

2008-12-15 19:54 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\BitTorrent

2008-12-14 01:50 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Hamachi

2008-12-13 17:05 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-11 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-03 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\COSMOS Applications

2008-12-01 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure

2008-11-27 09:38 --------- d-----w c:\program files\Fichiers communs\SolidWorks Shared

2008-11-27 09:38 --------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks

2008-11-27 08:49 --------- d-----w c:\program files\Fichiers communs\eDrawings2007

2008-11-26 18:52 --------- d-----w c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks

2008-11-15 16:01 --------- d-----w c:\program files\Hamachi

2008-11-15 16:00 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-11-03 21:35 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Apple Computer

2008-11-03 21:26 --------- d-----w c:\program files\Fichiers communs\Apple

2008-11-03 21:26 --------- d-----w c:\program files\Apple Software Update

2008-11-03 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-11-03 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-11-01 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip

2008-11-01 21:41 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\EDrawings

2008-11-01 21:31 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\DassaultSystemes

2008-11-01 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\DassaultSystemes

2008-10-31 02:00 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2008-10-30 20:28 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\XnView

2008-10-29 21:43 --------- d-----w c:\program files\Fichiers communs\Logitech

2008-10-29 21:42 --------- d-----w c:\program files\Logitech

2008-10-29 11:45 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Sony Corporation

2008-10-28 13:15 --------- d-----w c:\program files\Sony

2008-10-28 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation

2008-10-28 13:13 --------- d-----w c:\program files\Fichiers communs\Sony Shared

2008-10-28 13:13 --------- d-----w c:\program files\Fichiers communs\InstallShield

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 19:50 --------- d-----w c:\program files\Real

2008-10-23 19:50 --------- d-----w c:\program files\Fichiers communs\xing shared

2008-10-23 19:50 --------- d-----w c:\program files\Fichiers communs\Real

2008-10-23 19:49 --------- d-----w c:\program files\Google

2008-10-23 19:16 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\Windows Search

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-22 16:57 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-22 07:27 --------- d-----w c:\program files\Windows Live

2008-10-22 07:23 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller

2008-10-22 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-10-19 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software

2008-10-19 12:14 --------- d-----w c:\program files\NCH Software

2008-10-18 16:26 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-18 08:56 --------- d-----w c:\documents and settings\GENE02.BES.AVENAO2\Application Data\vlc

2008-10-18 08:55 --------- d-----w c:\program files\VideoLAN

2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-01 16:05 65,430 ----a-w c:\windows\system32\Uninstall_PowerOf3D.exe

2008-10-01 13:04 356,352 ----a-w c:\windows\system32\AegisI5Installer.exe

2008-10-01 13:04 21,393 ----a-w c:\windows\AegisP.sys

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-15 342336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-06 8491008]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-06 81920]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]

"WinVNC"="c:\progra~1\REALVNC\WINVNC\winvnc.exe" [2002-09-20 319488]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-23 185872]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]

"QuickTime Task"="d:\lolo divers\logs\quick time\qttask.exe" [2008-09-06 413696]

"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2008-10-18 6862120]

"nwiz"="nwiz.exe" [2007-09-06 c:\windows\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2007-09-06 c:\windows\system32\nvhotkey.dll]

"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 c:\windows\stsystra.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\GENE02.BES.AVENAO2\Menu D‚marrer\Programmes\D‚marrage\

Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-10-18 488744]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-08 394856]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= ,

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"d:\\lolo divers\\logs\\bitorrent\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc.exe"=

"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Fichiers communs\\SolidWorks Shared\\Service\\SolidWorksLicensing.exe"=

"c:\\WINDOWS\\system32\\LVCOMSX.EXE"=

"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=

"c:\\WINDOWS\\system32\\nvsvc32.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=

"c:\\Program Files\\F-Secure\\common\\FNRB32.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\WLKEEPER.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-12-01 30856]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-16 79872]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-16 28544]

R1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys [2008-12-01 66720]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-10-16 76896]

S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure\ORSP Client\fsorsp.exe" [2008-12-01 55904]

S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-16 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-16 25184]

.

