trojan

lucky29200 · le 4 janvier 2009

bonjour,

je me bagarre depuis quelques temps avec ce cheval de troie et je ne m'en sors pas.

Mon pc était protégé avec AVAST puis ensuite j'ai installé AVIRA et SPYBOT pas de résultat.

j'ai ensuite installé SPYSWEEPER pour nettoyer le PC il m'a viré quelques trojans mais pas le fameux virtumonde.generic.

j'ai continué avec MALWAREBYTES pas mieux et je viens de finir avec COMBOFIX toujours pareil mais je ne sais pas lire le HIJACKTHIS;

y-a-t'il quelqu'un pour m'aider svp.

ComboFix 09-01-02.01 - jean luc 2009-01-04 16:24:17.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.532 [GMT 1:00]

Lancé depuis: d:\documents and settings\jean luc\Bureau\combofix.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-04 au 2009-01-04 ))))))))))))))))))))))))))))))))))))

.

2009-01-04 12:43 . 2009-01-04 13:00 <REP> d-a------ d:\documents and settings\All Users\Application Data\TEMP

2008-12-31 16:47 . 2008-12-31 16:47 <REP> d-------- d:\documents and settings\jean luc\Application Data\Malwarebytes

2008-12-31 16:47 . 2008-12-31 16:47 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-31 16:47 . 2008-12-31 18:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-31 16:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-31 16:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-30 12:47 . 2008-12-30 12:47 <REP> d-------- d:\documents and settings\jean luc\Application Data\Webroot

2008-12-30 12:47 . 2008-12-30 12:47 <REP> d-------- d:\documents and settings\All Users\Application Data\Webroot

2008-12-30 12:47 . 2008-12-30 12:47 <REP> d-------- c:\program files\Webroot

2008-12-30 12:47 . 2008-12-30 12:47 <REP> d-------- c:\program files\Fichiers communs\Webroot Shared

2008-12-30 12:47 . 2007-10-03 09:36 196,424 --a------ c:\windows\Unwash6.exe

2008-12-16 19:34 . 2008-12-16 19:34 <REP> d-------- d:\documents and settings\All Users\Application Data\Avira

2008-12-16 19:34 . 2008-12-16 19:34 <REP> d-------- c:\program files\Avira

2008-12-15 20:20 . 2008-12-15 20:20 210 --a------ C:\face2feace.exe

2008-12-15 19:16 . 2008-12-30 18:05 442 --a------ c:\windows\wininit.ini

2008-12-15 18:55 . 2008-12-29 18:42 <REP> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-15 18:55 . 2008-12-29 13:50 <REP> d-------- c:\program files\Spybot - Search & Destroy

2008-12-15 18:34 . 2008-12-15 18:34 <REP> d--h-c--- d:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-10 20:01 . 2008-12-10 20:01 5,027 --a------ C:\aok.exe

2008-12-08 21:35 . 2008-12-08 21:35 5,027 --a------ C:\nfd.exe

2008-12-08 16:03 . 2008-12-08 16:31 1,025 --a------ C:\osy.exe

2008-12-08 09:58 . 2008-12-08 09:58 <REP> dr-hs---- C:\CONFIG

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-04 14:54 --------- d-----w c:\program files\Wanadoo

2008-12-11 16:22 --------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft

2008-11-11 11:55 --------- d-----w d:\documents and settings\amelie\Application Data\QuosaDDM

2008-11-06 22:05 --------- d-----w d:\documents and settings\marie\Application Data\Creative

2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-02-21 12:22 61,296 -c--a-w d:\documents and settings\amelie\Application Data\GDIPFONTCACHEV1.DAT

2008-01-22 14:50 61,296 ----a-w d:\documents and settings\lauriane\Application Data\GDIPFONTCACHEV1.DAT

2007-12-11 19:38 61,296 ----a-w d:\documents and settings\lucie\Application Data\GDIPFONTCACHEV1.DAT

2007-12-11 17:39 61,296 ----a-w d:\documents and settings\jean luc\Application Data\GDIPFONTCACHEV1.DAT

2007-07-05 10:52 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

.

((((((((((((((((((((((((((((( snapshot@2009-01-04_15.45.52.87 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll

+ 2008-10-23 12:36:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll

+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:39:40 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 08:11:52 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 08:11:52 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 08:11:52 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 08:11:52 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 08:11:53 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

- 2008-10-16 12:02:29 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2009-01-04 14:46:47 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

- 2008-10-16 12:02:29 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2009-01-04 14:46:47 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2008-10-16 12:02:29 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2009-01-04 14:46:47 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

- 2008-10-16 12:02:29 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2009-01-04 14:46:46 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2008-10-16 12:02:29 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2009-01-04 14:46:47 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2008-10-16 12:02:29 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2009-01-04 14:46:47 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2008-10-16 12:02:29 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2009-01-04 14:46:47 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2008-10-16 12:02:29 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2009-01-04 14:46:47 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2008-10-16 12:02:29 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2009-01-04 14:46:47 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

- 2008-10-16 12:02:29 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2009-01-04 14:46:47 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2008-10-16 12:02:29 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2009-01-04 14:46:46 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2008-10-16 12:02:29 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2009-01-04 14:46:46 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-08-26 08:11:45 124,928 ------w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:18:31 124,928 ------w c:\windows\system32\dllcache\advpack.dll

- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll

- 2008-08-26 08:11:45 63,488 ------w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:18:32 63,488 ------w c:\windows\system32\dllcache\icardie.dll

- 2008-08-26 08:11:45 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:18:32 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 08:11:45 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:18:32 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-26 08:11:46 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:18:32 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 08:11:46 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:18:32 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:12:27 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:18:35 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 08:11:48 44,544 ------w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:18:35 44,544 ------w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 08:11:48 267,776 ------w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:18:35 267,776 ------w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll

- 2006-10-18 18:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe

- 2008-08-26 08:11:49 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:18:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 08:11:49 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:18:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 08:11:52 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 08:11:52 102,912 ------w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:18:41 102,912 ------w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll

- 2006-08-24 12:19:40 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:17:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 08:11:52 105,984 ------w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:18:41 105,984 ------w c:\windows\system32\dllcache\url.dll

- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 08:11:53 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:18:42 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 08:11:54 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll

- 2006-10-18 19:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll

+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2006-10-18 19:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll

- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-08-26 08:11:45 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:39:40 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 08:11:45 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 08:11:45 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 08:11:46 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 08:11:46 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:12:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 08:11:48 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 08:11:48 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2006-10-18 18:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe

+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe

- 2008-08-26 08:11:49 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 08:11:49 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 09:11:52 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 08:11:52 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-08-26 08:11:52 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-07-08 13:03:54 18,296 ------w c:\windows\system32\spmsg.dll

+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll

- 2006-08-24 12:19:40 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe

+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe

- 2008-08-26 08:11:52 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 08:11:53 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-08-26 08:11:54 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-10-16 20:18:43 826,368 ----a-w c:\windows\system32\wininet.dll

- 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll

+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

"MediaDico"="c:\program files\Micro Application\MediaDICO\MediaDICO.exe" [2001-01-17 221696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]

"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [bU]

"nl2plwrk"="c:\windows\system32\svscs.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]

"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]

"EPSON Stylus DX3800 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 180269]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"nl2plwrk"="c:\windows\system32\svscs.exe" [bU]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [bU]

"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

d:\documents and settings\jean luc\Menu D‚marrer\Programmes\D‚marrage\

CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-08-13 487424]

d:\documents and settings\lauriane\Menu D‚marrer\Programmes\D‚marrage\

CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-08-13 487424]

d:\documents and settings\marie\Menu D‚marrer\Programmes\D‚marrage\

CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-08-13 487424]

d:\documents and settings\jean luc\Menu D‚marrer\Programmes\D‚marrage\

CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-08-13 487424]

d:\documents and settings\jean luc\Menu D‚marrer\Programmes\D‚marrage\

CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2006-08-13 487424]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

LG Sync Manager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-09-20 233472]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-09-20 233472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-08-27 118784]

Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2007-09-29 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\APPS\\skype\\phone\\Skype.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\guardgui.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\WINDOWS\\system32\\verclsid.exe"=

"c:\\Program Files\\Webroot\\Washer\\WasherSvc.exe"=

"c:\\APPS\\Powercinema\\Kernel\\TV\\CLCapSvc.exe"=

R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2006-03-08 138112]

R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-12-30 598856]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2007-09-29 402432]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-07-05 217088]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-08-02 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-08-02 85696]

S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]

c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

.

Contenu du dossier 'Tâches planifiées'

2008-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-02 c:\windows\Tasks\Norton Internet Security - Analyse système complète - jean luc.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-01-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{81a360be-af33-437a-8883-146cb1ffa583} - (no file)

BHO-{8CD8011B-CDD3-4D9F-B79C-55932E863252} - (no file)

BHO-{9dba86eb-7254-4bc1-87fe-ea363bf26f4e} - (no file)

BHO-{DCB430C4-7A7A-42CB-888C-5F1030D9655D} - (no file)

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://camera1.mairie-brest.fr/activex/AMC.cab

c:\windows\Downloaded Program Files\setup.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-04 16:25:57

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2009-01-04 16:26:53

ComboFix-quarantined-files.txt 2009-01-04 15:26:51

ComboFix2.txt 2009-01-04 14:47:38

Avant-CF: 20 025 102 336 octets libres

Après-CF: 20,008,665,088 octets libres

411 --- E O F --- 2009-01-04 14:47:57

angelique · le 4 janvier 2009

1• désactiver TeaTimer de Spybot-S&D (lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer

2• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

File::
C:\face2feace.exe
C:\aok.exe
C:\nfd.exe
C:\osy.exe
c:\windows\system32\svscs.exe
Dirlook::
C:\CONFIG
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nl2plwrk"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nl2plwrk"=-

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

lucky29200 · le 4 janvier 2009

j'ai fait la manip voilà le résultat.

ComboFix 09-01-02.01 - jean luc 2009-01-04 20:26:24.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.520 [GMT 1:00]

Lancé depuis: d:\documents and settings\jean luc\Bureau\combofix.exe

Commutateurs utilisés :: d:\documents and settings\jean luc\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

FILE ::

C:\aok.exe

C:\face2feace.exe

C:\nfd.exe

C:\osy.exe

c:\windows\system32\svscs.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))