Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Portable infecté

Massa

Par Massa
dans Analyses et éradication malwares

 Partager

Messages recommandés

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

En définitive j'ai pu démarrer normalement.

Voici le rapport ComboFix:

 

ComboFix 10-03-04.05 - Marie-pierre 06/03/2010 18:07:42.5.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\supercopier2\SC2Hook.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\20331716

c:\documents and settings\All Users\Application Data\20331716\20331716 .exe

c:\documents and settings\All Users\Application Data\20331716\20331716.exe

c:\documents and settings\All Users\Application Data\86711023

c:\documents and settings\All Users\Application Data\86711023\86711023 .exe

c:\documents and settings\All Users\Application Data\86711023\86711023.exe

c:\documents and settings\All Users\Application Data\93913328

c:\documents and settings\All Users\Application Data\93913328\93913328 .exe

c:\documents and settings\All Users\Application Data\93913328\93913328.exe

c:\documents and settings\Marie-pierre\Bureau\Security Tool.lnk

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\Adobe\acrotray .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\ctfmon .exe

c:\windows\TEMP\~TM18.tmp

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-05 13:19 . 2010-03-06 00:11 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-23 19:50 . 2010-02-23 19:50 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-23 19:50 . 2010-02-23 19:50 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-20 08:35 3802016 ----a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\83859.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-06 17:19 . 2010-03-06 17:19 55296 ----a-w- c:\documents and settings\Marie-pierre\skytel.exe

2010-03-06 17:13 . 2010-03-06 00:11 20 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-03-06 00:04 . 2010-03-06 00:04 16 ----a-w- c:\documents and settings\NetworkService\Application Data\pdytbs.dat

2010-03-04 20:35 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\tftp.exe

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-23 21:09 . 2006-05-23 15:29 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ------w- c:\windows\system32\ntkrnlpa.exe

.

<pre>
c:\program files\Avira\AntiVir Desktop\avgnt .exe
c:\program files\Adobe\acrotray .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe
c:\program files\Launch Manager\lmanager .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\SuperCopier2\supercopier2 .exe
</pre>

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2010-03-06 55296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2010-03-06 55296]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2010-03-06 55296]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2010-03-06 55296]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2010-03-06 55296]

"SkyTel"="SkyTel.EXE" [N/A]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2010-03-06 55296]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2010-03-06 55296]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2010-03-06 55296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2010-03-06 55296]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-06 55296]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - mchInjDrv

*Deregistered* - rmbxv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-06 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 17:19]

 

2010-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2010-03-04 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

 

2010-03-06 c:\windows\Tasks\At25.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At26.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At27.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At28.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At29.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At30.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At31.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At32.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-03-06 c:\windows\Tasks\At33.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At34.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At35.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At36.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At37.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At38.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At39.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At40.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At41.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At42.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At43.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At44.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At45.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At46.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At47.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

 

2010-03-06 c:\windows\Tasks\At48.job

- c:\program files\adobe\acrotray .exe [2010-03-06 17:23]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-06 18:20

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\MARIE-~1\LOCALS~1\Temp\mc2D.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rmbxv]

 

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(632)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3028)

c:\program files\supercopier2\SC2Hook.dll

c:\acer\empowering technology\epower\SysHook.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\acer\empowering technology\epower\epower_dmc .exe

c:\progra~1\launch~1\lmanager .exe

c:\program files\java\jre1.5.0_03\bin\jusched .exe

c:\program files\supercopier2\supercopier2 .exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\empowering technology\erecovery\eragent .exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-03-06 18:39:31 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-06 17:38

ComboFix2.txt 2010-03-05 13:33

ComboFix3.txt 2010-03-04 22:55

ComboFix4.txt 2010-02-28 13:46

ComboFix5.txt 2010-03-06 17:06

 

Avant-CF: 27 137 638 400 octets libres

Après-CF: 27 118 174 208 octets libres

 

- - End Of File - - BA60712B776B92CC9682CE5AAE5CB12B

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

On y voit plus clair (contrairement aux apparences), et on a franchi une étape. J'espère pouvoir réduire le nombre de manips à te faire faire.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/b49d34
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Content de savoir que ça avance bien.

