Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Bonjour,

 

J'ai une machine infectée par wisdstr.exe et autres.

Mcafee Viruscan Entreprise les reconnais mais n'arrive pas a les supprimer.

J'ai passé MBAM a plusieurs reprises dont une fois en mode sans échec en ayant désactivé la restauration système.

Cepndant les virus réapparaissent au reboot.

Je viens de passer combofix dont le rapport est ci dessous.

 

 

ComboFix 09-08-25.05 - Propriétaire 26/08/2009 17:04.1.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.412 [GMT 2:00]

Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\akucu.vbs

c:\documents and settings\All Users\Application Data\cezen.bin

c:\documents and settings\All Users\Application Data\cutytepyl.scr

c:\documents and settings\All Users\Application Data\dimoxajiwu.reg

c:\documents and settings\All Users\Application Data\egek._sy

c:\documents and settings\All Users\Application Data\ficuzygik.sys

c:\documents and settings\All Users\Application Data\fipolanudi.reg

c:\documents and settings\All Users\Application Data\fukoniga.com

c:\documents and settings\All Users\Application Data\gitoqy.inf

c:\documents and settings\All Users\Application Data\ibezup.vbs

c:\documents and settings\All Users\Application Data\ikeges._dl

c:\documents and settings\All Users\Application Data\ilyxofu._dl

c:\documents and settings\All Users\Application Data\jakesyha.scr

c:\documents and settings\All Users\Application Data\mivaqaca.bin

c:\documents and settings\All Users\Application Data\nodus.ban

c:\documents and settings\All Users\Application Data\obem.vbs

c:\documents and settings\All Users\Application Data\ohigo.lib

c:\documents and settings\All Users\Application Data\sevarem.pif

c:\documents and settings\All Users\Application Data\xiqaxyjan.com

c:\documents and settings\All Users\Application Data\ybum.exe

c:\documents and settings\All Users\Application Data\yjor.sys

c:\documents and settings\All Users\Application Data\zivebo.reg

c:\documents and settings\All Users\Documents\agizoqefi.dl

c:\documents and settings\All Users\Documents\alotipeti.dl

c:\documents and settings\All Users\Documents\bitarygude.bat

c:\documents and settings\All Users\Documents\bozuweco.com

c:\documents and settings\All Users\Documents\cabagumyne.com

c:\documents and settings\All Users\Documents\cepufi.com

c:\documents and settings\All Users\Documents\exotubij.scr

c:\documents and settings\All Users\Documents\fagujityha.reg

c:\documents and settings\All Users\Documents\fuqami.com

c:\documents and settings\All Users\Documents\gynyci.reg

c:\documents and settings\All Users\Documents\kadym.vbs

c:\documents and settings\All Users\Documents\kybinesuj.pif

c:\documents and settings\All Users\Documents\kygozuzyt.reg

c:\documents and settings\All Users\Documents\otodonyp.exe

c:\documents and settings\All Users\Documents\pedyhimymi.bat

c:\documents and settings\All Users\Documents\penudyz.vbs

c:\documents and settings\All Users\Documents\puhu.inf

c:\documents and settings\All Users\Documents\qufo.reg

c:\documents and settings\All Users\Documents\reki.bat

c:\documents and settings\All Users\Documents\xygeboteta.com

c:\documents and settings\All Users\Documents\ydysejyjy.pif

c:\documents and settings\All Users\Documents\ykyly.dll

c:\documents and settings\All Users\Documents\ylatyc.exe

c:\documents and settings\All Users\Documents\ymiseqab._dl

c:\documents and settings\All Users\Documents\yqyvyxej.bin

c:\documents and settings\All Users\Documents\yvida.inf

c:\documents and settings\All Users\Documents\zumydad.sys

c:\documents and settings\LocalService\Application Data\efavely.com

c:\documents and settings\LocalService\Application Data\esadyr.scr

c:\documents and settings\LocalService\Application Data\zamoryveca.reg

c:\documents and settings\LocalService\Cookies\ryzaj.dll

c:\documents and settings\LocalService\Local Settings\Application Data\loga.dl

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\homyqen.pif

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zima.pif

c:\documents and settings\Propri‚taire\Application Data\cikog.vbs

c:\documents and settings\Propri‚taire\Application Data\colivo.vbs

c:\documents and settings\Propri‚taire\Application Data\ecoviwefiz.vbs

c:\documents and settings\Propri‚taire\Application Data\ewiku.bat

c:\documents and settings\Propri‚taire\Application Data\ihazusel.reg

c:\documents and settings\Propri‚taire\Application Data\jefon.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\canaxi.bat

