Guide pour utilser ComboFix pour supprimer Trojan.Vundo.H

[David64800]

Bonjour,

mon PC est infecté par un virus Trojan.Vundo.H (dixit Malwarebytes') mais tous les outils testés jusqu'ici ne réussissent pas à l'éliminer (ou les éliminer, Vundofix ne trouve pas les même .dll que Malwarebytes)

J'en viens à tester Combofix mais le site officiel conseille très fortement d'être guidé dans cette démarche et c'est donc ce que je fais.

Merci pour votre aide.

Les symptômes sont :

- des ouvertures inopinées de fenêtre de pub sur IE (je suis sur Fire Fox)

- ouverture sur Firefox de nouveaux onglets sans demande

- lorsque je clique sur une réponse de Goggle, je suis dirigé sur un autre site que celui demandé.

 

Merci

David

[Apollo]

Bonsoir,

 

On n'utilise plus VundoFix depuis des lustres.

 

Ne touche pas à ComboFix sans en avoir reçu l'instruction par un conseiller en sécurité d'ici.

 

Poste stp: le rapport de MBAM et un nouveau log Hijackthis.

 

Télécharge HijackThisV2 dans un nouveau dossier créé sur C:\ nomme-le HJT.

• Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  --> Sous VISTA: faire un clic droit/exécuter en temps qu'administrateur
  
• Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  
• Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  
• A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  
• Poste le rapport généré sur le forum.
  

 

@++

Modifié le 30 janvier 2010 par Apollo

[David64800]

Bonsoir,

merci pour votre réponse.

Mais j'ai peut-être fais une bêtise. Pour gagner du temps, j'ai téléchargé Combofix et croyant juste installer le programme, en fait je l'ai lancé ...

Après, il disait de ne surtout pas l'arrêter manuellement donc je l'ai laissé faire. Cela "semble" s'être bien passé (je n'ai plus d'élément infecté d'après Malwarebytes mais même si j'en ai beaucoup moins, j'ai toujours quelques fenêtre IE qui s'ouvrent spontanément).

Toutefois, je viens de faire un log avec HJT comme demandé

Voici le résultat (merci pour vos conseils):

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:02:32, on 31/01/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eggs kind grey up] C:\Documents and Settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [NURB PILE] C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8944 bytes

[Apollo]

Re,

 

Bon en vitesse car je vais aller dodo.

 

Débarrasse-toi de Spyware Doctor, cela ne vaut rien et il est TRES indiscret sur ta vie privée.

 

Par contre il est conseillé de garder MBAM, qui est grand assez pour faire ce travail d'antimalware.

 

*** J'aurais besoin de voir le rapport de ComboFix qui se trouve en C:\Combofix.txt.***

 

1) Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Ou: http://eric71.geekstogo.com/tools/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

--------------------------------------------

 

2) Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

--------------------------------

Poste un nouveau log Hijackthis après ça stp.

 

@ demain

[David64800]

Bonsoir,

merci pour votre aide.

Ci-dessous donc les trois rapports demandés :

- le rapport de ComboFix qui se trouve en C:\Combofix.txt.

- le rapport généré (C:\lopR.txt) après recherche (option 1) et avant suppression (option 2)

- le rapport généré (C:\lopR.txt) après suppression (option 2)

 

Juste une question avant, j'ai deux processus IEXPLORER assez gros qui tournent tous le temps, je ne sais pas à quoi ils servent ? Est-ce lié à mon problème ?

 

Merci et bonne soirée.

Voici les trois rapports à la suite :

 

Combofix :

 

ComboFix 10-01-29.09 - coccinelle 30/01/2010 21:32:43.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1534 [GMT 1:00]

Lancé depuis: c:\documents and settings\coccinelle\Mes documents\Téléchargements\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\coccinelle\Application Data\inst.exe

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\chrome.manifest

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\chrome\xulcache.jar

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\defaults\preferences\xulcache.js

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{15c570c2-7be1-478c-a5d0-ca240c56724c}\install.rdf

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\chrome.manifest

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\chrome\xulcache.jar

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\defaults\preferences\xulcache.js

c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\extensions\{637b1499-b84b-465c-a61c-b251b6671995}\install.rdf

c:\documents and settings\coccinelle\Application Data\SystemProc

c:\windows\Fonts\MyriadPro-Regular.otf

c:\windows\system32\drivers\refblhlo.sys

c:\windows\system32\drivers\sxeffiog.sys

c:\windows\system32\images

c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'

c:\windows\system32\images\1.ico

c:\windows\system32\images\2.ico

c:\windows\system32\images\3.ico

c:\windows\system32\images\4.ico

c:\windows\system32\images\5.ico

c:\windows\system32\images\Flèche bas.ico

c:\windows\system32\images\Flèche haut.ico

c:\windows\system32\pzlvzrh.dll

c:\windows\system32\vgiyvwy.dll

c:\windows\system32\wgspitsg.dll

 

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty ate it

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_REFBLHLO

-------\Legacy_WINSVC

-------\Service_refblhlo

-------\Service_WinSvc

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-30 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-30 18:25 . 2010-01-30 18:39 -------- d-----w- C:\VundoFix Backups

2010-01-30 18:15 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-30 18:15 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-30 18:15 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-30 18:15 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll

2010-01-30 18:15 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip

2010-01-30 18:15 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip

2010-01-30 18:13 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-01-30 18:13 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-01-30 18:13 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-01-30 18:13 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-01-30 18:13 . 2010-01-30 20:49 -------- d-----w- c:\program files\Spyware Doctor

2010-01-30 18:13 . 2010-01-30 18:16 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2010-01-30 18:13 . 2010-01-30 18:13 -------- d-----w- c:\documents and settings\coccinelle\Application Data\PC Tools

2010-01-30 18:13 . 2010-01-30 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-01-30 18:13 . 2010-01-30 20:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-30 17:51 . 2010-01-30 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-01-30 17:50 . 2010-01-30 17:51 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-01-30 17:50 . 2010-01-30 17:50 -------- d-----w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com

2010-01-30 16:09 . 2010-01-30 16:09 54016 ----a-w- c:\windows\system32\drivers\orblxlrv.sys

2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Malwarebytes

2010-01-30 14:47 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-30 14:47 . 2010-01-30 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-30 14:47 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-28 18:47 . 2010-01-28 19:20 -------- d-----w- c:\program files\Navilog1

2010-01-10 08:11 . 2004-08-19 16:09 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-01-10 08:11 . 2010-01-10 08:11 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2010-01-10 08:10 . 2010-01-10 08:11 -------- d-----r- c:\documents and settings\LocalService\Favoris

2010-01-10 08:10 . 2010-01-10 08:10 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer

2010-01-10 08:10 . 2010-01-10 08:10 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-01-10 08:08 . 2010-01-10 08:08 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Icones

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-30 20:53 . 2008-09-14 08:11 44120096 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-01-30 20:48 . 2009-02-12 07:36 8650978 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2010-01-30 20:46 . 2008-09-14 08:11 518912 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-01-30 19:12 . 2008-10-13 21:09 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-01-30 18:52 . 2009-12-18 21:17 729088 ----a-w- c:\documents and settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe

2010-01-30 17:51 . 2010-01-30 17:51 52224 ----a-w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-30 17:51 . 2010-01-30 17:51 117760 ----a-w- c:\documents and settings\coccinelle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-30 17:50 . 2008-09-14 08:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2010-01-30 03:25 . 2009-03-11 09:59 -------- d-----w- c:\documents and settings\coccinelle\Application Data\Save

2010-01-28 19:37 . 2009-09-04 11:19 -------- d-----w- c:\program files\Empire Interactive

2010-01-28 19:35 . 2009-07-05 15:04 -------- d-----w- c:\program files\PeerTV

2010-01-24 22:02 . 2002-09-06 19:59 83476 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-24 22:02 . 2002-09-06 19:59 504040 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-24 17:54 . 2010-01-24 17:54 79488 ----a-w- c:\documents and settings\coccinelle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-20 19:34 . 2010-01-20 19:37 3129856 ----a-w- c:\windows\Internet Logs\xDB1B.tmp

2010-01-08 22:10 . 2010-01-09 08:01 3086848 ----a-w- c:\windows\Internet Logs\xDB1A.tmp

2009-12-18 21:17 . 2009-06-14 20:09 278528 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\Safe16Online.exe

2009-12-18 21:17 . 2009-06-14 20:08 -------- d-----w- c:\documents and settings\coccinelle\Application Data\trans ooze heck

2009-12-18 21:17 . 2009-08-19 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Book Second Eggs Kind

2009-12-18 21:17 . 2009-12-18 21:17 729088 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\wvvkvtys.exe

2009-12-18 21:16 . 2009-12-18 21:16 -------- d-----w- c:\program files\trans ooze heck

2009-12-18 21:16 . 2009-06-14 20:08 430080 ----a-w- c:\documents and settings\coccinelle\Application Data\trans ooze heck\Send bolt grid.exe

2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2006-11-18 . 7BA68DF484B550C1F75DD80AE1D7EF67 . 1035264 . . [6.00.2900.2649] . . c:\windows\explorer.exe

 

 

[-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

c:\windows\System32\wscntfy.exe ... manque !!

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NURB PILE"="c:\docume~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe" [2009-12-18 430080]

"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"nwiz"="nwiz.exe" [2005-05-06 1495040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-06 5562368]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"eggs kind grey up"="c:\documents and settings\All Users\Application Data\Book Second Eggs Kind\MEMO DOES.exe" [2010-01-30 729088]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

 

c:\documents and settings\coccinelle\Menu D‚marrer\Programmes\D‚marrage\

IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-9-13 112128]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"MaxRecentDocs"= 15 (0xf)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 0 (0x0)

"DisallowCpl"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk

backup=c:\windows\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

2003-05-08 10:34 69632 ------w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/01/2010 19:13 207792]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/09/2008 19:28 78416]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/09/2008 19:28 20560]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/01/2010 19:15 112592]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/01/2010 19:13 359624]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]

S0 crgqe;crgqe;c:\windows\system32\drivers\sbwp.sys --> c:\windows\system32\drivers\sbwp.sys [?]

S0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [14/09/2008 19:39 5248]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [30/01/2010 15:47 38224]

S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [14/11/2008 19:40 260608]

S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

S4 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [14/09/2008 19:39 159616]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - REFBLHLO

*Deregistered* - PCTSDInjDriver32

*Deregistered* - refblhlo

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

pwrkkhav

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-30 c:\windows\Tasks\ABE59449906A0CE5.job

- c:\docume~1\coccin~1\applic~1\transo~1\Safe16Online.exe [2009-06-14 21:17]

 

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.wibeez.com/meteo

uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

FF - ProfilePath - c:\documents and settings\coccinelle\Application Data\Mozilla\Firefox\Profiles\14doeaeq.default\

FF - prefs.js: browser.search.selectedEngine - Wibeez

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q=

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Save - c:\documents and settings\coccinelle\Application Data\Save\Save.exe

MSConfigStartUp-NetPumper - c:\program files\NetPumper\NetPumperIEProxy.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-30 21:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32\wuauclt.exe.wusetup.338984.bak 53080 bytes executable

c:\windows\system32\wuaueng.dll.wusetup.340687.bak 1712984 bytes executable

 

Scan terminé avec succès

Fichiers cachés: 2

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1096)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\sxs.dll

 

- - - - - - - > 'explorer.exe'(2844)

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\browselc.dll

c:\windows\system32\SXS.DLL

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\acs.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Spyware Doctor\pctsSvc.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Heure de fin: 2010-01-30 21:59:14 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-30 20:59

 

Avant-CF: 6 146 899 968 octets libres

Après-CF: 6 143 234 048 octets libres

 

- - End Of File - - 6CE1293C84D8F8F380EACB8B5570AAEB

 

 

le rapport généré (C:\lopR.txt) après recherche (option 1) et avant suppression (option 2)

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz )

BIOS : PhoenixBIOS 4.0 Release 6.0

USER : coccinelle ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go)

E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 31/01/2010|23:00 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon

[18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind

[14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON

[14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software

[28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[19/08/2009|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind

[30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso

[20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes

[20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU

[15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon

[01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX

[14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala

[13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard

[10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities

[14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia

[30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes

[20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks

[12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla

[28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound

[28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero

[30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save

[21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza

[13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun

[30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird

[18/12/2009|22:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\trans ooze heck

[12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc

[14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso

 

[13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun

 

[26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[31/01/2010 23:00][--ah-----] C:\WINDOWS\tasks\ABE59449906A0CE5.job

[18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[31/01/2010 09:36][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( ABE59449906A0CE5.job )=( c:\docume~1\coccin~1\applic~1\transo~1\Safe16Online.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/09/2008|22:00] C:\Program Files\7-Zip

