Votre question

Pc infecté besoin d'aide

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mai 2008 00:10:12

Bonsoir voila je pense être infecté par un virus j'ai redemarré le pc qui avait planté et déja je n'ai plus accés au gestionnaire de tache...
Il me met l'admin du pc a enlevé l'accés alors que c'est moi...
Et surtout dans ma barre de taches un rond orange avec une croix blanche clignote et un message spam en anglais sur mon écran spyware alert et me fais un scan du pc alors que je demande rien :( 
J'ai assez peur la en faite aidez moi sil vous plait.
Merci

Autres pages sur : infecte besoin aide

31 Mai 2008 00:15:02

Euh ca devien grave la j'ai même mes icones bureaux qui disparaisse et je n'est plus accés a panneau de configuration etc ...
31 Mai 2008 08:39:46

Voici mon report sdfix

b]SDFix: Version 1.187 [/b]
Run by DANIEL on 31/05/2008 at 01:09: VIRUS ALERT!

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\DANIEL\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\version55ie7fix.dll - Deleted
C:\Documents and Settings\DANIEL\Local Settings\Temp\temE4.tmp.exe - Deleted
C:\Documents and Settings\DANIEL\Local Settings\Temp\temE8.tmp.exe - Deleted
C:\Documents and Settings\DANIEL\Local Settings\Temp\temEA.tmp.exe - Deleted
C:\Documents and Settings\DANIEL\Local Settings\Temp\updEE.tmp.exe - Deleted
C:\Documents and Settings\DANIEL\Bureau\Error Cleaner.url - Deleted
C:\Documents and Settings\DANIEL\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\DANIEL\Bureau\Privacy Protector.url - Deleted
C:\Documents and Settings\DANIEL\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\DANIEL\Bureau\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\DANIEL\Favoris\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\boqnrwdmfrp.dll - Deleted
C:\WINDOWS\atfxqogp.dll - Deleted
C:\WINDOWS\vltdfabw.dll - Deleted
C:\WINDOWS\vregfwlx.dll - Deleted
C:\WINDOWS\xmpstean.exe - Deleted





The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 01:22:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:D e,65,d9,44,6a,96,11,e8,16,6e,25,1f,85,7c,ae,97,79,1a,8b,09,05,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cc,5a,94,a6,7d,72,cf,48,ec,c6,0b,ca,d0,69,43,a2,c2,..
"khjeh"=hex:45,39,dc,da,60,67,7e,d5,cc,34,57,e0,ec,1f,88,7b,7f,27,00,2c,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9d,7b,49,e8,31,cd,a2,9c,49,1e,a1,e4,d3,8c,56,2c,d2,c1,02,06,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:D e,65,d9,44,6a,96,11,e8,16,6e,25,1f,85,7c,ae,97,79,1a,8b,09,05,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cc,5a,94,a6,7d,72,cf,48,ec,c6,0b,ca,d0,69,43,a2,c2,..
"khjeh"=hex:45,39,dc,da,60,67,7e,d5,cc,34,57,e0,ec,1f,88,7b,7f,27,00,2c,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1f,21,69,17,59,52,5e,83,6c,9c,f1,be,58,8c,59,e7,38,32,b8,b9,2b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:D e,65,d9,44,6a,96,11,e8,16,6e,25,1f,85,7c,ae,97,79,1a,8b,09,05,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cc,5a,94,a6,7d,72,cf,48,ec,c6,0b,ca,d0,69,43,a2,c2,..
"khjeh"=hex:45,39,dc,da,60,67,7e,d5,cc,34,57,e0,ec,1f,88,7b,7f,27,00,2c,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1f,21,69,17,59,52,5e,83,6c,9c,f1,be,58,8c,59,e7,38,32,b8,b9,2b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\TeamScripT4\\mirc.exe"="C:\\TeamScripT4\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"D:\\JEUX\\Binaries\\R6Vegas_Game.exe"="D:\\JEUX\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe"="D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Garena\\Garena.exe"="C:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\DANIEL\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 8 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT13.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT72.tmp"

Finished!



J'ai aussi lancé un mbam voici les logs :

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 805

06:05:32 31/05/2008
mbam-log-5-31-2008 (06-05-17).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 141652
Temps écoulé: 26 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnllJcb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMdDvvW.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlljcb (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b86a2f9f-8002-422a-9381-fb6504a567dd} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b86a2f9f-8002-422a-9381-fb6504a567dd} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\internetsoftware.pornpro_bho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f53fe7a-7029-e915-b0d1-7f0f565a66fd} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af7e9ebb-e1cf-7f7c-c608-13185698f3e9} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af7e9ebb-e1cf-7f7c-c608-13185698f3e9} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d1f10773-1014-13a8-913e-e183471a7c7b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\internetsoftware.pornpro_bho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1d0b9f7-f3c6-443a-af61-ad47771ace27} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{aaa0a546-2b51-4aed-b1e2-c14f38c73165} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1ae22bce-b554-4803-bae3-2eff740aff44} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{56e90faa-6f19-44fd-8197-0c08388c2632} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc5f2e64 (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomddvvw -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (StartMenu.Hijack) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnllJcb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMdDvvW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gfjudsfl.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\InternetSoftware\InternetSoftware-2.dll (Trojan.BHO) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{07F5D646-DE04-4E5D-A230-4187793269A3}\RP354\A0085521.dll (Trojan.FalkeAlert) -> No action taken.
C:\System Volume Information\_restore{07F5D646-DE04-4E5D-A230-4187793269A3}\RP354\A0085534.exe (Adware.SaveNow) -> No action taken.
C:\System Volume Information\_restore{07F5D646-DE04-4E5D-A230-4187793269A3}\RP354\A0085535.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{07F5D646-DE04-4E5D-A230-4187793269A3}\RP354\A0085539.dll (Trojan.FalkeAlert) -> No action taken.
C:\WINDOWS\system32\WinNB58.dll (Adware.Mirar) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.


Contenus similaires
31 Mai 2008 17:57:41

Aidez moi sil vous plait ;(
31 Mai 2008 20:59:12

n'y a til aucune ame charitable pour me donner un coup de main ?
31 Mai 2008 21:27:07

Bonsoir,

Tu as appliqué les actions avec MBAM ?

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    31 Mai 2008 22:05:30

    Je le fais tout desuite concernant mbam je sais pas si j'ai fais ce qu'il faut :x
    Merci d'avance
    31 Mai 2008 22:18:22