c:\documents and settings\Propri‚taire\Local Settings\Application Data\fyhohypyri.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\hokujohex.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\isapoga.reg

c:\documents and settings\Propri‚taire\Local Settings\Application Data\obataf.bat

c:\documents and settings\Propri‚taire\Local Settings\Application Data\ohuz.reg

c:\documents and settings\Propri‚taire\Local Settings\Application Data\syfecuq.inf

c:\program files\Fichiers communs\ahasof.ban

c:\program files\Fichiers communs\alulu.bin

c:\program files\Fichiers communs\axiwoqezy.exe

c:\program files\Fichiers communs\cago.bin

c:\program files\Fichiers communs\cesidi.scr

c:\program files\Fichiers communs\dykecuwaku.dl

c:\program files\Fichiers communs\helafibaso.bin

c:\program files\Fichiers communs\isojoja.sys

c:\program files\Fichiers communs\ixah.exe

c:\program files\Fichiers communs\jahu.pif

c:\program files\Fichiers communs\lixocavyk.com

c:\program files\Fichiers communs\lucirakas.sys

c:\program files\Fichiers communs\nubobetit.ban

c:\program files\Fichiers communs\ofopodano.exe

c:\program files\Fichiers communs\reramedaqa.dl

c:\program files\Fichiers communs\tyny.com

c:\program files\Fichiers communs\wojazywuga.sys

c:\program files\Fichiers communs\ygacygug.ban

c:\program files\WinPCap

c:\program files\WinPCap\rpcapd.exe

c:\windows\ahuwe.inf

c:\windows\atypavad._dl

c:\windows\bakaly.bat

c:\windows\etefututov.exe

c:\windows\ezodi.ban

c:\windows\fisyhyzup.sys

c:\windows\fowihyge.dll

c:\windows\hatositiv.dll

c:\windows\hiporo.bin

c:\windows\huxymo.bin

c:\windows\Installer\13109.msi

c:\windows\janyqo.dll

c:\windows\jefazurax.sys

c:\windows\jisigokoc.bin

c:\windows\owilykeha.exe

c:\windows\pira.bin

c:\windows\rotocevami.vbs

c:\windows\soqywefy.ban

c:\windows\system32\anulolagi.ban

c:\windows\system32\cijiva._dl

c:\windows\system32\Drivers\asyiy.sys

c:\windows\system32\Drivers\dhsbt.sys

c:\windows\system32\Drivers\lbwgv.sys

c:\windows\system32\drivers\npf.sys

c:\windows\system32\ekasareta.pif

c:\windows\system32\eqevihuce.bin

c:\windows\system32\fenemob.pif

c:\windows\system32\hitafy.scr

c:\windows\system32\ilidadetuh.dll

c:\windows\system32\mawewumat.reg

c:\windows\system32\Packet.dll

c:\windows\system32\pehixa.exe

c:\windows\system32\pthreadVC.dll

c:\windows\system32\rnaph.dll

c:\windows\system32\sytazofuli.dl

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\windows\system32\xafivej.dll

c:\windows\system32\yfej.dl

c:\windows\system32\yparokeq.bin

c:\windows\system32\yweka._dl

c:\windows\system32\zyhupazoco.vbs

c:\windows\ufuc._dl

c:\windows\ujiduhup.dl

c:\windows\ujul.dl

c:\windows\ukebyhosaz.pif

c:\windows\wymavowa.reg

c:\windows\xihycem.sys

c:\windows\xoty.inf

c:\windows\yfacojax.ban

c:\windows\ylizihazi.dll

c:\windows\zize.ban

c:\windows\zuby.inf

 

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))

.