[21/06/2009|10:53] C:\Program Files\Adobe

[06/10/2009|19:54] C:\Program Files\AGEIA Technologies

[14/09/2008|19:38] C:\Program Files\alcohol

[14/09/2008|19:39] C:\Program Files\Alcohol Soft

[14/09/2008|19:28] C:\Program Files\Alwil Software

[13/09/2008|22:03] C:\Program Files\Analog Devices

[28/03/2009|12:40] C:\Program Files\Apple Software Update

[14/11/2008|22:56] C:\Program Files\ATI

[14/11/2008|22:52] C:\Program Files\ATI Technologies

[28/06/2009|11:11] C:\Program Files\AVS4YOU

[01/12/2008|09:54] C:\Program Files\Bonjour

[30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial

[04/09/2009|19:40] C:\Program Files\CCleaner

[13/09/2008|19:47] C:\Program Files\ComPlus Applications

[13/09/2008|21:55] C:\Program Files\Defraggler

[01/05/2009|13:49] C:\Program Files\Disney Interactive

[01/05/2009|17:56] C:\Program Files\DivX

[28/01/2010|20:37] C:\Program Files\Empire Interactive

[21/06/2009|10:48] C:\Program Files\Emtec.No

[30/01/2010|21:40] C:\Program Files\Fichiers communs

[14/09/2008|19:44] C:\Program Files\Google

[13/10/2009|20:49] C:\Program Files\Hewlett-Packard

[28/06/2009|18:19] C:\Program Files\HotzicBurner

[24/10/2009|14:17] C:\Program Files\INFORAD

[20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS

[04/09/2009|12:19] C:\Program Files\InstallShield Installation Information

[13/09/2008|22:15] C:\Program Files\Intel

[13/09/2008|20:03] C:\Program Files\Internet Explorer

[21/06/2009|10:27] C:\Program Files\Java

[04/10/2009|19:56] C:\Program Files\JeffProd

[13/09/2008|19:57] C:\Program Files\JEUX

[13/09/2008|22:04] C:\Program Files\Lavalys

[14/09/2008|09:02] C:\Program Files\Lavasoft

[30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware

[20/10/2008|18:18] C:\Program Files\MATLAB

[13/09/2008|19:50] C:\Program Files\microsoft frontpage

[14/09/2008|19:41] C:\Program Files\Microsoft Office

[25/08/2009|21:22] C:\Program Files\Microsoft Silverlight

[14/09/2008|19:41] C:\Program Files\Microsoft.NET

[13/09/2008|19:48] C:\Program Files\Movie Maker

[31/01/2010|19:46] C:\Program Files\Mozilla Firefox

[31/01/2010|18:03] C:\Program Files\Mozilla Thunderbird

[28/06/2009|19:07] C:\Program Files\MSBuild

[13/09/2008|19:47] C:\Program Files\MSN Gaming Zone

[13/09/2008|20:01] C:\Program Files\MSXML 4.0

[28/01/2010|20:20] C:\Program Files\Navilog1

[28/06/2009|18:08] C:\Program Files\NCH Software

[28/06/2009|11:14] C:\Program Files\NCH Swift Sound

[06/10/2009|22:09] C:\Program Files\Nero

[14/09/2008|19:01] C:\Program Files\NETGEAR

[13/09/2008|19:48] C:\Program Files\NetMeeting

[13/09/2008|19:48] C:\Program Files\Outlook Express

[28/01/2010|20:35] C:\Program Files\PeerTV

[28/06/2009|12:46] C:\Program Files\PQDVD

[28/03/2009|12:40] C:\Program Files\QuickTime

[28/06/2009|19:00] C:\Program Files\Reference Assemblies

[15/11/2009|10:26] C:\Program Files\SFR

[21/10/2008|18:57] C:\Program Files\Shareaza

[28/06/2009|11:23] C:\Program Files\SlySoft

[31/01/2010|22:58] C:\Program Files\Spyware Doctor

[31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware

[23/02/2009|11:49] C:\Program Files\THQ

[13/09/2008|21:55] C:\Program Files\ToniArts

[18/12/2009|22:16] C:\Program Files\trans ooze heck

[31/01/2010|01:02] C:\Program Files\Trend Micro

[13/09/2008|19:47] C:\Program Files\Uninstall Information

[14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

[13/09/2008|19:57] C:\Program Files\UTILS

[31/01/2010|10:15] C:\Program Files\Veetle

[13/09/2008|21:56] C:\Program Files\VideoLAN

[14/06/2009|21:32] C:\Program Files\VSO

[13/09/2008|20:11] C:\Program Files\Windows Media Connect 2

[13/09/2008|20:12] C:\Program Files\Windows Media Player

[13/09/2008|19:47] C:\Program Files\Windows NT

[13/09/2008|19:49] C:\Program Files\WindowsUpdate

[13/09/2008|20:12] C:\Program Files\WMV9_VCM

[13/09/2008|19:57] C:\Program Files\WSTARTUP

[13/09/2008|19:50] C:\Program Files\xerox

[06/10/2009|22:05] C:\Program Files\Yahoo!

[14/09/2008|08:55] C:\Program Files\Zone Labs

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe

[28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia

[14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER

[01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared

[13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield

[13/09/2008|20:13] C:\Program Files\Fichiers communs\Java

[20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared

[13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap

[06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero

[13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC

[31/01/2010|22:58] C:\Program Files\Fichiers communs\PC Tools

[13/09/2008|19:48] C:\Program Files\Fichiers communs\Services

[13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines

[13/09/2008|19:48] C:\Program Files\Fichiers communs\System

[31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 46 Processes )

 

iexplore.exe ~ [PID:3452]

iexplore.exe ~ [PID:2368]

 

--------------------\\ Recherche avec S_Lop

 

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\bfzgqeqg.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\doqgswwa.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\mlplflzs.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\rpkvburz.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Safe16Online.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\Send bolt grid.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1\wvvkvtys.exe

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\bfzgqeqg.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\doqgswwa.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\mlplflzs.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\rpkvburz.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Safe16Online.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Send bolt grid.exe

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\wvvkvtys.exe

C:\Program Files\transo~1

C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[2].txt

C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertising[1].txt

C:\WINDOWS\Tasks\ABE59449906A0CE5.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flap second tick]

"DisplayName"="CiD Help"

"UninstallString"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe -uninstall"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NURB PILE"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe"

"NURB PILE"="C:\\DOCUME~1\\COCCIN~1\\APPLIC~1\\TRANSO~1\\Send bolt grid.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-31 23:04:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:17][D:3]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp

[F:51][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies

[F:320][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1]

 

--------------------\\ Fin du rapport a 23:05:32

 

 

le rapport généré (C:\lopR.txt) après suppression (option 2)

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz )

BIOS : PhoenixBIOS 4.0 Release 6.0

USER : coccinelle ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go)

E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 31/01/2010|23:06 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\bfzgqeqg.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\doqgswwa.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\mlplflzs.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\rpkvburz.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Safe16Online.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\Send bolt grid.exe

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\wvvkvtys.exe

Supprime! - C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[2].txt

Supprime! - C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertising[1].txt

Supprime! - C:\WINDOWS\Tasks\ABE59449906A0CE5.job

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft ref platform bind

Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

Supprime! - C:\Program Files\transo~1

Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE

 

Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

Echec ! - C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon

[18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind

[14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON

[14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software

[28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso

[20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes

[20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU

[15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon

[01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX

[14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala

[13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard

[10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities

[14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia

[30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes

[20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks

[12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla

[28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound

[28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero

[30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save

[21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza

[13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun

[30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird

[31/01/2010|23:06] C:\DOCUME~1\COCCIN~1\APPLIC~1\trans ooze heck

[12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc

[14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso

 

[13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun

 

[26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[31/01/2010 09:36][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/09/2008|22:00] C:\Program Files\7-Zip