    Voic les log combo fix

    ComboFix 08-05-29.1 - DANIEL 2008-05-31 22:06:24.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.468 [GMT 2:00]
    Endroit: C:\Documents and Settings\DANIEL\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\InternetSoftware\pcre3.dll
    C:\Program Files\InternetSoftware\uninstall.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\DfNpYJlm.ini
    C:\WINDOWS\system32\DfNpYJlm.ini2
    C:\WINDOWS\system32\hiypjpcl.dll
    C:\WINDOWS\system32\lcpjpyih.ini
    C:\WINDOWS\system32\lfsdujfg.ini
    C:\WINDOWS\system32\mdratprw.dll
    C:\WINDOWS\system32\wrptardm.ini
    C:\WINDOWS\system32\WvvDdMoq.ini
    C:\WINDOWS\system32\WvvDdMoq.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-31 21:25 . 2008-05-31 21:25 324,864 --------- C:\WINDOWS\system32\mlJYpNfD.dll_old
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-31 18:51 . 2008-05-31 20:37 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-31 18:31 . 2008-05-31 18:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-31 01:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-30 22:30 . 2008-05-30 22:30 33,920 --a------ C:\WINDOWS\system32\nnnllJcb.dll
    2008-05-30 22:29 . 2008-05-30 05:59 176,128 --a------ C:\WINDOWS\embd.exe
    2008-04-20 14:17 . 2008-04-20 14:17 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\Motive
    2008-04-20 14:17 . 2008-04-20 14:17 79,064 --a------ C:\WINDOWS\UnInstall.exe
    2008-04-20 14:16 . 2008-04-20 14:17 <REP> d-------- C:\Program Files\Fichiers communs\Motive
    2008-04-20 14:16 . 2008-04-20 14:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
    2008-04-19 12:16 . 2008-04-20 14:17 <REP> d-------- C:\Program Files\Orange
    2008-04-19 12:15 . 2008-01-22 22:53 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
    2008-04-19 12:15 . 2003-09-23 10:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
    2008-04-19 12:14 . 2008-04-20 14:12 <REP> d-------- C:\Program Files\OrangeHSS
    2008-04-19 12:14 . 2008-04-19 12:14 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
    2008-04-05 19:03 . 2008-04-05 19:03 <REP> dr-h----- C:\Documents and Settings\DANIEL\Application Data\SecuROM
    2008-04-05 06:06 . 2008-04-05 19:02 <REP> d-------- C:\Program Files\Garena
    2008-04-02 18:19 . 2008-04-02 18:19 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\InstallShield
    2008-04-01 15:45 . 2008-05-27 08:27 <REP> d-------- C:\TeamScripT4

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-31 20:06 --------- d-----w C:\Program Files\InternetSoftware
    2008-05-31 18:38 --------- d-----w C:\Program Files\Macrogaming
    2008-05-30 23:04 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Azureus
    2008-05-29 16:50 --------- d-----w C:\Program Files\MonkeyScriptv1.2
    2008-05-28 12:57 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\LimeWire
    2008-05-28 04:02 --------- d-----w C:\Program Files\eMule
    2008-05-27 06:26 --------- d-----w C:\Program Files\MySpace
    2008-05-25 00:33 --------- d-----w C:\Program Files\Java
    2008-05-16 18:34 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\teamspeak2
    2008-05-14 05:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-04-19 10:15 --------- d-----w C:\Program Files\Wanadoo
    2008-04-18 23:54 --------- d-----w C:\Program Files\Azureus
    2008-04-11 14:19 --------- d-----w C:\Program Files\WowCartographe
    2008-04-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-02 20:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-02 10:13 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-07 21:12 102,719,004 ----a-w C:\Sauv.reg
    2008-03-06 17:32 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-03-06 17:32 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-03-06 17:32 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-03-06 16:10 3,886 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-03-06 09:26 19,834 ----a-w C:\Documents and Settings\All Users\Application Data\naly.dat
    2008-03-06 09:26 17,925 ----a-w C:\Documents and Settings\All Users\Application Data\larozequ.pif
    2008-03-06 09:26 17,254 ----a-w C:\Documents and Settings\DANIEL\Application Data\poty.bin
    2008-03-06 09:26 15,753 ----a-w C:\WINDOWS\radum.reg
    2008-03-06 09:26 14,158 ----a-w C:\WINDOWS\ehob.pif
    2008-03-06 09:26 13,685 ----a-w C:\WINDOWS\pokeg.vbs
    2008-03-06 09:26 12,495 ----a-w C:\Program Files\Fichiers communs\cimacodor.dat
    2008-03-05 21:29 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-03-01 22:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 15:06 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .
    Files Infected - Win32.Agent.zb
    C:\Program Files\Logitech\Video\ManifestEngine.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    2008-05-30 22:30 33920 --a------ C:\WINDOWS\system32\nnnllJcb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5627D67-8B7F-45A3-93B7-934DE7AE08A4}]
    C:\WINDOWS\system32\qoMdDvvW.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB096E58-D79C-4FD3-BEDA-F8029AFEFCFF}]
    C:\WINDOWS\system32\mlJYpNfD.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-03-04 18:20 196608]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-04 18:20 482760]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\MsMsgs.exe" [2004-10-13 18:24 1694208]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
    "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 21:22 262401]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248]
    "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608]
    "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\nnnllJcb.dll [2008-05-30 22:30 33920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnllJcb]
    nnnllJcb.dll 2008-05-30 22:30 33920 C:\WINDOWS\system32\nnnllJcb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Game.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
    R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-10-23 10:29]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\image converter 2\IcVzMon.exe [2005-04-05 13:06]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9512b67e-10da-11dc-9f2d-0013209558aa}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-31 20:00:00 C:\WINDOWS\Tasks\A758477A918BC15A.job"
    - c:\docume~1\daniel\applic~1\onerem~1\title rdr eggs.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-31 22:10:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\nnnllJcb.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
    C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-31 22:13:50 - machine was rebooted [DANIEL]
    ComboFix-quarantined-files.txt 2008-05-31 20:13:46
    ComboFix2.txt 2008-03-07 17:53:59

    Pre-Run: 30,069,846,016 octets libres
    Post-Run: 30,165,680,128 octets libres

    237 --- E O F --- 2008-05-29 01:00:52
    31 Mai 2008 23:23:45

    up j'ai besoin d'aide :( 
    1 Juin 2008 08:51:13

    Re,

    Sois patient !

    Télécharge Lop S&D.exe (d%u2019 Eric 71 & Angeldark) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    1 Juin 2008 12:29:52

    Bonjour Xmichoux.

    Concernant l'anomalie que le bureau disparait j'ai du reboot l'ordi même avec ta manip rien a faire.