Voici le dernier rapport:

 

ComboFix 10-03-04.05 - Marie-pierre 06/03/2010 23:38:30.6.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Marie-pierre\Bureau\CFscript.txt

 

FILE ::

"c:\program files\internet explorer\wmpscfgs.exe"

"c:\windows\system32\fjhdyfhsn.bat"

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At10.job"

"c:\windows\Tasks\At11.job"

"c:\windows\Tasks\At12.job"

"c:\windows\Tasks\At13.job"

"c:\windows\Tasks\At14.job"

"c:\windows\Tasks\At15.job"

"c:\windows\Tasks\At16.job"

"c:\windows\Tasks\At17.job"

"c:\windows\Tasks\At18.job"

"c:\windows\Tasks\At19.job"

"c:\windows\Tasks\At2.job"

"c:\windows\Tasks\At20.job"

"c:\windows\Tasks\At21.job"

"c:\windows\Tasks\At22.job"

"c:\windows\Tasks\At23.job"

"c:\windows\Tasks\At24.job"

"c:\windows\Tasks\At25.job"

"c:\windows\Tasks\At26.job"

"c:\windows\Tasks\At27.job"

"c:\windows\Tasks\At28.job"

"c:\windows\Tasks\At29.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At30.job"

"c:\windows\Tasks\At31.job"

"c:\windows\Tasks\At32.job"

"c:\windows\Tasks\At33.job"

"c:\windows\Tasks\At34.job"

"c:\windows\Tasks\At35.job"

"c:\windows\Tasks\At36.job"

"c:\windows\Tasks\At37.job"

"c:\windows\Tasks\At38.job"

"c:\windows\Tasks\At39.job"

"c:\windows\Tasks\At4.job"

"c:\windows\Tasks\At40.job"

"c:\windows\Tasks\At41.job"

"c:\windows\Tasks\At42.job"

"c:\windows\Tasks\At43.job"

"c:\windows\Tasks\At44.job"

"c:\windows\Tasks\At45.job"

"c:\windows\Tasks\At46.job"

"c:\windows\Tasks\At47.job"

"c:\windows\Tasks\At48.job"

"c:\windows\Tasks\At49.job"

"c:\windows\Tasks\At5.job"

"c:\windows\Tasks\At50.job"

"c:\windows\Tasks\At51.job"

"c:\windows\Tasks\At52.job"

"c:\windows\Tasks\At53.job"

"c:\windows\Tasks\At6.job"

"c:\windows\Tasks\At7.job"

"c:\windows\Tasks\At8.job"

"c:\windows\Tasks\At9.job"

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\supercopier2\SC2Hook.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\adobe\acrotray.exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\fjhdyfhsn.bat

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_RMBXV

-------\Service_rmbxv

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-06 23:53 . 2010-03-06 23:53 55296 ----a-w- c:\documents and settings\Marie-pierre\skytel.exe

2010-03-05 13:21 . 2010-03-06 23:50 792064 ----a-w- c:\windows\system32\drivers\rmbxv.sys

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-06 17:13 . 2010-03-06 00:11 20 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-03-06 00:04 . 2010-03-06 00:04 16 ----a-w- c:\documents and settings\NetworkService\Application Data\pdytbs.dat

2010-03-04 20:35 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\tftp.exe

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ------w- c:\windows\system32\ntkrnlpa.exe

.

<pre>
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe
c:\program files\Launch Manager\lmanager .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\SuperCopier2\supercopier2 .exe
</pre>

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2010-03-06 55296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2010-03-06 55296]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2010-03-06 55296]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2010-03-06 55296]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2010-03-06 55296]

"SkyTel"="SkyTel.EXE" [N/A]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2010-03-06 55296]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2010-03-06 55296]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2010-03-06 55296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2010-03-06 55296]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-05 55296]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-06 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-07 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-06 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-06 23:54]

 

2010-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2010-03-04 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

 

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-07 00:56

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\MARIE-~1\LOCALS~1\Temp\mc21.tmp"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2420)

c:\program files\SuperCopier2\SC2Hook.dll

c:\acer\empowering technology\epower\SysHook.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\acer\empowering technology\epower\epower_dmc .exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-03-07 01:24:48 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-07 00:24

ComboFix2.txt 2010-03-06 17:39

ComboFix3.txt 2010-03-05 13:33

ComboFix4.txt 2010-03-04 22:55

ComboFix5.txt 2010-03-06 22:19

 