[21/06/2009|10:53] C:\Program Files\Adobe

[06/10/2009|19:54] C:\Program Files\AGEIA Technologies

[14/09/2008|19:38] C:\Program Files\alcohol

[14/09/2008|19:39] C:\Program Files\Alcohol Soft

[14/09/2008|19:28] C:\Program Files\Alwil Software

[13/09/2008|22:03] C:\Program Files\Analog Devices

[28/03/2009|12:40] C:\Program Files\Apple Software Update

[14/11/2008|22:56] C:\Program Files\ATI

[14/11/2008|22:52] C:\Program Files\ATI Technologies

[28/06/2009|11:11] C:\Program Files\AVS4YOU

[01/12/2008|09:54] C:\Program Files\Bonjour

[30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial

[04/09/2009|19:40] C:\Program Files\CCleaner

[13/09/2008|19:47] C:\Program Files\ComPlus Applications

[13/09/2008|21:55] C:\Program Files\Defraggler

[01/05/2009|13:49] C:\Program Files\Disney Interactive

[01/05/2009|17:56] C:\Program Files\DivX

[28/01/2010|20:37] C:\Program Files\Empire Interactive

[21/06/2009|10:48] C:\Program Files\Emtec.No

[30/01/2010|21:40] C:\Program Files\Fichiers communs

[14/09/2008|19:44] C:\Program Files\Google

[13/10/2009|20:49] C:\Program Files\Hewlett-Packard

[28/06/2009|18:19] C:\Program Files\HotzicBurner

[24/10/2009|14:17] C:\Program Files\INFORAD

[20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS

[04/09/2009|12:19] C:\Program Files\InstallShield Installation Information

[13/09/2008|22:15] C:\Program Files\Intel

[13/09/2008|20:03] C:\Program Files\Internet Explorer

[21/06/2009|10:27] C:\Program Files\Java

[04/10/2009|19:56] C:\Program Files\JeffProd

[13/09/2008|19:57] C:\Program Files\JEUX

[13/09/2008|22:04] C:\Program Files\Lavalys

[14/09/2008|09:02] C:\Program Files\Lavasoft

[30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware

[20/10/2008|18:18] C:\Program Files\MATLAB

[13/09/2008|19:50] C:\Program Files\microsoft frontpage

[14/09/2008|19:41] C:\Program Files\Microsoft Office

[25/08/2009|21:22] C:\Program Files\Microsoft Silverlight

[14/09/2008|19:41] C:\Program Files\Microsoft.NET

[13/09/2008|19:48] C:\Program Files\Movie Maker

[31/01/2010|19:46] C:\Program Files\Mozilla Firefox

[31/01/2010|18:03] C:\Program Files\Mozilla Thunderbird

[28/06/2009|19:07] C:\Program Files\MSBuild

[13/09/2008|19:47] C:\Program Files\MSN Gaming Zone

[13/09/2008|20:01] C:\Program Files\MSXML 4.0

[28/01/2010|20:20] C:\Program Files\Navilog1

[28/06/2009|18:08] C:\Program Files\NCH Software

[28/06/2009|11:14] C:\Program Files\NCH Swift Sound

[06/10/2009|22:09] C:\Program Files\Nero

[14/09/2008|19:01] C:\Program Files\NETGEAR

[13/09/2008|19:48] C:\Program Files\NetMeeting

[13/09/2008|19:48] C:\Program Files\Outlook Express

[28/01/2010|20:35] C:\Program Files\PeerTV

[28/06/2009|12:46] C:\Program Files\PQDVD

[28/03/2009|12:40] C:\Program Files\QuickTime

[28/06/2009|19:00] C:\Program Files\Reference Assemblies

[15/11/2009|10:26] C:\Program Files\SFR

[21/10/2008|18:57] C:\Program Files\Shareaza

[28/06/2009|11:23] C:\Program Files\SlySoft

[31/01/2010|22:58] C:\Program Files\Spyware Doctor

[31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware

[23/02/2009|11:49] C:\Program Files\THQ

[13/09/2008|21:55] C:\Program Files\ToniArts

[31/01/2010|01:02] C:\Program Files\Trend Micro

[13/09/2008|19:47] C:\Program Files\Uninstall Information

[14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

[13/09/2008|19:57] C:\Program Files\UTILS

[31/01/2010|10:15] C:\Program Files\Veetle

[13/09/2008|21:56] C:\Program Files\VideoLAN

[14/06/2009|21:32] C:\Program Files\VSO

[13/09/2008|20:11] C:\Program Files\Windows Media Connect 2

[13/09/2008|20:12] C:\Program Files\Windows Media Player

[13/09/2008|19:47] C:\Program Files\Windows NT

[13/09/2008|19:49] C:\Program Files\WindowsUpdate

[13/09/2008|20:12] C:\Program Files\WMV9_VCM

[13/09/2008|19:57] C:\Program Files\WSTARTUP

[13/09/2008|19:50] C:\Program Files\xerox

[06/10/2009|22:05] C:\Program Files\Yahoo!

[14/09/2008|08:55] C:\Program Files\Zone Labs

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe

[28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia

[14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER

[01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared

[13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield

[13/09/2008|20:13] C:\Program Files\Fichiers communs\Java

[20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared

[13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap

[06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero

[13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC

[31/01/2010|22:58] C:\Program Files\Fichiers communs\PC Tools

[13/09/2008|19:48] C:\Program Files\Fichiers communs\Services

[13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines

[13/09/2008|19:48] C:\Program Files\Fichiers communs\System

[31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 44 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1\trans ooze heck

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-31 23:09:53

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:16][D:3]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp

[F:49][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies

[F:320][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2]

 

--------------------\\ Fin du rapport a 23:11:32

[Apollo]

Bonjour,

 

Pour répondre à ta question, ce n'est pas forcément un problème, je constate parfois cela aussi sans que cela cause de souci particulier.

 

----------------------

Je vais te créer un batch pour remplacer le fichier porté manquant dans ComboFix; juste le temps de le faire et de l'héberger; en attendant procède à ce qui suit stp:

 

Relance Lop S&D et choisis l'option 4.

 

Une page va s'ouvrir.

 

Copie/colle ce qui se trouve dans l'espace code ci-dessous puis ferme la page:

 

Il va y avoir une demande pour enregistrer les fichiers, clique sur Enregistrer.

 

 

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1
C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1

 

L'outil va travailler, supprimer les dossiers ou fichiers infectés et générer un rapport.

 

Ne ferme pas la fenêtre pendant la suppression!

 

Copie/colle le contenu de ce rapport dans ta prochaine réponse.

 

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide

 

@++

[David64800]

Bonsoir,

 

Suite à action 4, voici le rapport

Merci pour votre aide

Cordialement

David

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz )

BIOS : PhoenixBIOS 4.0 Release 6.0

USER : coccinelle ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:5 Go)

D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go)

E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [4] ( 01/02/2010|22:21 )

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

 

C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1

... C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 -> n'existe pas !