    Voici les logs LOP


    -----------------------[ Lop S&D 4.2.1-1 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : DANIEL ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 01/06/2008 | 12:19:39,62 ] [ PC : NOM-5378C34A346 ]
    [ MAJ : 31-05-2008 | 14:12 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [01/09/2005|13:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [01/09/2005|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [10/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [06/01/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [07/09/2007|14:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [08/02/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [10/03/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [23/01/2008|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [01/09/2005|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [09/09/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
    [31/01/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [06/03/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\larozequ.pif
    [02/01/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [07/03/2008|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [31/05/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [10/03/2008|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [26/05/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [20/04/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    [06/03/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\naly.dat
    [03/03/2008|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nivatexeha._sy
    [15/01/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [01/09/2005|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [10/05/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    [31/05/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [14/06/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [24/06/2007|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [10/05/2007|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform
    [07/09/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [10/03/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [24/09/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [28/10/2007|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [17/04/2008|18:11] C:\DOCUME~1\DANIEL\APPLIC~1\Adobe
    [04/10/2007|17:00] C:\DOCUME~1\DANIEL\APPLIC~1\AdobeUM
    [24/09/2007|16:03] C:\DOCUME~1\DANIEL\APPLIC~1\Ahead
    [08/02/2008|17:01] C:\DOCUME~1\DANIEL\APPLIC~1\AVG7
    [31/05/2008|01:04] C:\DOCUME~1\DANIEL\APPLIC~1\Azureus
    [25/01/2008|13:36] C:\DOCUME~1\DANIEL\APPLIC~1\DAEMON Tools
    [01/09/2005|13:58] C:\DOCUME~1\DANIEL\APPLIC~1\desktop.ini
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\dynytox.db
    [20/02/2008|20:19] C:\DOCUME~1\DANIEL\APPLIC~1\FileZilla
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\fisivobixe.ban
    [05/09/2007|15:48] C:\DOCUME~1\DANIEL\APPLIC~1\Google
    [06/03/2008|23:32] C:\DOCUME~1\DANIEL\APPLIC~1\Hamachi
    [11/09/2007|16:49] C:\DOCUME~1\DANIEL\APPLIC~1\Help
    [29/10/2007|14:05] C:\DOCUME~1\DANIEL\APPLIC~1\Identities
    [02/04/2008|18:19] C:\DOCUME~1\DANIEL\APPLIC~1\InstallShield
    [04/11/2007|11:00] C:\DOCUME~1\DANIEL\APPLIC~1\InterVideo
    [23/01/2008|12:28] C:\DOCUME~1\DANIEL\APPLIC~1\Leadertech
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\libyg._sy
    [28/05/2008|14:57] C:\DOCUME~1\DANIEL\APPLIC~1\LimeWire
    [23/08/2007|21:11] C:\DOCUME~1\DANIEL\APPLIC~1\Macromedia
    [31/05/2008|01:36] C:\DOCUME~1\DANIEL\APPLIC~1\Malwarebytes
    [10/09/2007|15:53] C:\DOCUME~1\DANIEL\APPLIC~1\Media Player Classic
    [08/02/2008|17:31] C:\DOCUME~1\DANIEL\APPLIC~1\Microsoft
    [12/05/2007|09:36] C:\DOCUME~1\DANIEL\APPLIC~1\Microsoft Web Folders
    [20/04/2008|14:17] C:\DOCUME~1\DANIEL\APPLIC~1\Motive
    [29/01/2008|13:27] C:\DOCUME~1\DANIEL\APPLIC~1\MSNInstaller
    [19/03/2008|13:52] C:\DOCUME~1\DANIEL\APPLIC~1\MySpace
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\okujydo.lib
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\poty.bin
    [05/04/2008|19:03] C:\DOCUME~1\DANIEL\APPLIC~1\SecuROM
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\simovi._sy
    [08/10/2007|17:38] C:\DOCUME~1\DANIEL\APPLIC~1\Sony Corporation
    [05/09/2007|17:01] C:\DOCUME~1\DANIEL\APPLIC~1\Sun
    [10/05/2007|17:58] C:\DOCUME~1\DANIEL\APPLIC~1\Symantec
    [16/05/2008|20:34] C:\DOCUME~1\DANIEL\APPLIC~1\teamspeak2
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\ubelo.ban
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\udevybukaw._dl
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\umyxo.ban
    [23/01/2008|00:49] C:\DOCUME~1\DANIEL\APPLIC~1\Ventrilo
    [10/09/2007|15:13] C:\DOCUME~1\DANIEL\APPLIC~1\vlc
    [29/10/2007|14:05] C:\DOCUME~1\DANIEL\APPLIC~1\Zylom

    [01/09/2005|13:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [01/09/2005|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [01/06/2007|08:08] C:\DOCUME~1\INVITE\APPLIC~1\Adobe
    [01/09/2005|13:58] C:\DOCUME~1\INVITE\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\INVITE\APPLIC~1\Identities
    [22/10/2007|13:22] C:\DOCUME~1\INVITE\APPLIC~1\Macromedia
    [08/02/2008|17:31] C:\DOCUME~1\INVITE\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\INVITE\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\INVITE\APPLIC~1\Symantec

    [08/02/2008|16:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [07/11/2007|10:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [08/02/2008|17:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [23/08/2007|21:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\sony

    [11/03/2008|04:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [01/06/2008 12:00][--ah-----] C:\WINDOWS\tasks\A758477A918BC15A.job
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [31/05/2008 22:15][--ah-----] C:\WINDOWS\tasks\SA.DAT