 

2009-08-26 15:18 . 2009-08-26 15:19 190993 ----a-w- c:\windows\system32\wisdstr.exe

2009-08-26 15:17 . 2009-08-26 15:17 11264 ----a-w- c:\windows\system32\braviax.exe

2009-08-26 13:51 . 2009-08-26 13:51 16002 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\afag.dat

2009-08-26 11:26 . 2003-09-20 18:06 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-26 11:26 . 2003-09-20 18:06 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-26 09:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-26 09:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-26 08:42 . 2009-08-26 15:17 94016 -c--a-w- c:\windows\system32\dllcache\agp440.sys

2009-08-25 19:26 . 2009-08-25 20:34 -------- d-----w- c:\windows\BDOSCAN8

2009-08-24 13:18 . 2009-08-24 13:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-08-24 13:17 . 2007-02-15 09:36 432128 ----a-w- c:\windows\system32\drivers\rt73u98.sys

2009-08-24 13:17 . 2005-11-30 09:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin

2009-08-24 13:17 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys

2009-08-24 13:17 . 2007-02-15 09:36 242816 ----a-w- c:\windows\system32\drivers\rt25u98.sys

2009-08-24 13:17 . 2006-11-08 13:45 240384 ----a-w- c:\windows\system32\drivers\rt2500usb.sys

2009-08-24 13:17 . 2009-08-24 13:17 -------- d-----w- c:\program files\Hercules

2009-08-24 12:46 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-08-24 12:46 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-08-24 12:45 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2009-08-24 12:45 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2009-08-22 14:34 . 2009-08-22 14:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-22 14:30 . 2009-08-22 14:35 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6

2009-08-22 14:26 . 2009-08-22 14:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE

2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-22 11:23 . 2009-08-22 11:23 17105 ----a-w- c:\windows\qelym.dat

2009-08-22 11:23 . 2009-08-22 11:23 13731 ----a-w- c:\windows\pegari.com

2009-08-22 10:02 . 2009-08-22 10:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-08-22 09:57 . 2009-08-22 11:12 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-21 08:53 . 2009-08-21 08:53 16001 ----a-w- c:\windows\system32\pibenon.dat

2009-08-19 07:59 . 2009-08-19 07:59 13479 ----a-w- c:\windows\system32\urypow.dat

2009-08-19 07:59 . 2009-08-19 07:59 10000 ----a-w- c:\windows\system32\qumejeryre.scr

2009-08-18 17:51 . 2009-08-18 17:51 1 ---h--w- c:\windows\ex23567.dat

2009-08-18 08:12 . 2009-08-18 08:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%

2009-08-17 18:22 . 2009-08-17 18:22 14516 ----a-w- c:\windows\ymoh.com

2009-08-17 18:22 . 2009-08-17 18:22 10070 ----a-w- c:\windows\pufunu.dat

2009-08-17 10:16 . 2009-08-18 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-17 05:41 . 2009-08-17 05:41 10708 ----a-w- c:\windows\uxiro.com

2009-08-16 19:33 . 2009-08-16 19:33 19104 ----a-w- c:\windows\emuxihi.dat

2009-08-16 19:33 . 2009-08-16 19:33 11271 ----a-w- c:\windows\amedujisim.dat

2009-08-16 14:53 . 2009-08-16 14:53 11761 ----a-w- c:\windows\system32\tydyw.dat

2009-08-16 14:45 . 2009-08-16 14:45 13523 ----a-w- c:\program files\Fichiers communs\visib.dat

2009-08-12 08:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 15:24 . 2009-08-26 15:24 17378 ----a-w- c:\documents and settings\All Users\Application Data\musosewyx.scr

2009-08-26 15:24 . 2009-08-26 15:24 17378 ----a-w- c:\documents and settings\All Users\Application Data\musosewyx.scr

2009-08-26 15:24 . 2009-08-26 15:24 17253 ----a-w- c:\windows\ylifufudyh.sys

2009-08-26 15:24 . 2009-08-26 15:24 17014 ----a-w- c:\windows\system32\iqumocexoz.bat

2009-08-26 15:24 . 2009-08-26 15:24 13876 ----a-w- c:\windows\buna.sys

2009-08-26 15:24 . 2009-08-26 15:24 13522 ----a-w- c:\program files\Fichiers communs\avah.vbs

2009-08-26 15:24 . 2009-08-26 15:24 12274 ----a-w- c:\windows\system32\orysofa.bin

2009-08-26 15:24 . 2009-08-26 15:24 12068 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin

2009-08-26 15:24 . 2009-08-26 15:24 11645 ----a-w- c:\program files\Fichiers communs\welazilaga.sys

2009-08-26 15:24 . 2009-08-26 15:24 10975 ----a-w- c:\windows\system32\asyga.pif

2009-08-26 15:24 . 2009-08-26 15:24 11019 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin

2009-08-26 15:24 . 2009-08-26 15:24 11895 ----a-w- c:\program files\Fichiers communs\ivyzoraza.dll

2009-08-26 15:23 . 2009-08-26 15:23 -------- d-----w- c:\program files\PC_Antispyware2010

2009-08-26 15:18 . 2009-05-15 16:27 -------- d-----w- c:\program files\SPAMfighter

2009-08-26 15:17 . 2004-01-01 07:12 94016 ----a-w- c:\windows\system32\drivers\agp440.sys

2009-08-26 15:17 . 2004-06-10 19:05 -------- d-----w- c:\program files\Wanadoo

2009-08-26 13:51 . 2009-08-26 13:51 17456 ----a-w- c:\program files\Fichiers communs\letoper.lib

2009-08-26 13:51 . 2009-08-26 13:51 12150 ----a-w- c:\program files\Fichiers communs\odetur._sy

2009-08-26 13:51 . 2009-08-26 13:51 19253 ----a-w- c:\program files\Fichiers communs\elutytysy.db

2009-08-26 11:19 . 2009-08-26 11:19 1184 ----a-w- c:\program files\zoqcr.txt

2009-08-24 13:17 . 2004-01-01 10:15 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-24 13:02 . 2004-01-01 10:26 -------- d-----w- c:\program files\Easy Internet signup

2009-08-22 14:40 . 2004-06-20 11:42 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-08-22 14:40 . 2006-04-29 17:45 -------- d-----w- c:\program files\Astraware

2009-08-20 17:35 . 2004-01-01 15:43 630432 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-16 19:33 . 2009-08-16 19:33 17621 ----a-w- c:\documents and settings\All Users\Application Data\cewilav.dat

2009-08-16 19:33 . 2009-08-16 19:33 17426 ----a-w- c:\program files\Fichiers communs\nawu.db

2009-08-16 14:53 . 2009-08-16 14:53 15000 ----a-w- c:\program files\Fichiers communs\kypubuz.lib

2009-08-05 09:00 . 2002-12-12 06:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2004-01-03 03:27 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-01-01 08:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 16:57 . 2004-08-23 18:35 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2004-01-03 03:35 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-01-03 03:34 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-01-03 03:34 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-01-03 03:33 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-01-03 03:33 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-01-03 03:32 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-01-01 15:43 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-22 17:52 . 2009-06-22 17:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-16 14:40 . 2004-01-03 03:35 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2004-01-03 03:32 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-01-01 15:43 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-01-03 03:27 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2004-01-03 03:33 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-01-01 15:44 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 09:42 . 2009-06-22 18:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-05 09:42 . 2007-12-03 19:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-03 19:10 . 2003-05-30 15:00 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-11-01 15:40 . 2006-11-01 15:40 0 -csha-w- c:\windows\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2003-09-23 11:01 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-20 17:35 630432 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-08-06 2502656]

"Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 159744]

"WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 68856]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]

"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-11 32768]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-26 595065]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-05 753664]

"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-6-10 954475]

EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-11-19 121856]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-28 83360]

NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-6-19 241664]

Synchronisation Wanadoo.lnk - c:\program files\Wanadoo\Synchronisation Wanadoo\Voxsync.exe [2004-11-9 622592]

WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2009-8-24 722432]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]

S1 820b9cd7;820b9cd7;c:\windows\system32\drivers\820b9cd7.sys --> c:\windows\system32\drivers\820b9cd7.sys [?]

S1 836b6abf;836b6abf;c:\windows\system32\drivers\836b6abf.sys --> c:\windows\system32\drivers\836b6abf.sys [?]

S2 gupdate1c9945f4b5f3db3;Service Google Update (gupdate1c9945f4b5f3db3);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 22:02 133104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

 

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02]

 

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02]

 

2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{81F9939B-A69F-487E-A952-D34712163A73}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-RecordNow! - (no file)

HKLM-Run-PS2 - c:\windows\system32\ps2.exe

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

 

 

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 17:18

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Type"="wellknown"

"Order"=dword:00000001

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]

"Name"="IESettings"

"Type"="IESettings"

"Order"=dword:00000004

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]

"Name"="MediaFiles"

"Type"="MediaFiles"

"Order"=dword:00000003

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]

"Name"="NPW"

"Param1"="NPW"

"Type"="wellknown"

"Order"=dword:00000002

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]

"Name"="Outlook"

"DisplayName"="Microsoft Outlook"