Avant-CF: 27 134 623 744 octets libres

Après-CF: 27 138 195 456 octets libres

 

- - End Of File - - C8BB0CD48F09E8A6E3749A4F2D00A7FE

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

La source de la bestiole devrait dégager.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/942095
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

voici le rapport ComboFix:

 

ComboFix 10-03-06.07 - Marie-pierre 07/03/2010 13:32:41.7.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Marie-pierre\Bureau\CFscript.txt

 

FILE ::

"c:\acer\empowering technology\epower\epower_dmc .exe"

"c:\documents and settings\LocalService\Application Data\pdytbs.dat"

"c:\documents and settings\NetworkService\Application Data\pdytbs.dat"

"c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe"

"c:\program files\Java\jre1.5.0_03\bin\jusched .exe"

"c:\program files\Launch Manager\lmanager .exe"

"c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe"

"c:\program files\SuperCopier2\supercopier2 .exe"

"c:\windows\system32\drivers\rmbxv.sys"

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At10.job"

"c:\windows\Tasks\At11.job"

"c:\windows\Tasks\At12.job"

"c:\windows\Tasks\At13.job"

"c:\windows\Tasks\At14.job"

"c:\windows\Tasks\At15.job"

"c:\windows\Tasks\At16.job"

"c:\windows\Tasks\At17.job"

"c:\windows\Tasks\At18.job"

"c:\windows\Tasks\At19.job"

"c:\windows\Tasks\At2.job"

"c:\windows\Tasks\At20.job"

"c:\windows\Tasks\At21.job"

"c:\windows\Tasks\At22.job"

"c:\windows\Tasks\At23.job"

"c:\windows\Tasks\At24.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At4.job"

"c:\windows\Tasks\At5.job"

"c:\windows\Tasks\At6.job"

"c:\windows\Tasks\At7.job"

"c:\windows\Tasks\At8.job"

"c:\windows\Tasks\At9.job"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\acer\Empowering Technology\ePower\Boot.exe

c:\acer\empowering technology\epower\epower_dmc .exe

c:\acer\Empowering Technology\ePower\ePower_DMC.exe

c:\acer\Empowering Technology\ePresentation\ePresentation.exe

c:\acer\Empowering Technology\eRecovery\eRAgent.exe

c:\documents and settings\LocalService\Application Data\pdytbs.dat

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\documents and settings\NetworkService\Application Data\pdytbs.dat

c:\progra~1\LAUNCH~1\LManager.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\alcmtr.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\rthdcpl.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\skytel.exe

c:\program files\Adobe\acrotray .exe

c:\program files\Avira\AntiVir Desktop\avgnt .exe

c:\program files\Avira\AntiVir Desktop\avgnt.exe

c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe

c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

c:\program files\HP\Digital Imaging\Help\alcmtr.exe

c:\program files\HP\Digital Imaging\Help\rthdcpl.exe

c:\program files\HP\Digital Imaging\Help\skytel.exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\program files\Java\jre1.5.0_03\bin\jusched .exe

c:\program files\Java\jre1.5.0_03\bin\jusched.exe

c:\program files\Launch Manager\lmanager .exe

c:\program files\Launch Manager\lmanager.exe

c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe

c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui.exe

c:\program files\OpenOffice.org 2.0\program\alcmtr.exe

c:\program files\OpenOffice.org 2.0\program\rthdcpl.exe

c:\program files\OpenOffice.org 2.0\program\skytel.exe

c:\program files\QuickTime\qttask.exe

c:\program files\SuperCopier2\supercopier2 .exe

c:\program files\SuperCopier2\SuperCopier2.exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\drivers\rmbxv.sys

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-07 au 2010-03-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-23 19:50 . 2010-02-23 19:50 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-23 19:50 . 2010-02-23 19:50 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-20 08:35 3802016 ----a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-04 20:35 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\tftp.exe

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-23 21:09 . 2006-05-23 15:29 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-23 19:51 . 2010-02-18 21:53 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-23 19:50 . 2010-02-18 21:53 150888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2010-02-23 19:50 . 2010-02-18 21:53 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-23 19:50 . 2010-02-18 21:53 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-23 19:50 . 2010-02-18 21:53 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-23 19:50 . 2010-02-18 21:53 735008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2010-02-23 19:50 . 2010-02-18 21:53 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-23 19:50 . 2010-02-18 21:53 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 09:08 . 2007-03-10 21:21 110592 ----a-w- c:\documents and settings\Marie-pierre\Application Data\U3\temp\cleanup.exe