    A758477A918BC15A.job <--> c:\docume~1\daniel\applic~1\onerem~1\titlerdreggs.exe

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [06/01/2008|13:50] C:\Program Files\Adobe
    [14/06/2007|19:24] C:\Program Files\Alwil Software
    [08/02/2008|16:53] C:\Program Files\a-squared Anti-Malware
    [31/05/2008|20:37] C:\Program Files\a-squared Free
    [10/03/2008|21:11] C:\Program Files\Avira
    [19/04/2008|01:54] C:\Program Files\Azureus
    [07/03/2008|18:11] C:\Program Files\CCleaner
    [05/03/2008|22:32] C:\Program Files\CodeStuff
    [01/09/2005|12:01] C:\Program Files\ComPlus Applications
    [01/09/2005|14:27] C:\Program Files\CONEXANT
    [04/03/2008|18:44] C:\Program Files\DAEMON Tools Lite
    [02/12/2007|20:14] C:\Program Files\DivX
    [28/05/2008|06:02] C:\Program Files\eMule
    [24/06/2007|12:01] C:\Program Files\epson
    [19/03/2008|12:36] C:\Program Files\FBrowserAdvisor
    [19/03/2008|12:36] C:\Program Files\FBrowsingAdvisor
    [20/04/2008|14:16] C:\Program Files\Fichiers communs
    [01/09/2005|16:23] C:\Program Files\FlashPlayer
    [05/04/2008|19:02] C:\Program Files\Garena
    [31/01/2008|20:44] C:\Program Files\Google
    [08/02/2008|16:48] C:\Program Files\Grisoft
    [05/04/2008|19:02] C:\Program Files\InstallShield Installation Information
    [01/09/2005|15:12] C:\Program Files\Intel
    [11/04/2008|03:02] C:\Program Files\Internet Explorer
    [31/05/2008|22:06] C:\Program Files\InternetSoftware
    [10/05/2007|17:39] C:\Program Files\InterVideo
    [28/01/2008|17:06] C:\Program Files\Inventel
    [01/09/2005|16:29] C:\Program Files\ISP
    [25/05/2008|02:33] C:\Program Files\Java
    [05/01/2008|20:53] C:\Program Files\K-Lite Codec Pack
    [26/02/2008|13:04] C:\Program Files\LimeWire
    [06/09/2007|00:45] C:\Program Files\Logitech
    [31/05/2008|20:38] C:\Program Files\Macrogaming
    [31/05/2008|01:36] C:\Program Files\Malwarebytes' Anti-Malware
    [19/12/2007|10:18] C:\Program Files\Messenger
    [02/04/2008|12:13] C:\Program Files\Messenger Plus! Live
    [08/03/2008|17:26] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [12/05/2007|09:36] C:\Program Files\microsoft frontpage
    [12/05/2007|09:36] C:\Program Files\Microsoft Office
    [10/05/2007|17:37] C:\Program Files\Microsoft SQL Server
    [10/03/2008|10:23] C:\Program Files\Microsoft SQL Server Compact Edition
    [12/05/2007|09:45] C:\Program Files\Microsoft Visual Studio
    [10/05/2007|17:52] C:\Program Files\Microsoft Works
    [29/05/2008|18:50] C:\Program Files\MonkeyScriptv1.2
    [10/05/2007|17:45] C:\Program Files\MoodLogic
    [10/05/2007|17:45] C:\Program Files\Moodlogic HTML
    [01/09/2005|12:01] C:\Program Files\Movie Maker
    [20/12/2007|10:51] C:\Program Files\MSN
    [05/09/2007|16:03] C:\Program Files\MSN Apps
    [01/09/2005|12:00] C:\Program Files\MSN Gaming Zone
    [06/09/2007|03:40] C:\Program Files\MSXML 4.0
    [27/05/2008|08:26] C:\Program Files\MySpace
    [23/09/2007|11:40] C:\Program Files\Nero
    [01/09/2005|12:01] C:\Program Files\NetMeeting
    [01/09/2005|12:00] C:\Program Files\Online Services
    [20/04/2008|14:17] C:\Program Files\Orange
    [20/04/2008|14:12] C:\Program Files\OrangeHSS
    [07/09/2007|03:01] C:\Program Files\Outlook Express
    [03/06/2007|21:29] C:\Program Files\Scd2
    [01/09/2005|12:01] C:\Program Files\Services en ligne
    [01/09/2005|14:21] C:\Program Files\SigmaTel
    [10/05/2007|17:50] C:\Program Files\Skype Installer
    [31/01/2008|17:15] C:\Program Files\Sony
    [31/05/2008|22:03] C:\Program Files\Spybot - Search & Destroy
    [08/03/2008|10:23] C:\Program Files\SuperCopier2
    [15/01/2008|11:07] C:\Program Files\SystemRequirementsLab
    [05/09/2007|13:30] C:\Program Files\Teamspeak2_RC2
    [07/03/2008|23:12] C:\Program Files\Trend Micro
    [10/05/2007|17:40] C:\Program Files\tvtv EPG Installer
    [10/05/2007|17:40] C:\Program Files\TvTvHTML
    [10/05/2007|17:38] C:\Program Files\Uninstall Information
    [01/09/2007|19:00] C:\Program Files\Valve
    [07/01/2008|20:17] C:\Program Files\Ventrilo
    [10/09/2007|15:12] C:\Program Files\VideoLAN
    [26/01/2008|20:24] C:\Program Files\VirtualDJ
    [19/04/2008|12:15] C:\Program Files\Wanadoo
    [11/03/2008|07:47] C:\Program Files\Windows Live
    [08/03/2008|10:58] C:\Program Files\Windows Live Favorites
    [08/03/2008|10:57] C:\Program Files\Windows Live Toolbar
    [07/09/2007|14:28] C:\Program Files\Windows Media Connect 2
    [19/10/2007|10:11] C:\Program Files\Windows Media Player
    [01/09/2005|12:00] C:\Program Files\Windows NT
    [01/09/2005|12:01] C:\Program Files\WindowsUpdate
    [11/09/2007|16:49] C:\Program Files\WinRAR
    [26/01/2008|20:24] C:\Program Files\Wolfenstein - Enemy Territory
    [14/05/2008|07:55] C:\Program Files\World of Warcraft
    [11/04/2008|16:19] C:\Program Files\WowCartographe
    [01/09/2005|12:02] C:\Program Files\xerox
    [01/09/2005|16:18] C:\Program Files\Yahoo HTML
    [23/09/2007|11:38] C:\Program Files\Yahoo!
    [01/09/2005|16:18] C:\Program Files\YahooMFU
    [26/01/2008|20:23] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [06/01/2008|13:50] C:\Program Files\Fichiers communs\Adobe
    [23/09/2007|11:40] C:\Program Files\Fichiers communs\Ahead
    [05/09/2007|18:26] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [06/03/2008|11:26] C:\Program Files\Fichiers communs\cimacodor.dat
    [12/05/2007|09:45] C:\Program Files\Fichiers communs\Designer
    [28/01/2008|17:06] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [19/04/2008|12:14] C:\Program Files\Fichiers communs\France Telecom
    [24/06/2007|12:06] C:\Program Files\Fichiers communs\InstallShield
    [01/09/2005|16:45] C:\Program Files\Fichiers communs\Java
    [06/09/2007|00:45] C:\Program Files\Fichiers communs\Logitech
    [08/03/2008|10:58] C:\Program Files\Fichiers communs\Microsoft Shared
    [20/04/2008|14:17] C:\Program Files\Fichiers communs\Motive
    [01/09/2005|12:01] C:\Program Files\Fichiers communs\MSSoap
    [01/09/2005|13:58] C:\Program Files\Fichiers communs\ODBC
    [01/09/2005|12:01] C:\Program Files\Fichiers communs\Services
    [10/05/2007|17:48] C:\Program Files\Fichiers communs\Sonic Shared
    [10/05/2007|17:48] C:\Program Files\Fichiers communs\Sony Shared
    [01/09/2005|13:58] C:\Program Files\Fichiers communs\SpeechEngines
    [23/08/2007|21:11] C:\Program Files\Fichiers communs\SWF Studio
    [07/09/2007|03:01] C:\Program Files\Fichiers communs\System
    [08/03/2008|10:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [07/03/2008|23:03] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ---------------------------[ Process ]--------------------------

    ... 64

    iexplore.exe ~ [2428]

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\DANIEL\Cookies\daniel@bigpoint[1].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@fr1.darkorbit.bigpoint[2].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@cotedazurpalace[1].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@adopt.euroclick[2].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@partygaming.122.2o7[1].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@partypoker[1].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@2xmoinscher[2].txt
    C:\DOCUME~1\DANIEL\Cookies\daniel@www.2xmoinscher[1].txt
    C:\WINDOWS\Tasks\A758477A918BC15A.job

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 12:21:07
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\system32\LkTtttwa.ini2
    ! VUNDO Possible !

    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\Virtual DJ 3.2 + Crack.rar
    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack
    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack\serial.txt


    [F:27][D:6]-> C:\DOCUME~1\DANIEL\LOCALS~1\Temp
    [F:823][D:0]-> C:\DOCUME~1\DANIEL\Cookies
    [F:3135][D:8]-> C:\DOCUME~1\DANIEL\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 12:21:52,25 ]----------------------
    1 Juin 2008 12:48:32

    Re,

    Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier

    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\Virtual DJ 3.2 + Crack.rar
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack


    Relance Lop S&D

  • Choisis cette fois ci l'Option 4 (LopScript)
  • Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
  • Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)
    1 Juin 2008 12:55:40

    Log LopSD


    -----------------------[ Lop S&D 4.2.1-1 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : DANIEL ] [ "C:\Lop SD" ] [ Selection : 4 ]
    [ 01/06/2008 | 12:51:45,12 ] [ PC : NOM-5378C34A346 ]
    [ MAJ : 31-05-2008 | 14:12 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\Virtual DJ 3.2 + Crack.rar
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@bigpoint[1].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@fr1.darkorbit.bigpoint[2].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@banner.cotedazurpalace[2].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@cotedazurpalace[1].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@adopt.euroclick[2].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@partygaming.122.2o7[1].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@partypoker[1].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@2xmoinscher[2].txt
    Supprimé! - C:\DOCUME~1\DANIEL\Cookies\daniel@www.2xmoinscher[1].txt
    Supprimé! - C:\WINDOWS\Tasks\A758477A918BC15A.job

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [01/09/2005|13:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [01/09/2005|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