Contenu du dossier 'Tâches planifiées'

 

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2008-12-14 c:\windows\Tasks\At1.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At10.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At11.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At12.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At13.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At14.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At15.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At16.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At17.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-14 c:\windows\Tasks\At18.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-16 c:\windows\Tasks\At19.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At2.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At20.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\At21.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-17 c:\windows\Tasks\At22.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-17 c:\windows\Tasks\At23.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At24.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At3.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At4.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At5.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At6.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-15 c:\windows\Tasks\At7.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-14 c:\windows\Tasks\At8.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-14 c:\windows\Tasks\At9.job

- c:\windows\system32\8YSMy3r6.exe []

 

2008-12-18 c:\windows\Tasks\Tache planifiée analyse des disques locaux.job

- C:\program []

.

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

 

c:\windows\Downloaded Program Files\sldimdownload.dll - O16 -: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227}

hxxps://www.solidworks.com/sw/support/subscription/sldimdownload.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-18 20:41:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1300)

c:\program files\F-Secure\FWES\Program\fsdc32.dll

 

- - - - - - - > 'lsass.exe'(1356)

c:\program files\F-Secure\FSPS\program\FSLSP.DLL

c:\program files\F-Secure\FWES\Program\fsdc32.dll

 

- - - - - - - > 'csrss.exe'(1260)

c:\program files\F-Secure\FWES\Program\fsdc32.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\scardsvr.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files\F-Secure\common\FSMA32.EXE

c:\program files\F-Secure\Anti-Virus\fsgk32.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\windows\system32\searchindexer.exe

c:\program files\F-Secure\Anti-Virus\fssm32.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

c:\program files\F-Secure\common\FSLAUNCHER1.EXE

c:\windows\system32\wbem\wmiadap.exe

.

**************************************************************************

.

Heure de fin: 2008-12-18 20:44:41 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-18 19:44:12

 

Avant-CF: 73 510 690 816 octets libres

Après-CF: 73,508,630,528 octets libres

 

355 --- E O F --- 2008-12-11 22:23:59

 

 

je repasse mbam

 

merci et a demain

[MrPoke]

le premier rapport mbam

 

Malwarebytes' Anti-Malware 1.31

Version de la base de données: 1516

Windows 5.1.2600 Service Pack 3

 

18/12/2008 20:21:49

mbam-log-2008-12-18 (20-21-49).txt

 

Type de recherche: Examen rapide

Eléments examinés: 71991

Temps écoulé: 7 minute(s), 6 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 5

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 7

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 16

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\zibuyiri.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\fabireze.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\jefaduku.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\bivemufi.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\kapidugo.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{890df8d5-ef6b-40d7-b220-93a6a2f1add3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{890df8d5-ef6b-40d7-b220-93a6a2f1add3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{890df8d5-ef6b-40d7-b220-93a6a2f1add3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\popihogujo (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme3198379 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fabireze.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fabireze.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fabireze.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jefaduku.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jefaduku.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\kapidugo.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\kapidugo.dll -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\firahufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ufuharif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\huhevita.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ativehuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\loganini.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ininagol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zibuyiri.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\iriyubiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\jefaduku.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\bivemufi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\fabireze.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\kapidugo.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\rafolate.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mimoyibi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dibiyowa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\8YSMy3r6.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

et voila le second rapport mbam

 

Type de recherche: Examen rapide

Eléments examinés: 66776

Temps écoulé: 2 minute(s), 57 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

 

encore merci ,je vais soigneuseument enregistrer ces deux logiciels au cas ou

[angelique]

• desinstalle FindyKill et vide la quarantaine de MBAM ainsi que ses rapports

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\8YSMy3r6.exe
Folder::
c:\program files\FindyKill
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""
SkipFix::

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:files
c:\windows\Tasks\At*.job

:commands
[emptytemp]

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

 

 

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

 

 

• reposte avec le rapport OTMoveIT et ComboFix un nouveau rapport HijackThis

[MrPoke]

oups,j'avais po vu ca, je vais m'y mettre

[angelique]

ok

 

encore merci ,je vais soigneuseument enregistrer ces deux logiciels au cas ou

 

Tu garderas MBAM , je te ferais supp ComboFix(d'une certaine maniere) apres la vu des rapports , l'outils evolue constament , ça sert à rien de le garder