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon

[18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind

[14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON

[14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software

[28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso

[20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes

[20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU

[15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon

[01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX

[14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala

[13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard

[10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities

[14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia

[30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes

[20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks

[12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla

[28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound

[28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero

[30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save

[21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza

[13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun

[30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird

[12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc

[14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso

 

[13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun

 

[26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[01/02/2010 13:38][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/09/2008|22:00] C:\Program Files\7-Zip

[21/06/2009|10:53] C:\Program Files\Adobe

[06/10/2009|19:54] C:\Program Files\AGEIA Technologies

[14/09/2008|19:38] C:\Program Files\alcohol

[14/09/2008|19:39] C:\Program Files\Alcohol Soft

[14/09/2008|19:28] C:\Program Files\Alwil Software

[13/09/2008|22:03] C:\Program Files\Analog Devices

[28/03/2009|12:40] C:\Program Files\Apple Software Update

[14/11/2008|22:56] C:\Program Files\ATI

[14/11/2008|22:52] C:\Program Files\ATI Technologies

[28/06/2009|11:11] C:\Program Files\AVS4YOU

[01/12/2008|09:54] C:\Program Files\Bonjour

[30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial

[04/09/2009|19:40] C:\Program Files\CCleaner

[13/09/2008|19:47] C:\Program Files\ComPlus Applications

[13/09/2008|21:55] C:\Program Files\Defraggler

[01/05/2009|13:49] C:\Program Files\Disney Interactive

[01/05/2009|17:56] C:\Program Files\DivX

[28/01/2010|20:37] C:\Program Files\Empire Interactive

[21/06/2009|10:48] C:\Program Files\Emtec.No

[01/02/2010|13:37] C:\Program Files\Fichiers communs

[14/09/2008|19:44] C:\Program Files\Google

[13/10/2009|20:49] C:\Program Files\Hewlett-Packard

[28/06/2009|18:19] C:\Program Files\HotzicBurner

[24/10/2009|14:17] C:\Program Files\INFORAD

[20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS

[04/09/2009|12:19] C:\Program Files\InstallShield Installation Information

[13/09/2008|22:15] C:\Program Files\Intel

[13/09/2008|20:03] C:\Program Files\Internet Explorer

[21/06/2009|10:27] C:\Program Files\Java

[04/10/2009|19:56] C:\Program Files\JeffProd

[13/09/2008|19:57] C:\Program Files\JEUX

[13/09/2008|22:04] C:\Program Files\Lavalys

[14/09/2008|09:02] C:\Program Files\Lavasoft

[30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware

[20/10/2008|18:18] C:\Program Files\MATLAB

[13/09/2008|19:50] C:\Program Files\microsoft frontpage

[14/09/2008|19:41] C:\Program Files\Microsoft Office

[25/08/2009|21:22] C:\Program Files\Microsoft Silverlight

[14/09/2008|19:41] C:\Program Files\Microsoft.NET

[13/09/2008|19:48] C:\Program Files\Movie Maker

[01/02/2010|20:32] C:\Program Files\Mozilla Firefox

[01/02/2010|19:50] C:\Program Files\Mozilla Thunderbird

[28/06/2009|19:07] C:\Program Files\MSBuild

[13/09/2008|19:47] C:\Program Files\MSN Gaming Zone

[13/09/2008|20:01] C:\Program Files\MSXML 4.0

[28/01/2010|20:20] C:\Program Files\Navilog1

[28/06/2009|18:08] C:\Program Files\NCH Software

[28/06/2009|11:14] C:\Program Files\NCH Swift Sound

[06/10/2009|22:09] C:\Program Files\Nero

[14/09/2008|19:01] C:\Program Files\NETGEAR

[13/09/2008|19:48] C:\Program Files\NetMeeting

[13/09/2008|19:48] C:\Program Files\Outlook Express

[28/01/2010|20:35] C:\Program Files\PeerTV

[28/06/2009|12:46] C:\Program Files\PQDVD

[28/03/2009|12:40] C:\Program Files\QuickTime

[28/06/2009|19:00] C:\Program Files\Reference Assemblies

[15/11/2009|10:26] C:\Program Files\SFR

[21/10/2008|18:57] C:\Program Files\Shareaza

[28/06/2009|11:23] C:\Program Files\SlySoft

[01/02/2010|13:37] C:\Program Files\Spyware Doctor

[31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware

[23/02/2009|11:49] C:\Program Files\THQ

[13/09/2008|21:55] C:\Program Files\ToniArts

[31/01/2010|01:02] C:\Program Files\Trend Micro

[13/09/2008|19:47] C:\Program Files\Uninstall Information

[14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

[13/09/2008|19:57] C:\Program Files\UTILS

[31/01/2010|10:15] C:\Program Files\Veetle

[13/09/2008|21:56] C:\Program Files\VideoLAN

[14/06/2009|21:32] C:\Program Files\VSO

[13/09/2008|20:11] C:\Program Files\Windows Media Connect 2

[13/09/2008|20:12] C:\Program Files\Windows Media Player

[13/09/2008|19:47] C:\Program Files\Windows NT

[13/09/2008|19:49] C:\Program Files\WindowsUpdate

[13/09/2008|20:12] C:\Program Files\WMV9_VCM

[13/09/2008|19:57] C:\Program Files\WSTARTUP

[13/09/2008|19:50] C:\Program Files\xerox

[06/10/2009|22:05] C:\Program Files\Yahoo!

[14/09/2008|08:55] C:\Program Files\Zone Labs

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe

[28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia

[14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER

[01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared

[13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield

[13/09/2008|20:13] C:\Program Files\Fichiers communs\Java

[20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared

[13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap

[06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero

[13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC

[13/09/2008|19:48] C:\Program Files\Fichiers communs\Services

[13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines

[13/09/2008|19:48] C:\Program Files\Fichiers communs\System

[31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 41 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\COCCIN~1\Cookies\coccinelle@advertstream[1].txt

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 22:24:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:9][D:1]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp

[F:37][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies

[F:257][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2]

3 - "C:\Lop SD\LopR_3.txt" - 01/02/2010|22:26 - Option : [4]

 

--------------------\\ Fin du rapport a 22:26:10

[Apollo]

Bonsoir,

 

Désolé de ne pas avoir répondu plus vite mais j'ai d'autres sujets un peu partout.

 

-> relance Lop S&D en option 2 comme déjà fait avant. Poste le rapport stp.

 

------------------------------------

 

Télécharge le dossier repar.zip ici: http://senduit.com/fcb3a9

 

Enregistre-le sur le bureau puis décompresse-le.

 

Dans le dossier décompressé, il y a 1 fichier système à réparer et un fichier repair.bat. (roue dentée)

Double clique sur le fichier repar.bat : il doit t'afficher 1 copie de fichiers, et ensuite demander d'appuyer sur une touche. Ca doit marquer deux fois "1 fichier(s) copié(s)"

 

Si Windows discute, genre "insérez le cd Windows" etc. --> ignore sans redémarrer et passe à la suite.

 

--------------------------------

Une vérif que je voudrais faire ensuite:

 

Télécharge TDSSKiller.zip de Kaspersky et enregistre le sur ton bureau.

 

• Clique droit sur le fichier et choisis Extraire tout.
  Un dossier va s'ouvrir à l'écran contenant le fichier TDSSkiller.exe.
  