    [10/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [06/01/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [07/09/2007|14:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [08/02/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    [10/03/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [23/01/2008|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [01/09/2005|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [09/09/2007|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
    [31/01/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [06/03/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\larozequ.pif
    [02/01/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [07/03/2008|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [31/05/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [10/03/2008|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [26/05/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [20/04/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    [06/03/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\naly.dat
    [03/03/2008|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nivatexeha._sy
    [15/01/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [01/09/2005|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [10/05/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    [31/05/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [14/06/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [24/06/2007|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [10/05/2007|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform
    [07/09/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [10/03/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [24/09/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [28/10/2007|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [17/04/2008|18:11] C:\DOCUME~1\DANIEL\APPLIC~1\Adobe
    [04/10/2007|17:00] C:\DOCUME~1\DANIEL\APPLIC~1\AdobeUM
    [24/09/2007|16:03] C:\DOCUME~1\DANIEL\APPLIC~1\Ahead
    [08/02/2008|17:01] C:\DOCUME~1\DANIEL\APPLIC~1\AVG7
    [31/05/2008|01:04] C:\DOCUME~1\DANIEL\APPLIC~1\Azureus
    [25/01/2008|13:36] C:\DOCUME~1\DANIEL\APPLIC~1\DAEMON Tools
    [01/09/2005|13:58] C:\DOCUME~1\DANIEL\APPLIC~1\desktop.ini
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\dynytox.db
    [20/02/2008|20:19] C:\DOCUME~1\DANIEL\APPLIC~1\FileZilla
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\fisivobixe.ban
    [05/09/2007|15:48] C:\DOCUME~1\DANIEL\APPLIC~1\Google
    [06/03/2008|23:32] C:\DOCUME~1\DANIEL\APPLIC~1\Hamachi
    [11/09/2007|16:49] C:\DOCUME~1\DANIEL\APPLIC~1\Help
    [29/10/2007|14:05] C:\DOCUME~1\DANIEL\APPLIC~1\Identities
    [02/04/2008|18:19] C:\DOCUME~1\DANIEL\APPLIC~1\InstallShield
    [04/11/2007|11:00] C:\DOCUME~1\DANIEL\APPLIC~1\InterVideo
    [23/01/2008|12:28] C:\DOCUME~1\DANIEL\APPLIC~1\Leadertech
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\libyg._sy
    [28/05/2008|14:57] C:\DOCUME~1\DANIEL\APPLIC~1\LimeWire
    [23/08/2007|21:11] C:\DOCUME~1\DANIEL\APPLIC~1\Macromedia
    [31/05/2008|01:36] C:\DOCUME~1\DANIEL\APPLIC~1\Malwarebytes
    [10/09/2007|15:53] C:\DOCUME~1\DANIEL\APPLIC~1\Media Player Classic
    [08/02/2008|17:31] C:\DOCUME~1\DANIEL\APPLIC~1\Microsoft
    [12/05/2007|09:36] C:\DOCUME~1\DANIEL\APPLIC~1\Microsoft Web Folders
    [20/04/2008|14:17] C:\DOCUME~1\DANIEL\APPLIC~1\Motive
    [29/01/2008|13:27] C:\DOCUME~1\DANIEL\APPLIC~1\MSNInstaller
    [19/03/2008|13:52] C:\DOCUME~1\DANIEL\APPLIC~1\MySpace
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\okujydo.lib
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\poty.bin
    [05/04/2008|19:03] C:\DOCUME~1\DANIEL\APPLIC~1\SecuROM
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\simovi._sy
    [08/10/2007|17:38] C:\DOCUME~1\DANIEL\APPLIC~1\Sony Corporation
    [05/09/2007|17:01] C:\DOCUME~1\DANIEL\APPLIC~1\Sun
    [10/05/2007|17:58] C:\DOCUME~1\DANIEL\APPLIC~1\Symantec
    [16/05/2008|20:34] C:\DOCUME~1\DANIEL\APPLIC~1\teamspeak2
    [04/03/2008|18:50] C:\DOCUME~1\DANIEL\APPLIC~1\ubelo.ban
    [03/03/2008|23:13] C:\DOCUME~1\DANIEL\APPLIC~1\udevybukaw._dl
    [06/03/2008|11:26] C:\DOCUME~1\DANIEL\APPLIC~1\umyxo.ban
    [23/01/2008|00:49] C:\DOCUME~1\DANIEL\APPLIC~1\Ventrilo
    [10/09/2007|15:13] C:\DOCUME~1\DANIEL\APPLIC~1\vlc
    [29/10/2007|14:05] C:\DOCUME~1\DANIEL\APPLIC~1\Zylom

    [01/09/2005|13:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [01/09/2005|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

    [01/06/2007|08:08] C:\DOCUME~1\INVITE\APPLIC~1\Adobe
    [01/09/2005|13:58] C:\DOCUME~1\INVITE\APPLIC~1\desktop.ini
    [01/09/2005|12:02] C:\DOCUME~1\INVITE\APPLIC~1\Identities
    [22/10/2007|13:22] C:\DOCUME~1\INVITE\APPLIC~1\Macromedia
    [08/02/2008|17:31] C:\DOCUME~1\INVITE\APPLIC~1\Microsoft
    [01/09/2005|15:43] C:\DOCUME~1\INVITE\APPLIC~1\Sony Corporation
    [01/09/2005|16:49] C:\DOCUME~1\INVITE\APPLIC~1\Symantec

    [08/02/2008|16:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
    [07/11/2007|10:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [08/02/2008|17:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [23/08/2007|21:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\sony

    [11/03/2008|04:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [01/06/2008 12:24][--ah-----] C:\WINDOWS\tasks\SA.DAT