2010-02-20 09:08 . 2009-08-21 14:37 1962232 ----a-w- c:\documents and settings\Marie-pierre\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-02-20 08:35 . 2008-10-01 18:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe

2010-02-20 08:35 . 2008-07-04 12:35 54632 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

2010-02-20 08:35 . 2007-05-17 17:31 21489968 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_web[1].exe

2010-02-20 08:35 . 2007-05-17 17:30 8704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

2010-02-20 08:35 . 2007-05-17 17:30 15872 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2010-02-20 08:35 . 2007-05-17 17:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

2010-02-18 21:53 . 2010-02-18 21:53 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-02-18 21:53 . 2010-02-18 21:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-02-18 21:53 . 2010-02-18 21:53 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-02-18 21:53 . 2010-02-18 21:53 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-18 21:53 . 2010-02-18 21:53 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-02-18 21:53 . 2010-02-18 21:53 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ------w- c:\windows\system32\ntkrnlpa.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sysgif32"="c:\windows\TEMP\~TM13.tmp" [2010-03-07 32256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - AYUOGKV

*Deregistered* - ayuogkv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2010-03-04 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

 

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe

HKLM-Run-ntiMUI - c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

HKLM-Run-Acer ePresentation HPD - c:\acer\Empowering Technology\ePresentation\ePresentation.exe

HKLM-Run-ePower_DMC - c:\acer\Empowering Technology\ePower\ePower_DMC.exe

HKLM-Run-Boot - c:\acer\Empowering Technology\ePower\Boot.exe

HKLM-Run-SkyTel - SkyTel.EXE

HKLM-Run-LManager - c:\progra~1\LAUNCH~1\LManager.exe

HKLM-Run-eRecoveryService - c:\acer\Empowering Technology\eRecovery\eRAgent.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_03\bin\jusched.exe

HKLM-Run-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-07 14:04

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ayuogkv]

 

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(1456)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\msiexec.exe

c:\docume~1\ALLUSE~1\APPLIC~1\98236432\98236432.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-03-07 16:06:10 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-07 15:06

ComboFix2.txt 2010-03-07 00:25

ComboFix3.txt 2010-03-06 17:39

ComboFix4.txt 2010-03-05 13:33

ComboFix5.txt 2010-03-07 12:25

 

Avant-CF: 27 105 132 544 octets libres

Après-CF: 27 096 285 184 octets libres

 

- - End Of File - - 2F360DF2651C2234DBC3041025BA0A8C

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

On a eu le driver et ce qui régénérait l'infection. Ca a pris du temps, mais là c'est ok. :P

 

Télécharge OTMoveIt (OTM) par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Windows Vista ou 7, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes

:reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysgif32"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ayuogkv]

:Services
AYUOGKV

:commands
[EmptyTemp]
[Start Explorer]


  • Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

OK ! :P

Security Tool m'a un peu retardé. :P

Voici le rapport OTM

 

All processes killed

========== PROCESSES ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysgif32 not found.

Registry key HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ayuogkv\ not found.

========== SERVICES/DRIVERS ==========

Error: No service named AYUOGKV was found to stop!

Service\Driver key AYUOGKV not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default User

->Temp folder emptied: 16384 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: All Users

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 405 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Marie-pierre

->Temp folder emptied: 18729 bytes

->Temporary Internet Files folder emptied: 991514 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 22385255 bytes

->Flash cache emptied: 3130300 bytes

 

User: Administrateur

->Temp folder emptied: 43904 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 289905 bytes

%systemroot%\System32 .tmp files removed: 2833408 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70678 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32835 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 29,00 mb

 

 

OTM by OldTimer - Version 3.1.10.0 log created on 03072010_170947

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Mets à jour MBAM maintenant, et fais une recherche rapide après cette mise à jour.

Poste le rapport obtenu stp.

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Voici le rapport MBAM:

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3832

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

07/03/2010 18:02:55

mbam-log-2010-03-07 (18-02-55).txt

 

Type de recherche: Examen rapide

Eléments examinés: 130973

Temps écoulé: 32 minute(s), 24 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...