"Param1"="Outlook"

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:00000020

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DeviceAppInstall\oemDevice3]

"Name"="oemDevice3"

"DisplayName"="Modem sans fil"

"Param1"="oem\\APPS\\Drivers\\GSM USB Modem\\USBModem_Dialer.exe"

"Param2"=""

"Type"="createprocess"

"Order"=dword:00000000

"State"=dword:0000001b

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(7896)

c:\windows\system32\nView.dll

c:\windows\system32\NVWRSFR.DLL

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

c:\windows\system32\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\rundll32.exe

c:\program files\McAfee\Common Framework\Mctray.exe

c:\progra~1\Wanadoo\TaskBarIcon.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\progra~1\MICROS~3\rapimgr.exe

c:\windows\system32\braviax.exe

c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe

c:\windows\system32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-26 17:27 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-26 15:26

 

Pre-Run: 81 513 541 632 octets libres

Post-Run: 81 623 109 632 octets libres

 

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=,1,2,3,4,5

465 --- E O F --- 2009-08-16 19:29

 

 

 

Pouvez vous me dire que faire désormais?

 

Merci d'avance

Posté(e)

Bonsoir,

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

c:\program files\PC_Antispyware2010

File::

c:\documents and settings\All Users\Application Data\musosewyx.scr

c:\documents and settings\All Users\Application Data\cewilav.dat

c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin

c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin

 

c:\windows\ylifufudyh.sys

c:\windows\system32\iqumocexoz.bat

c:\windows\buna.sys

c:\program files\Fichiers communs\avah.vbs

c:\windows\system32\orysofa.bin

c:\program files\Fichiers communs\welazilaga.sys

c:\windows\system32\asyga.pif

c:\program files\Fichiers communs\ivyzoraza.dll

c:\program files\Fichiers communs\odetur._sy

c:\program files\Fichiers communs\elutytysy.db

c:\program files\zoqcr.txt

c:\program files\Fichiers communs\nawu.db

c:\program files\Fichiers communs\kypubuz.lib

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

Démarrez en mode sans échec.

Choisissez la session administrateur

Copiez collez tout ce qui suit En vertdans le bloc notes.

Enregistrez sous repar.bat sur le bureau

double clicquez sur repar.bat.

Vous devez voir apparaitre un message"2 fichiers copiés"

 

@echo off

copy /Y c:\windows\ServicePackFiles\i386\ntfs.sys c:\windows\system32\drivers

echo

Pause

Posté(e)

Bonjour,

 

Merci pour votre réponse.

Malgré la désactivation de mcafee il reste vu comme actif par combofix.

Les actions ont quand meme été effectuées.

Ci dessous le fichier log.

Meme en mode sans échec les fichiers du repar.bat ne peuvent etre copiés car ils sont utilisés par un autre process.

 

ComboFix 09-08-25.05 - Propriétaire 28/08/2009 10:59.2.1 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.594 [GMT 1:00]

Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe

Command switches used :: G:\cfscript.txt

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

FILE ::

"c:\documents and settings\All Users\Application Data\cewilav.dat"

"c:\documents and settings\All Users\Application Data\musosewyx.scr"

"c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin"

"c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin"

"c:\program files\Fichiers communs\avah.vbs"

"c:\program files\Fichiers communs\elutytysy.db"

"c:\program files\Fichiers communs\ivyzoraza.dll"

"c:\program files\Fichiers communs\kypubuz.lib"

"c:\program files\Fichiers communs\nawu.db"

"c:\program files\Fichiers communs\odetur._sy"

"c:\program files\Fichiers communs\welazilaga.sys"

"c:\program files\zoqcr.txt"

"c:\windows\buna.sys"

"c:\windows\system32\asyga.pif"

"c:\windows\system32\iqumocexoz.bat"

"c:\windows\system32\orysofa.bin"