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [06/01/2008|13:50] C:\Program Files\Adobe
    [14/06/2007|19:24] C:\Program Files\Alwil Software
    [08/02/2008|16:53] C:\Program Files\a-squared Anti-Malware
    [31/05/2008|20:37] C:\Program Files\a-squared Free
    [10/03/2008|21:11] C:\Program Files\Avira
    [19/04/2008|01:54] C:\Program Files\Azureus
    [07/03/2008|18:11] C:\Program Files\CCleaner
    [05/03/2008|22:32] C:\Program Files\CodeStuff
    [01/09/2005|12:01] C:\Program Files\ComPlus Applications
    [01/09/2005|14:27] C:\Program Files\CONEXANT
    [04/03/2008|18:44] C:\Program Files\DAEMON Tools Lite
    [02/12/2007|20:14] C:\Program Files\DivX
    [28/05/2008|06:02] C:\Program Files\eMule
    [24/06/2007|12:01] C:\Program Files\epson
    [19/03/2008|12:36] C:\Program Files\FBrowserAdvisor
    [19/03/2008|12:36] C:\Program Files\FBrowsingAdvisor
    [20/04/2008|14:16] C:\Program Files\Fichiers communs
    [01/09/2005|16:23] C:\Program Files\FlashPlayer
    [05/04/2008|19:02] C:\Program Files\Garena
    [31/01/2008|20:44] C:\Program Files\Google
    [08/02/2008|16:48] C:\Program Files\Grisoft
    [05/04/2008|19:02] C:\Program Files\InstallShield Installation Information
    [01/09/2005|15:12] C:\Program Files\Intel
    [11/04/2008|03:02] C:\Program Files\Internet Explorer
    [31/05/2008|22:06] C:\Program Files\InternetSoftware
    [10/05/2007|17:39] C:\Program Files\InterVideo
    [28/01/2008|17:06] C:\Program Files\Inventel
    [01/09/2005|16:29] C:\Program Files\ISP
    [25/05/2008|02:33] C:\Program Files\Java
    [05/01/2008|20:53] C:\Program Files\K-Lite Codec Pack
    [26/02/2008|13:04] C:\Program Files\LimeWire
    [06/09/2007|00:45] C:\Program Files\Logitech
    [31/05/2008|20:38] C:\Program Files\Macrogaming
    [31/05/2008|01:36] C:\Program Files\Malwarebytes' Anti-Malware
    [19/12/2007|10:18] C:\Program Files\Messenger
    [02/04/2008|12:13] C:\Program Files\Messenger Plus! Live
    [08/03/2008|17:26] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [12/05/2007|09:36] C:\Program Files\microsoft frontpage
    [12/05/2007|09:36] C:\Program Files\Microsoft Office
    [10/05/2007|17:37] C:\Program Files\Microsoft SQL Server
    [10/03/2008|10:23] C:\Program Files\Microsoft SQL Server Compact Edition
    [12/05/2007|09:45] C:\Program Files\Microsoft Visual Studio
    [10/05/2007|17:52] C:\Program Files\Microsoft Works
    [29/05/2008|18:50] C:\Program Files\MonkeyScriptv1.2
    [10/05/2007|17:45] C:\Program Files\MoodLogic
    [10/05/2007|17:45] C:\Program Files\Moodlogic HTML
    [01/09/2005|12:01] C:\Program Files\Movie Maker
    [20/12/2007|10:51] C:\Program Files\MSN
    [05/09/2007|16:03] C:\Program Files\MSN Apps
    [01/09/2005|12:00] C:\Program Files\MSN Gaming Zone
    [06/09/2007|03:40] C:\Program Files\MSXML 4.0
    [27/05/2008|08:26] C:\Program Files\MySpace
    [23/09/2007|11:40] C:\Program Files\Nero
    [01/09/2005|12:01] C:\Program Files\NetMeeting
    [01/09/2005|12:00] C:\Program Files\Online Services
    [20/04/2008|14:17] C:\Program Files\Orange
    [20/04/2008|14:12] C:\Program Files\OrangeHSS
    [07/09/2007|03:01] C:\Program Files\Outlook Express
    [03/06/2007|21:29] C:\Program Files\Scd2
    [01/09/2005|12:01] C:\Program Files\Services en ligne
    [01/09/2005|14:21] C:\Program Files\SigmaTel
    [10/05/2007|17:50] C:\Program Files\Skype Installer
    [31/01/2008|17:15] C:\Program Files\Sony
    [31/05/2008|22:03] C:\Program Files\Spybot - Search & Destroy
    [08/03/2008|10:23] C:\Program Files\SuperCopier2
    [15/01/2008|11:07] C:\Program Files\SystemRequirementsLab
    [05/09/2007|13:30] C:\Program Files\Teamspeak2_RC2
    [07/03/2008|23:12] C:\Program Files\Trend Micro
    [10/05/2007|17:40] C:\Program Files\tvtv EPG Installer
    [10/05/2007|17:40] C:\Program Files\TvTvHTML
    [10/05/2007|17:38] C:\Program Files\Uninstall Information
    [01/09/2007|19:00] C:\Program Files\Valve
    [07/01/2008|20:17] C:\Program Files\Ventrilo
    [10/09/2007|15:12] C:\Program Files\VideoLAN
    [26/01/2008|20:24] C:\Program Files\VirtualDJ
    [19/04/2008|12:15] C:\Program Files\Wanadoo
    [11/03/2008|07:47] C:\Program Files\Windows Live
    [08/03/2008|10:58] C:\Program Files\Windows Live Favorites
    [08/03/2008|10:57] C:\Program Files\Windows Live Toolbar
    [07/09/2007|14:28] C:\Program Files\Windows Media Connect 2
    [19/10/2007|10:11] C:\Program Files\Windows Media Player
    [01/09/2005|12:00] C:\Program Files\Windows NT
    [01/09/2005|12:01] C:\Program Files\WindowsUpdate
    [11/09/2007|16:49] C:\Program Files\WinRAR
    [26/01/2008|20:24] C:\Program Files\Wolfenstein - Enemy Territory
    [14/05/2008|07:55] C:\Program Files\World of Warcraft
    [11/04/2008|16:19] C:\Program Files\WowCartographe
    [01/09/2005|12:02] C:\Program Files\xerox
    [01/09/2005|16:18] C:\Program Files\Yahoo HTML
    [23/09/2007|11:38] C:\Program Files\Yahoo!
    [01/09/2005|16:18] C:\Program Files\YahooMFU
    [26/01/2008|20:23] C:\Program Files\Zylom Games

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [06/01/2008|13:50] C:\Program Files\Fichiers communs\Adobe
    [23/09/2007|11:40] C:\Program Files\Fichiers communs\Ahead
    [05/09/2007|18:26] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [06/03/2008|11:26] C:\Program Files\Fichiers communs\cimacodor.dat
    [12/05/2007|09:45] C:\Program Files\Fichiers communs\Designer
    [28/01/2008|17:06] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [19/04/2008|12:14] C:\Program Files\Fichiers communs\France Telecom
    [24/06/2007|12:06] C:\Program Files\Fichiers communs\InstallShield
    [01/09/2005|16:45] C:\Program Files\Fichiers communs\Java
    [06/09/2007|00:45] C:\Program Files\Fichiers communs\Logitech
    [08/03/2008|10:58] C:\Program Files\Fichiers communs\Microsoft Shared
    [20/04/2008|14:17] C:\Program Files\Fichiers communs\Motive
    [01/09/2005|12:01] C:\Program Files\Fichiers communs\MSSoap
    [01/09/2005|13:58] C:\Program Files\Fichiers communs\ODBC
    [01/09/2005|12:01] C:\Program Files\Fichiers communs\Services
    [10/05/2007|17:48] C:\Program Files\Fichiers communs\Sonic Shared
    [10/05/2007|17:48] C:\Program Files\Fichiers communs\Sony Shared
    [01/09/2005|13:58] C:\Program Files\Fichiers communs\SpeechEngines
    [23/08/2007|21:11] C:\Program Files\Fichiers communs\SWF Studio
    [07/09/2007|03:01] C:\Program Files\Fichiers communs\System
    [08/03/2008|10:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [07/03/2008|23:03] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ---------------------------[ Process ]--------------------------

    ... 63

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 12:53:12
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\system32\LkTtttwa.ini2
    ! VUNDO Possible !

    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\Virtual DJ 3.2 + Crack.rar
    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack
    => C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack\serial.txt


    [F:31][D:6]-> C:\DOCUME~1\DANIEL\LOCALS~1\Temp
    [F:821][D:0]-> C:\DOCUME~1\DANIEL\Cookies
    [F:3702][D:8]-> C:\DOCUME~1\DANIEL\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 12:53:55,42 ]----------------------
    1 Juin 2008 15:22:25

    up y a quelqu'un ?
    1 Juin 2008 15:36:56

    Sois PATIENT !
    J'ai un week-end rempli de révisions !