• Double-clique sur tdsskiller.exe pour le lancer.
  
• Une fenêtre noire va s'ouvrir et le scan va commencer. Laisse le faire sans l'interrompre.
  
• A la fin il te sera demandé d'appuyer sur une touche pour continuer.
  Appuie sur une touche du clavier et la fenêtre noire va se fermer.
  
• Double-clique sur Ordinateur ou Poste de travail puis sur C: et recherche un fichier dont le nom commence par TDSSKiller...
  Double-clique dessus pour l'ouvrir et copie-colle l'intégralité de son contenu dans ta prochaine réponse.
   
  NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

  Hidden service detected: H8SRTd.sys
  Type "delete" (without quotes) to delete it: 14:30:08:000 0256

  , tape delete et valide.
   
  
  

  
  

 

@++

Modifié le 1 février 2010 par Apollo

[David64800]

Bonsoir,

pas besoin de t'excuser, je suis déjà bien content de trouver un support tel que le tien.

 

Dans l'ordre, tu trouveras :

- le rapport après Lop S&D en option 2

- J'ai double cliqué sur le fichier repar.bat : il m'a affiché 1 copie de fichiers, et ensuite il m'a demandé d'appuyer sur une touche mais la fenêtre a disparu et ne m'a pas marqué deux fois "1 fichier(s) copié(s)" ?? J'ai recommencé une fois et même résultat.

- Le rapport TDSSkiller

 

Merci pour tout

 

David

 

 

 

Le rapport après Lop S&D en option 2

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Xeon CPU 2.80GHz )

BIOS : PhoenixBIOS 4.0 Release 6.0

USER : coccinelle ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:82 Go (Free:72 Go)

E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

G:\ (Local Disk) - FAT32 - Total:465 Go (Free:298 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 02/02/2010|20:46 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

... C:\DOCUME~1\COCCIN~1\APPLIC~1\transo~1 -> n'existe pas !

... C:\DOCUME~1\COCCIN~1\APPLIC~1\TRANSO~1 -> n'existe pas !

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[21/06/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[28/03/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[21/06/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon

[18/12/2009|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Second Eggs Kind

[14/06/2009|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON

[14/09/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[30/01/2010|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[31/01/2010|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[28/06/2009|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software

[28/06/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[06/10/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[12/10/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[30/01/2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[31/01/2010|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[31/01/2010|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso

[20/01/2009|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[15/12/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\Adobe

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\aignes

[20/04/2009|16:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Apple Computer

[14/11/2008|22:55] C:\DOCUME~1\COCCIN~1\APPLIC~1\ATI

[28/06/2009|10:37] C:\DOCUME~1\COCCIN~1\APPLIC~1\AVS4YOU

[15/06/2009|22:22] C:\DOCUME~1\COCCIN~1\APPLIC~1\Babylon

[01/05/2009|19:09] C:\DOCUME~1\COCCIN~1\APPLIC~1\DivX

[14/09/2008|19:45] C:\DOCUME~1\COCCIN~1\APPLIC~1\Google

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\gtopala

[13/10/2009|20:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Hewlett-Packard

[10/01/2010|09:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Icones

[13/09/2008|20:17] C:\DOCUME~1\COCCIN~1\APPLIC~1\Identities

[14/09/2008|19:08] C:\DOCUME~1\COCCIN~1\APPLIC~1\Macromedia

[30/01/2010|15:47] C:\DOCUME~1\COCCIN~1\APPLIC~1\Malwarebytes

[20/10/2008|19:03] C:\DOCUME~1\COCCIN~1\APPLIC~1\MathWorks

[12/01/2009|15:34] C:\DOCUME~1\COCCIN~1\APPLIC~1\Microsoft

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Mozilla

[28/06/2009|11:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\NCH Swift Sound

[28/06/2009|20:21] C:\DOCUME~1\COCCIN~1\APPLIC~1\Nero

[30/01/2010|04:25] C:\DOCUME~1\COCCIN~1\APPLIC~1\Save

[21/10/2008|18:53] C:\DOCUME~1\COCCIN~1\APPLIC~1\Shareaza

[13/09/2008|20:13] C:\DOCUME~1\COCCIN~1\APPLIC~1\Sun

[30/01/2010|18:50] C:\DOCUME~1\COCCIN~1\APPLIC~1\SUPERAntiSpyware.com

[12/10/2008|17:58] C:\DOCUME~1\COCCIN~1\APPLIC~1\Thunderbird

[12/10/2008|19:41] C:\DOCUME~1\COCCIN~1\APPLIC~1\vlc

[14/06/2009|21:31] C:\DOCUME~1\COCCIN~1\APPLIC~1\Vso

 

[13/09/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities

[10/01/2010|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/01/2010|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun

 

[26/01/2010|10:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[18/01/2010 10:12][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[02/02/2010 19:32][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 20:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/09/2008|22:00] C:\Program Files\7-Zip