"c:\windows\ylifufudyh.sys"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\cewilav.dat

c:\documents and settings\All Users\Application Data\musosewyx.scr

c:\documents and settings\All Users\Documents\ekab.ban

c:\documents and settings\All Users\Documents\geref.pif

c:\documents and settings\All Users\Documents\isudelus.sys

c:\documents and settings\All Users\Documents\uliq.vbs

c:\documents and settings\LocalService\Application Data\exax.vbs

c:\documents and settings\LocalService\Application Data\fylyhi.inf

c:\documents and settings\LocalService\Application Data\otopyl.ban

c:\documents and settings\LocalService\Application Data\ynahy.ban

c:\documents and settings\LocalService\Cookies\ajocyb.pif

c:\documents and settings\LocalService\Cookies\egutexoxo.exe

c:\documents and settings\LocalService\Local Settings\Application Data\gikobav.ban

c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin

c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\donadu.dll

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\duzo.pif

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\jamajek._sy

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\omyfode.dll

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\documents and settings\Propri‚taire\Application Data\cikog.vbs

c:\documents and settings\Propri‚taire\Application Data\colivo.vbs

c:\documents and settings\Propri‚taire\Application Data\ecoviwefiz.vbs

c:\documents and settings\Propri‚taire\Application Data\ewiku.bat

c:\documents and settings\Propri‚taire\Application Data\ihazusel.reg

c:\documents and settings\Propri‚taire\Application Data\jefon.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\canaxi.bat

c:\documents and settings\Propri‚taire\Local Settings\Application Data\fyhohypyri.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\hokujohex.inf

c:\documents and settings\Propri‚taire\Local Settings\Application Data\isapoga.reg

c:\documents and settings\Propri‚taire\Local Settings\Application Data\obataf.bat

c:\documents and settings\Propri‚taire\Local Settings\Application Data\ohuz.reg

c:\documents and settings\Propri‚taire\Local Settings\Application Data\syfecuq.inf

c:\program files\Fichiers communs\anunozebex.dll

c:\program files\Fichiers communs\avah.vbs

c:\program files\Fichiers communs\elutytysy.db

c:\program files\Fichiers communs\ivyzoraza.dll

c:\program files\Fichiers communs\kypubuz.lib

c:\program files\Fichiers communs\nawu.db

c:\program files\Fichiers communs\odetur._sy

c:\program files\Fichiers communs\welazilaga.sys

c:\program files\PC_Antispyware2010

c:\program files\PC_Antispyware2010\AVEngn.dll

c:\program files\PC_Antispyware2010\data\daily.cvd

c:\program files\PC_Antispyware2010\htmlayout.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg

c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

c:\program files\PC_Antispyware2010\pthreadVC2.dll

c:\program files\PC_Antispyware2010\Uninstall.exe

c:\program files\zoqcr.txt

c:\windows\buna.sys

c:\windows\ejewumu.pif

c:\windows\hijedym.reg

c:\windows\iqowyh.sys

c:\windows\pawybo.scr

c:\windows\system32\asyga.pif

c:\windows\system32\braviax.exe

c:\windows\system32\Drivers\hsvk.sys

c:\windows\system32\iqumocexoz.bat

c:\windows\system32\kemimac.dll

c:\windows\system32\lubajux.dl

c:\windows\system32\orysofa.bin

c:\windows\system32\sdra64.exe

c:\windows\system32\wisdstr.exe

c:\windows\ylifufudyh.sys

c:\windows\ynomiten.sys

 

 

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

 

2009-08-26 13:51 . 2009-08-26 13:51 16002 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\afag.dat

2009-08-26 11:26 . 2003-09-20 18:06 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-26 11:26 . 2003-09-20 18:06 4224 ------w- c:\windows\system32\drivers\beep.sys

2009-08-26 09:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-26 09:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-26 08:42 . 2009-08-28 08:25 94016 -c--a-w- c:\windows\system32\dllcache\agp440.sys

2009-08-25 19:26 . 2009-08-25 20:34 -------- d-----w- c:\windows\BDOSCAN8

2009-08-24 13:18 . 2009-08-24 13:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-08-24 13:17 . 2007-02-15 09:36 432128 ----a-w- c:\windows\system32\drivers\rt73u98.sys

2009-08-24 13:17 . 2005-11-30 09:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin

2009-08-24 13:17 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys

2009-08-24 13:17 . 2007-02-15 09:36 242816 ----a-w- c:\windows\system32\drivers\rt25u98.sys

2009-08-24 13:17 . 2006-11-08 13:45 240384 ----a-w- c:\windows\system32\drivers\rt2500usb.sys

2009-08-24 13:17 . 2009-08-24 13:17 -------- d-----w- c:\program files\Hercules

2009-08-24 12:46 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-08-24 12:46 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-08-24 12:45 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2009-08-24 12:45 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2009-08-22 14:34 . 2009-08-22 14:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-22 14:30 . 2009-08-22 14:35 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6

2009-08-22 14:26 . 2009-08-22 14:26 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE

2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-22 11:23 . 2009-08-22 11:23 17105 ----a-w- c:\windows\qelym.dat

2009-08-22 11:23 . 2009-08-22 11:23 13731 ----a-w- c:\windows\pegari.com

2009-08-22 10:02 . 2009-08-22 10:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-08-22 09:57 . 2009-08-22 11:12 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-21 08:53 . 2009-08-21 08:53 16001 ----a-w- c:\windows\system32\pibenon.dat

2009-08-19 07:59 . 2009-08-19 07:59 13479 ----a-w- c:\windows\system32\urypow.dat

2009-08-19 07:59 . 2009-08-19 07:59 10000 ----a-w- c:\windows\system32\qumejeryre.scr

2009-08-18 17:51 . 2009-08-18 17:51 1 ---h--w- c:\windows\ex23567.dat

2009-08-18 08:12 . 2009-08-18 08:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%

2009-08-17 18:22 . 2009-08-17 18:22 14516 ----a-w- c:\windows\ymoh.com

2009-08-17 18:22 . 2009-08-17 18:22 10070 ----a-w- c:\windows\pufunu.dat

2009-08-17 10:16 . 2009-08-18 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-17 05:41 . 2009-08-17 05:41 10708 ----a-w- c:\windows\uxiro.com

2009-08-16 19:33 . 2009-08-16 19:33 19104 ----a-w- c:\windows\emuxihi.dat

2009-08-16 19:33 . 2009-08-16 19:33 11271 ----a-w- c:\windows\amedujisim.dat

2009-08-16 14:53 . 2009-08-16 14:53 11761 ----a-w- c:\windows\system32\tydyw.dat

2009-08-16 14:45 . 2009-08-16 14:45 13523 ----a-w- c:\program files\Fichiers communs\visib.dat

2009-08-12 08:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-28 10:11 . 2009-05-15 16:27 -------- d-----w- c:\program files\SPAMfighter

2009-08-28 10:10 . 2004-06-10 19:05 -------- d-----w- c:\program files\Wanadoo

2009-08-28 08:25 . 2004-01-01 07:12 94016 ----a-w- c:\windows\system32\drivers\agp440.sys

2009-08-26 15:38 . 2004-01-01 15:44 446566 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-26 15:38 . 2004-01-01 15:44 64484 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-26 13:51 . 2009-08-26 13:51 17456 ----a-w- c:\program files\Fichiers communs\letoper.lib

2009-08-24 13:17 . 2004-01-01 10:15 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-24 13:02 . 2004-01-01 10:26 -------- d-----w- c:\program files\Easy Internet signup

2009-08-22 14:40 . 2004-06-20 11:42 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-08-22 14:40 . 2006-04-29 17:45 -------- d-----w- c:\program files\Astraware

2009-08-20 17:35 . 2004-01-01 15:43 630432 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-05 09:00 . 2002-12-12 06:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2004-01-03 03:27 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-01-01 08:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 16:57 . 2004-08-23 18:35 915456 ------w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2004-01-03 03:35 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-01-03 03:34 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-01-03 03:34 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-01-03 03:33 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-01-03 03:33 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-01-03 03:32 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-01-01 15:43 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-22 17:52 . 2009-06-22 17:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-16 14:40 . 2004-01-03 03:35 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2004-01-03 03:32 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-01-01 15:43 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-01-03 03:27 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2004-01-03 03:33 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-01-01 15:44 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 09:42 . 2009-06-22 18:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-05 09:42 . 2007-12-03 19:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-03 19:10 . 2003-05-30 15:00 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-11-01 15:40 . 2006-11-01 15:40 0 -csha-w- c:\windows\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2003-09-23 11:01 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-20 17:35 630432 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_15.18.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-28 10:10 . 2009-08-28 10:10 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat

+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe

+ 2004-01-01 15:43 . 2009-08-26 15:38 53436 c:\windows\system32\perfc009.dat

- 2004-01-01 15:43 . 2009-04-15 11:13 53436 c:\windows\system32\perfc009.dat

+ 2004-01-01 15:43 . 2009-08-26 15:38 381692 c:\windows\system32\perfh009.dat

- 2004-01-01 15:43 . 2009-04-15 11:13 381692 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-08-06 2502656]

"Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 159744]

"WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 68856]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]

"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]

"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-11 32768]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-05 753664]

"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-6-10 954475]

EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-11-19 121856]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-28 83360]

NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-6-19 241664]

Synchronisation Wanadoo.lnk - c:\program files\Wanadoo\Synchronisation Wanadoo\Voxsync.exe [2004-11-9 622592]

WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2009-8-24 722432]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 09:44 184968]

S1 820b9cd7;820b9cd7;c:\windows\system32\drivers\820b9cd7.sys --> c:\windows\system32\drivers\820b9cd7.sys [?]

S1 836b6abf;836b6abf;c:\windows\system32\drivers\836b6abf.sys --> c:\windows\system32\drivers\836b6abf.sys [?]

S2 gupdate1c9945f4b5f3db3;Service Google Update (gupdate1c9945f4b5f3db3);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 21:02 133104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

 

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02]

 

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02]

 

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{81F9939B-A69F-487E-A952-D34712163A73}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

 

 

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-28 11:10

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Type"="wellknown"

"Order"=dword:00000001

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]

"Name"="IESettings"

"Type"="IESettings"

"Order"=dword:00000004

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]

"Name"="MediaFiles"

"Type"="MediaFiles"

"Order"=dword:00000003

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]

"Name"="NPW"

"Param1"="NPW"

"Type"="wellknown"

"Order"=dword:00000002

"State"=dword:0000000b

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]

"Name"="Outlook"

"DisplayName"="Microsoft Outlook"

"Param1"="Outlook"

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:00000020

 

[HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DeviceAppInstall\oemDevice3]

"Name"="oemDevice3"

"DisplayName"="Modem sans fil"

"Param1"="oem\\APPS\\Drivers\\GSM USB Modem\\USBModem_Dialer.exe"

"Param2"=""

"Type"="createprocess"

"Order"=dword:00000000

"State"=dword:0000001b

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(7068)

c:\windows\system32\nView.dll

c:\windows\system32\NVWRSFR.DLL

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

c:\windows\system32\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\Wanadoo\TaskBarIcon.exe

c:\windows\system32\rundll32.exe

c:\program files\McAfee\Common Framework\Mctray.exe

c:\windows\system32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\progra~1\MICROS~3\rapimgr.exe

c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2009-08-28 11:18 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-28 10:18

ComboFix2.txt 2009-08-26 15:27

 

Pre-Run: 82 450 538 496 octets libres

Post-Run: 81 604 775 936 octets libres

 

Current=5 Default=5 Failed=1 LastKnownGood=2 Sets=,1,2,3,4,5

391 --- E O F --- 2009-08-26 15:31

 

Reste t'il des choses a faire?

 

 

Cordialement,

Posté(e)

 

Rendez vous à cette addresse:

 

Cliquez sur parcourir pour trouver ces fichiers:

c:\windows\system32\urypow.dat

c:\windows\system32\qumejeryre.scr

c:\windows\ex23567.dat

c:\windows\ymoh.com

c:\windows\pufunu.dat

c:\windows\uxiro.com

c:\windows\emuxihi.dat

c:\windows\amedujisim.dat

c:\windows\system32\tydyw.dat

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

 

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

 

 

Avez vous fait ceci:

 

 

Démarrez en mode sans échec.

Choisissez la session administrateur

Copiez collez tout ce qui suit En vertdans le bloc notes.

Enregistrez sous repar.bat sur le bureau

double clicquez sur repar.bat.

Vous devez voir apparaitre un message"2 fichiers copiés"

 

@echo off

copy /Y c:\windows\ServicePackFiles\i386\ntfs.sys c:\windows\system32\drivers

echo

Pause

Posté(e)

Bonjour,

 

en effet j'ai lancé le fichier repar.bat en mode sans échec.

Mais les fichiers n'ont pas été copiés car ils sont utilisés par un autre process.

 

Je suis en train de vérifier les fichiers cités sur virustotal.

Posté(e)

Démarrez en mode sans échec.

Choisissez la session administrateur

Copiez collez tout ce qui suit En vert dans le bloc notes.

Enregistrez sous repar.bat sur le bureau

double clicquez sur repar.bat.

Vous devez voir apparaitre un message" fichiers copiés"

 

@echo off

copy /Y c:\windows\ServicePackFiles\i386\ntfs.sys c:\windows\system32\drivers

echo

Pause

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...