    Repasse ComboFix, poste son rapport.
    1 Juin 2008 15:52:57

    ComboFix 08-05-29.1 - DANIEL 2008-06-01 15:44:21.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 2:00]
    Endroit: C:\Documents and Settings\DANIEL\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\LkTtttwa.ini
    C:\WINDOWS\system32\LkTtttwa.ini2
    C:\WINDOWS\system32\ofuddpvy.ini
    C:\WINDOWS\system32\yvpddufo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-01 12:19 . 2008-06-01 12:53 <REP> d-------- C:\Lop SD
    2008-05-31 23:20 . 2008-05-31 23:20 324,864 --a------ C:\WINDOWS\system32\awtttTkL.dll
    2008-05-31 21:25 . 2008-05-31 21:25 324,864 --------- C:\WINDOWS\system32\mlJYpNfD.dll_old
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-31 18:51 . 2008-05-31 20:37 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-31 18:31 . 2008-05-31 18:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-31 01:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-30 22:30 . 2008-05-30 22:30 33,920 --a------ C:\WINDOWS\system32\nnnllJcb.dll
    2008-05-30 22:29 . 2008-05-30 05:59 176,128 --a------ C:\WINDOWS\embd.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-31 20:06 --------- d-----w C:\Program Files\InternetSoftware
    2008-05-31 18:38 --------- d-----w C:\Program Files\Macrogaming
    2008-05-30 23:04 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Azureus
    2008-05-29 16:50 --------- d-----w C:\Program Files\MonkeyScriptv1.2
    2008-05-28 12:57 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\LimeWire
    2008-05-28 04:02 --------- d-----w C:\Program Files\eMule
    2008-05-27 06:26 --------- d-----w C:\Program Files\MySpace
    2008-05-25 00:33 --------- d-----w C:\Program Files\Java
    2008-05-16 18:34 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\teamspeak2
    2008-05-14 05:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-04-20 12:17 79,064 ----a-w C:\WINDOWS\UnInstall.exe
    2008-04-20 12:17 --------- d-----w C:\Program Files\Orange
    2008-04-20 12:17 --------- d-----w C:\Program Files\Fichiers communs\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
    2008-04-20 12:12 --------- d-----w C:\Program Files\OrangeHSS
    2008-04-19 10:15 --------- d-----w C:\Program Files\Wanadoo
    2008-04-19 10:14 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
    2008-04-18 23:54 --------- d-----w C:\Program Files\Azureus
    2008-04-11 14:19 --------- d-----w C:\Program Files\WowCartographe
    2008-04-05 17:03 --------- d--h--r C:\Documents and Settings\DANIEL\Application Data\SecuROM
    2008-04-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 17:02 --------- d-----w C:\Program Files\Garena
    2008-04-02 20:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-02 16:19 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\InstallShield
    2008-04-02 10:13 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-07 21:12 102,719,004 ----a-w C:\Sauv.reg
    2008-03-06 17:32 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-03-06 17:32 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-03-06 17:32 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-03-06 16:10 3,886 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-03-06 09:26 19,834 ----a-w C:\Documents and Settings\All Users\Application Data\naly.dat
    2008-03-06 09:26 17,925 ----a-w C:\Documents and Settings\All Users\Application Data\larozequ.pif
    2008-03-06 09:26 17,254 ----a-w C:\Documents and Settings\DANIEL\Application Data\poty.bin
    2008-03-06 09:26 15,753 ----a-w C:\WINDOWS\radum.reg
    2008-03-06 09:26 14,158 ----a-w C:\WINDOWS\ehob.pif
    2008-03-06 09:26 13,685 ----a-w C:\WINDOWS\pokeg.vbs
    2008-03-06 09:26 12,495 ----a-w C:\Program Files\Fichiers communs\cimacodor.dat
    2008-03-05 21:29 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-03-01 22:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-01-28 15:06 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .
    Files Infected - Win32.Agent.zb
    C:\Program Files\Logitech\Video\ManifestEngine.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-31_22.13.23.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-31 20:10:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 13:48:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 13:48:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_500.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    2008-05-30 22:30 33920 --a------ C:\WINDOWS\system32\nnnllJcb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D240854-4A42-442F-9A71-EB532625C1A0}]
    2008-05-31 23:20 324864 --a------ C:\WINDOWS\system32\awtttTkL.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5627D67-8B7F-45A3-93B7-934DE7AE08A4}]
    C:\WINDOWS\system32\qoMdDvvW.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB096E58-D79C-4FD3-BEDA-F8029AFEFCFF}]
    C:\WINDOWS\system32\mlJYpNfD.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-03-04 18:20 196608]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-04 18:20 482760]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\MsMsgs.exe" [2004-10-13 18:24 1694208]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
    "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 21:22 262401]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248]
    "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608]
    "PrepareYourVAIO"="C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" [2005-01-21 15:36 118784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\nnnllJcb.dll [2008-05-30 22:30 33920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnllJcb]
    nnnllJcb.dll 2008-05-30 22:30 33920 C:\WINDOWS\system32\nnnllJcb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Game.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
    R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-10-23 10:29]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\image converter 2\IcVzMon.exe [2005-04-05 13:06]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9512b67e-10da-11dc-9f2d-0013209558aa}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 15:49:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\nnnllJcb.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
    C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\OrangeHSS\Browser\Browser.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-01 15:52:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-01 13:52:10
    ComboFix2.txt 2008-05-31 20:13:51
    ComboFix3.txt 2008-03-07 17:53:59

    Pre-Run: 29,302,419,456 octets libres
    Post-Run: 29,440,307,200 octets libres

    230 --- E O F --- 2008-05-29 01:00:52
    1 Juin 2008 16:18:09

    Re,

    On attaque.

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\WINDOWS\system32\nnnllJcb.dll
    C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc22.tmp
    C:\WINDOWS\system32\mlJYpNfD.dll
    C:\WINDOWS\system32\qoMdDvvW.dll
    C:\WINDOWS\system32\awtttTkL.dll
    C:\Documents and Settings\All Users\Application Data\naly.dat
    C:\Documents and Settings\All Users\Application Data\larozequ.pif
    C:\Documents and Settings\DANIEL\Application Data\poty.bin
    C:\WINDOWS\radum.reg
    C:\WINDOWS\ehob.pif
    C:\WINDOWS\pokeg.vbs
    C:\Program Files\Fichiers communs\cimacodor.dat
    C:\WINDOWS\embd.exe
    C:\WINDOWS\system32\mlJYpNfD.dll_old

    Driver::
    mchInjDrv

    File::
    C:\Program Files\Logitech\Video\ManifestEngine.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D240854-4A42-442F-9A71-EB532625C1A0}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5627D67-8B7F-45A3-93B7-934DE7AE08A4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB096E58-D79C-4FD3-BEDA-F8029AFEFCFF}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"=-
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
    "updateMgr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 7.0"=-
    "LVCOMSX"=-
    "LogitechVideoRepair"=-
    "NeroFilterCheck"=-
    "PrepareYourVAIO"=-
    "Adobe Reader Speed Launcher"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnllJcb]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9512b67e-10da-11dc-9f2d-0013209558aa}]


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    ---------------

    Tu devras désinstaller/réinstaller les applications suivantes :
  • Logitech
  • DAEMON Tools Lite
    1 Juin 2008 16:57:24