[21/06/2009|10:53] C:\Program Files\Adobe

[06/10/2009|19:54] C:\Program Files\AGEIA Technologies

[14/09/2008|19:38] C:\Program Files\alcohol

[14/09/2008|19:39] C:\Program Files\Alcohol Soft

[14/09/2008|19:28] C:\Program Files\Alwil Software

[13/09/2008|22:03] C:\Program Files\Analog Devices

[28/03/2009|12:40] C:\Program Files\Apple Software Update

[14/11/2008|22:56] C:\Program Files\ATI

[14/11/2008|22:52] C:\Program Files\ATI Technologies

[28/06/2009|11:11] C:\Program Files\AVS4YOU

[01/12/2008|09:54] C:\Program Files\Bonjour

[30/11/2008|17:56] C:\Program Files\Capture Professional v6 Trial

[04/09/2009|19:40] C:\Program Files\CCleaner

[13/09/2008|19:47] C:\Program Files\ComPlus Applications

[13/09/2008|21:55] C:\Program Files\Defraggler

[01/05/2009|13:49] C:\Program Files\Disney Interactive

[01/05/2009|17:56] C:\Program Files\DivX

[28/01/2010|20:37] C:\Program Files\Empire Interactive

[21/06/2009|10:48] C:\Program Files\Emtec.No

[01/02/2010|13:37] C:\Program Files\Fichiers communs

[14/09/2008|19:44] C:\Program Files\Google

[13/10/2009|20:49] C:\Program Files\Hewlett-Packard

[28/06/2009|18:19] C:\Program Files\HotzicBurner

[24/10/2009|14:17] C:\Program Files\INFORAD

[20/10/2009|18:14] C:\Program Files\INFORAD_DRIVERS

[04/09/2009|12:19] C:\Program Files\InstallShield Installation Information

[13/09/2008|22:15] C:\Program Files\Intel

[13/09/2008|20:03] C:\Program Files\Internet Explorer

[21/06/2009|10:27] C:\Program Files\Java

[04/10/2009|19:56] C:\Program Files\JeffProd

[13/09/2008|19:57] C:\Program Files\JEUX

[13/09/2008|22:04] C:\Program Files\Lavalys

[14/09/2008|09:02] C:\Program Files\Lavasoft

[30/01/2010|15:47] C:\Program Files\Malwarebytes' Anti-Malware

[20/10/2008|18:18] C:\Program Files\MATLAB

[13/09/2008|19:50] C:\Program Files\microsoft frontpage

[14/09/2008|19:41] C:\Program Files\Microsoft Office

[25/08/2009|21:22] C:\Program Files\Microsoft Silverlight

[14/09/2008|19:41] C:\Program Files\Microsoft.NET

[13/09/2008|19:48] C:\Program Files\Movie Maker

[02/02/2010|20:43] C:\Program Files\Mozilla Firefox

[02/02/2010|19:58] C:\Program Files\Mozilla Thunderbird

[28/06/2009|19:07] C:\Program Files\MSBuild

[13/09/2008|19:47] C:\Program Files\MSN Gaming Zone

[13/09/2008|20:01] C:\Program Files\MSXML 4.0

[28/01/2010|20:20] C:\Program Files\Navilog1

[28/06/2009|18:08] C:\Program Files\NCH Software

[28/06/2009|11:14] C:\Program Files\NCH Swift Sound

[06/10/2009|22:09] C:\Program Files\Nero

[14/09/2008|19:01] C:\Program Files\NETGEAR

[13/09/2008|19:48] C:\Program Files\NetMeeting

[13/09/2008|19:48] C:\Program Files\Outlook Express

[28/01/2010|20:35] C:\Program Files\PeerTV

[28/06/2009|12:46] C:\Program Files\PQDVD

[28/03/2009|12:40] C:\Program Files\QuickTime

[28/06/2009|19:00] C:\Program Files\Reference Assemblies

[15/11/2009|10:26] C:\Program Files\SFR

[21/10/2008|18:57] C:\Program Files\Shareaza

[28/06/2009|11:23] C:\Program Files\SlySoft

[01/02/2010|13:37] C:\Program Files\Spyware Doctor

[31/01/2010|22:59] C:\Program Files\SUPERAntiSpyware

[23/02/2009|11:49] C:\Program Files\THQ

[13/09/2008|21:55] C:\Program Files\ToniArts

[31/01/2010|01:02] C:\Program Files\Trend Micro

[13/09/2008|19:47] C:\Program Files\Uninstall Information

[14/11/2008|19:40] C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

[13/09/2008|19:57] C:\Program Files\UTILS

[31/01/2010|10:15] C:\Program Files\Veetle

[13/09/2008|21:56] C:\Program Files\VideoLAN

[14/06/2009|21:32] C:\Program Files\VSO

[13/09/2008|20:11] C:\Program Files\Windows Media Connect 2

[13/09/2008|20:12] C:\Program Files\Windows Media Player

[13/09/2008|19:47] C:\Program Files\Windows NT

[13/09/2008|19:49] C:\Program Files\WindowsUpdate

[13/09/2008|20:12] C:\Program Files\WMV9_VCM

[13/09/2008|19:57] C:\Program Files\WSTARTUP

[13/09/2008|19:50] C:\Program Files\xerox

[06/10/2009|22:05] C:\Program Files\Yahoo!

[14/09/2008|08:55] C:\Program Files\Zone Labs

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[21/06/2009|10:53] C:\Program Files\Fichiers communs\Adobe

[28/06/2009|11:11] C:\Program Files\Fichiers communs\AVSMedia

[14/09/2008|19:41] C:\Program Files\Fichiers communs\DESIGNER

[01/05/2009|17:55] C:\Program Files\Fichiers communs\DivX Shared

[13/10/2009|20:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[23/02/2009|11:48] C:\Program Files\Fichiers communs\InstallShield

[13/09/2008|20:13] C:\Program Files\Fichiers communs\Java

[20/10/2008|18:16] C:\Program Files\Fichiers communs\Microsoft Shared

[13/09/2008|19:48] C:\Program Files\Fichiers communs\MSSoap

[06/10/2009|22:22] C:\Program Files\Fichiers communs\Nero

[13/09/2008|21:30] C:\Program Files\Fichiers communs\ODBC

[13/09/2008|19:48] C:\Program Files\Fichiers communs\Services

[13/09/2008|21:29] C:\Program Files\Fichiers communs\SpeechEngines

[13/09/2008|19:48] C:\Program Files\Fichiers communs\System

[31/01/2010|22:59] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 41 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-02 20:48:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:1][D:0]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\Temp

[F:9][D:0]-> C:\DOCUME~1\COCCIN~1\Cookies

[F:52][D:4]-> C:\DOCUME~1\COCCIN~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 31/01/2010|23:05 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 31/01/2010|23:11 - Option : [2]

3 - "C:\Lop SD\LopR_3.txt" - 01/02/2010|22:26 - Option : [4]

4 - "C:\Lop SD\LopR_4.txt" - 01/02/2010|22:35 - Option : [1]

5 - "C:\Lop SD\LopR_5.txt" - 02/02/2010|20:50 - Option : [2]

 

--------------------\\ Fin du rapport a 20:50:34

[

u]

Le rapport TDSSkiller[/u]

 

20:56:38:484 2416 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

20:56:38:484 2416 ================================================================================

20:56:38:484 2416 SystemInfo:

 

20:56:38:484 2416 OS Version: 5.1.2600 ServicePack: 2.0

20:56:38:484 2416 Product type: Workstation

20:56:38:484 2416 ComputerName: DAVID

20:56:38:500 2416 UserName: coccinelle

20:56:38:500 2416 Windows directory: C:\WINDOWS

20:56:38:500 2416 Processor architecture: Intel x86

20:56:38:500 2416 Number of processors: 1

20:56:38:500 2416 Page size: 0x1000

20:56:38:500 2416 Boot type: Normal boot

20:56:38:500 2416 ================================================================================

20:56:38:500 2416 UnloadDriverW: NtUnloadDriver error 2

20:56:38:500 2416 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

20:56:38:515 2416 UtilityInit: KLMD drop and load success

20:56:38:515 2416 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

20:56:38:515 2416 UtilityInit: KLMD open success

20:56:38:515 2416 UtilityInit: Initialize success

20:56:38:515 2416

20:56:38:515 2416 Scanning Services ...

20:56:38:515 2416 CreateRegParser: Registry parser init started

20:56:38:515 2416 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

20:56:38:515 2416 CreateRegParser: DisableWow64Redirection error

20:56:38:515 2416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

20:56:38:515 2416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:56:38:515 2416 wfopen_ex: Trying to KLMD file open

20:56:38:515 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

20:56:38:515 2416 wfopen_ex: File opened ok (Flags 2)

20:56:38:515 2416 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B80

20:56:38:515 2416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

20:56:38:515 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

20:56:38:515 2416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:56:38:515 2416 wfopen_ex: Trying to KLMD file open

20:56:38:515 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

20:56:38:531 2416 wfopen_ex: File opened ok (Flags 2)

20:56:38:531 2416 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384C28

20:56:38:531 2416 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

20:56:38:531 2416 CreateRegParser: EnableWow64Redirection error

20:56:38:531 2416 CreateRegParser: RegParser init completed

20:56:38:828 2416 GetAdvancedServicesInfo: Raw services enum returned 343 services

20:56:38:843 2416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

20:56:38:843 2416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

20:56:38:843 2416

20:56:38:843 2416 Scanning Kernel memory ...

20:56:38:843 2416 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

20:56:38:843 2416 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89C22770

20:56:38:843 2416 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects

20:56:38:843 2416

20:56:38:843 2416 DetectCureTDL3: DEVICE_OBJECT: 893CAC68

20:56:38:843 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 893CAC68

20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0x893CAC68[0x38]

20:56:38:843 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770

20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8]

20:56:38:843 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18]

20:56:38:843 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

20:56:38:843 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30

20:56:38:843 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30

20:56:38:843 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B

20:56:38:843 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B

20:56:38:843 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366

20:56:38:843 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D

20:56:38:843 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3

20:56:38:843 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366

20:56:38:843 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3

20:56:38:843 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24

20:56:38:843 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E

20:56:38:843 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E

20:56:38:843 2416 TDL3_FileDetect: Processing driver: Disk

20:56:38:843 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:843 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:859 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

20:56:38:859 2416

20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 8973B520

20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8973B520

20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 8980EEA0

20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8980EEA0

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x8980EEA0[0x38]

20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT: 892BB3B8

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x892BB3B8[0xA8]

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xE196B368[0x1E]

20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

20:56:38:859 2416 DetectCureTDL3: IrpHandler (0) addr: F773C218

20:56:38:859 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (2) addr: F773C218

20:56:38:859 2416 DetectCureTDL3: IrpHandler (3) addr: F773C23C

20:56:38:859 2416 DetectCureTDL3: IrpHandler (4) addr: F773C23C

20:56:38:859 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (9) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (14) addr: F773C180

20:56:38:859 2416 DetectCureTDL3: IrpHandler (15) addr: F77379E6

20:56:38:859 2416 DetectCureTDL3: IrpHandler (16) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (22) addr: F773B5F0

20:56:38:859 2416 DetectCureTDL3: IrpHandler (23) addr: F7739A6E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E

20:56:38:859 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xF7738F26[0x400]

20:56:38:859 2416 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

20:56:38:859 2416 TDL3_FileDetect: Processing driver: USBSTOR

20:56:38:859 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:56:38:859 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:56:38:859 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

20:56:38:859 2416

20:56:38:859 2416 DetectCureTDL3: DEVICE_OBJECT: 89C1C030

20:56:38:859 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C1C030

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C1C030[0x38]

20:56:38:859 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8]

20:56:38:859 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18]

20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

20:56:38:875 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30

20:56:38:875 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30

20:56:38:875 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B

20:56:38:875 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B

20:56:38:875 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366

20:56:38:875 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D

20:56:38:875 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3

20:56:38:875 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366

20:56:38:875 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3

20:56:38:875 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24

20:56:38:875 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E

20:56:38:875 2416 TDL3_FileDetect: Processing driver: Disk

20:56:38:875 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:875 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:875 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

20:56:38:875 2416

20:56:38:875 2416 DetectCureTDL3: DEVICE_OBJECT: 89C1B030

20:56:38:875 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C1B030

20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C1B030[0x38]

20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT: 89C22770

20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C22770[0xA8]

20:56:38:875 2416 KLMD_ReadMem: Trying to ReadMemory 0xE15244E8[0x18]

20:56:38:875 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

20:56:38:875 2416 DetectCureTDL3: IrpHandler (0) addr: F766DC30

20:56:38:875 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (2) addr: F766DC30

20:56:38:875 2416 DetectCureTDL3: IrpHandler (3) addr: F7667D9B

20:56:38:875 2416 DetectCureTDL3: IrpHandler (4) addr: F7667D9B

20:56:38:875 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (9) addr: F7668366

20:56:38:875 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (14) addr: F766844D

20:56:38:875 2416 DetectCureTDL3: IrpHandler (15) addr: F766BFC3

20:56:38:875 2416 DetectCureTDL3: IrpHandler (16) addr: F7668366

20:56:38:875 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (22) addr: F7669EF3

20:56:38:875 2416 DetectCureTDL3: IrpHandler (23) addr: F766EA24

20:56:38:875 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E

20:56:38:875 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E

20:56:38:875 2416 TDL3_FileDetect: Processing driver: Disk

20:56:38:875 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:875 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:38:890 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

20:56:38:890 2416

20:56:38:890 2416 DetectCureTDL3: DEVICE_OBJECT: 89B9DAB8

20:56:38:890 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89B9DAB8

20:56:38:890 2416 DetectCureTDL3: DEVICE_OBJECT: 89BE4D98

20:56:38:890 2416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89BE4D98

20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0x89BE4D98[0x38]

20:56:38:890 2416 DetectCureTDL3: DRIVER_OBJECT: 89C179F8

20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0x89C179F8[0xA8]

20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0xE102EC28[0x1A]

20:56:38:890 2416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

20:56:38:890 2416 DetectCureTDL3: IrpHandler (0) addr: F74A3572

20:56:38:890 2416 DetectCureTDL3: IrpHandler (1) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (2) addr: F74A3572

20:56:38:890 2416 DetectCureTDL3: IrpHandler (3) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (4) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (5) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (6) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (7) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler ( addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (9) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (10) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (11) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (12) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (13) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (14) addr: F74A3592

20:56:38:890 2416 DetectCureTDL3: IrpHandler (15) addr: F749F7B4

20:56:38:890 2416 DetectCureTDL3: IrpHandler (16) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (17) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (18) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (19) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (20) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (21) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (22) addr: F74A35BC

20:56:38:890 2416 DetectCureTDL3: IrpHandler (23) addr: F74AA164

20:56:38:890 2416 DetectCureTDL3: IrpHandler (24) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (25) addr: 8050301E

20:56:38:890 2416 DetectCureTDL3: IrpHandler (26) addr: 8050301E

20:56:38:890 2416 KLMD_ReadMem: Trying to ReadMemory 0xF74A07C6[0x400]

20:56:38:890 2416 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

20:56:38:890 2416 TDL3_FileDetect: Processing driver: atapi

20:56:38:890 2416 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

20:56:38:890 2416 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

20:56:38:906 2416 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

20:56:38:906 2416

20:56:38:906 2416 Completed

20:56:38:906 2416

20:56:38:906 2416 Results:

20:56:38:906 2416 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

20:56:38:906 2416 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:56:38:906 2416 File objects infected / cured / cured on reboot: 0 / 0 / 0

20:56:38:906 2416

20:56:38:906 2416 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

20:56:38:906 2416 UtilityDeinit: KLMD(ARK) unloaded successfully

[David64800]

Bonjour Apollo,

 

penses-tu que je puisse en rester là ? J'ai toujours quelques fenêtre IExplorer qui s'ouvrent de temps à autre.

Merci

David