    ComboFix 08-05-29.1 - DANIEL 2008-06-01 16:47:44.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.509 [GMT 2:00]
    Endroit: C:\Documents and Settings\DANIEL\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\DANIEL\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Logitech\Video\ManifestEngine.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV
    -------\Service_mchInjDrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-01 16:14 . 2008-06-01 16:14 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-01 12:19 . 2008-06-01 12:53 <REP> d-------- C:\Lop SD
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-31 18:51 . 2008-05-31 20:37 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-31 18:31 . 2008-05-31 18:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-31 01:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 14:32 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-05-31 20:06 --------- d-----w C:\Program Files\InternetSoftware
    2008-05-31 18:38 --------- d-----w C:\Program Files\Macrogaming
    2008-05-30 23:04 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Azureus
    2008-05-29 16:50 --------- d-----w C:\Program Files\MonkeyScriptv1.2
    2008-05-28 12:57 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\LimeWire
    2008-05-28 04:02 --------- d-----w C:\Program Files\eMule
    2008-05-27 06:26 --------- d-----w C:\Program Files\MySpace
    2008-05-25 00:33 --------- d-----w C:\Program Files\Java
    2008-05-16 18:34 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\teamspeak2
    2008-05-14 05:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-04-20 12:17 79,064 ----a-w C:\WINDOWS\UnInstall.exe
    2008-04-20 12:17 --------- d-----w C:\Program Files\Orange
    2008-04-20 12:17 --------- d-----w C:\Program Files\Fichiers communs\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
    2008-04-20 12:12 --------- d-----w C:\Program Files\OrangeHSS
    2008-04-19 10:15 --------- d-----w C:\Program Files\Wanadoo
    2008-04-19 10:14 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
    2008-04-18 23:54 --------- d-----w C:\Program Files\Azureus
    2008-04-11 14:19 --------- d-----w C:\Program Files\WowCartographe
    2008-04-05 17:03 --------- d--h--r C:\Documents and Settings\DANIEL\Application Data\SecuROM
    2008-04-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 17:02 --------- d-----w C:\Program Files\Garena
    2008-04-02 16:19 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\InstallShield
    2008-04-02 10:13 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-07 21:12 102,719,004 ----a-w C:\Sauv.reg
    2008-03-06 17:32 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-03-06 17:32 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-03-06 17:32 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-01-28 15:06 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-31_22.13.23.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-31 20:10:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 14:51:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 14:51:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2c0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\MsMsgs.exe" [2004-10-13 18:24 1694208]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
    "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 21:22 262401]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248]
    "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Game.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
    R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-10-23 10:29]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\image converter 2\IcVzMon.exe [2005-04-05 13:06]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    *Newly Created Service* - MCHINJDRV
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 16:51:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc22.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
    C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
    C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-01 16:55:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-01 14:55:04
    ComboFix2.txt 2008-06-01 14:39:52
    ComboFix3.txt 2008-06-01 13:52:16
    ComboFix4.txt 2008-05-31 20:13:51
    ComboFix5.txt 2008-03-07 17:53:59

    Pre-Run: 30,083,481,600 octets libres
    Post-Run: 30,068,592,640 octets libres

    188 --- E O F --- 2008-05-29 01:00:52
    1 Juin 2008 19:17:21

    N'est ce pas vrai que si on s occupe pas tres vite des probleme lié au virus etc ... Ca empire ?
    up
    1 Juin 2008 21:46:53

    Re,

    Démarre en mode sans échec.

    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    CD \
    sc config mchInjDrv start= disabled
    sc stop mchInjDrv
    sc delete mchInjDrv
    del /q "%windir%\Temp\*.*"
    del /q "%windir%\Prefetch\*.*"
    del /q "%userprofile%\Cookies\*.*"
    del /s /q "%temp%\*.*"
    del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
    del /s /q "%userprofile%\Local Settings\Historique\*.*"
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sous sur ton bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).

    Puis redémarre normalement, passe ComboFix.
    Poste son rapport.
    2 Juin 2008 00:41:15

    ComboFix 08-05-29.1 - DANIEL 2008-06-02 0:33:27.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.532 [GMT 2:00]
    Endroit: C:\Documents and Settings\DANIEL\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-01 16:14 . 2008-06-01 16:14 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-01 12:19 . 2008-06-01 12:53 <REP> d-------- C:\Lop SD
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-31 19:00 . 2008-05-31 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-31 18:51 . 2008-06-01 17:12 <REP> d-------- C:\Program Files\a-squared Free
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\DANIEL\Application Data\Malwarebytes
    2008-05-31 01:36 . 2008-05-31 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 15:16 --------- d-----w C:\Program Files\Yahoo!
    2008-06-01 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-01 15:14 --------- d-----w C:\Program Files\Sony
    2008-06-01 15:12 --------- d-----w C:\Program Files\MonkeyScriptv1.2
    2008-06-01 14:32 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-05-31 20:06 --------- d-----w C:\Program Files\InternetSoftware
    2008-05-31 18:38 --------- d-----w C:\Program Files\Macrogaming
    2008-05-30 23:04 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Azureus
    2008-05-28 12:57 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\LimeWire
    2008-05-28 04:02 --------- d-----w C:\Program Files\eMule
    2008-05-27 06:26 --------- d-----w C:\Program Files\MySpace
    2008-05-25 00:33 --------- d-----w C:\Program Files\Java
    2008-05-16 18:34 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\teamspeak2
    2008-05-14 05:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-04-20 12:17 79,064 ----a-w C:\WINDOWS\UnInstall.exe
    2008-04-20 12:17 --------- d-----w C:\Program Files\Orange
    2008-04-20 12:17 --------- d-----w C:\Program Files\Fichiers communs\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\Motive
    2008-04-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
    2008-04-20 12:12 --------- d-----w C:\Program Files\OrangeHSS
    2008-04-19 10:15 --------- d-----w C:\Program Files\Wanadoo
    2008-04-19 10:14 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
    2008-04-18 23:54 --------- d-----w C:\Program Files\Azureus
    2008-04-11 14:19 --------- d-----w C:\Program Files\WowCartographe
    2008-04-05 17:03 --------- d--h--r C:\Documents and Settings\DANIEL\Application Data\SecuROM
    2008-04-05 17:02 --------- d-----w C:\Program Files\Garena
    2008-04-02 20:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-02 16:19 --------- d-----w C:\Documents and Settings\DANIEL\Application Data\InstallShield
    2008-04-02 10:13 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-07 21:12 102,719,004 ----a-w C:\Sauv.reg
    2008-03-06 17:32 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-03-06 17:32 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-03-06 17:32 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-03-06 16:10 3,886 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-03-05 21:29 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-03-01 22:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-01-28 15:06 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-31_22.13.23.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-31 20:10:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 22:32:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-01 22:32:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_828.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\MsMsgs.exe" [2004-10-13 18:24 1694208]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
    "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 10:10 192512]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 21:22 262401]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248]
    "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\fab13300\\counter-strike\\hl.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Game.exe"=
    "D:\\JEUX\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
    R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-10-23 10:29]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\image converter 2\IcVzMon.exe [2005-04-05 13:06]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 00:35:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc21.tmp"
    .
    Temps d'accomplissement: 2008-06-02 0:36:22
    ComboFix-quarantined-files.txt 2008-06-01 22:36:17
    ComboFix2.txt 2008-06-01 14:55:09
    ComboFix3.txt 2008-06-01 14:39:52
    ComboFix4.txt 2008-06-01 13:52:16
    ComboFix5.txt 2008-05-31 20:13:51

    Pre-Run: 30,092,091,392 octets libres
    Post-Run: 30,073,573,376 octets libres

    150 --- E O F --- 2008-05-29 01:00:52


    Bonne nuit a demain :) 
    3 Juin 2008 11:43:47

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\DOCUME~1\DANIEL\LOCALS~1\Temp\mc21.tmp

    File::
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\Virtual DJ 3.2 + Crack.rar
    C:\WINDOWS\nsreg.dat

    Folder::
    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Documents and Settings\DANIEL\Local Settings\Application Data\Microsoft\Messenger\vayou13@msn.com\Sharing Folders\haka33@hotmail.fr\sam\SAM Broadcaster v3.1.8 - YAG\crack

    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
    [-HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\mchInjDrv]


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS