Se connecter / S'enregistrer
Votre question

Infection de PUB CID + rapport

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Mai 2008 12:16:17

J'ai une infection de pub cid quand je joue a des jeux avec steam et quand je navigue sur le Net


----------------------------[ LopResearch v3 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : C:\Documents and Settings\Yass\Bureau

Rapport crée : Le 2008-05-11 à 22:35:33.15 PC : COMPUTER-1

! Faire analyser le rapport par un Helper avant intervention !

---------------------[ Listing des Applications Data ]--------------------

C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site
C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\ESET
C:\Documents and Settings\All Users\Application Data\hpzinstall.log
C:\Documents and Settings\All Users\Application Data\nView_Profiles
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\sentinel
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\HP

C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\LocalService\Application Data\Xfire
C:\Documents and Settings\LocalService\Application Data\Microsoft

C:\Documents and Settings\NetworkService\Application Data\Boretrustuser
C:\Documents and Settings\NetworkService\Application Data\Xfire
C:\Documents and Settings\NetworkService\Application Data\Microsoft

C:\Documents and Settings\Yass\Application Data\teamspeak2
C:\Documents and Settings\Yass\Application Data\LimeWire
C:\Documents and Settings\Yass\Application Data\Boretrustuser
C:\Documents and Settings\Yass\Application Data\Microsoft
C:\Documents and Settings\Yass\Application Data\Google
C:\Documents and Settings\Yass\Application Data\Samsung
C:\Documents and Settings\Yass\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Yass\Application Data\Ahead
C:\Documents and Settings\Yass\Application Data\HP
C:\Documents and Settings\Yass\Application Data\Macromedia
C:\Documents and Settings\Yass\Application Data\Adobe
C:\Documents and Settings\Yass\Application Data\desktop.ini
C:\Documents and Settings\Yass\Application Data\WinRAR
C:\Documents and Settings\Yass\Application Data\Mozilla
C:\Documents and Settings\Yass\Application Data\Identities

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\AF749CA7918F0E63.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

--------------[ Listing des dossiers dans C:\Program Files ]--------------

C:\Program Files\Alcohol Soft
C:\Program Files\Alwil Software
C:\Program Files\Boretrustuser
C:\Program Files\BrowsingTool
C:\Program Files\C-Media
C:\Program Files\ComPlus Applications
C:\Program Files\DivX
C:\Program Files\EA GAMES
C:\Program Files\Fichiers communs
C:\Program Files\FileZilla
C:\Program Files\FlashGet
C:\Program Files\Google
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\id Software
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\Lavasoft
C:\Program Files\LimeWire
C:\Program Files\Messenger Plus! Live
C:\Program Files\Microsoft Office
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN Messenger
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Outlook Express
C:\Program Files\PC Camera
C:\Program Files\Samsung
C:\Program Files\Services en ligne
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steam
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Warcraft III
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----

C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Blizzard Entertainment
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\HP
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\PCCamera
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

memo site kind that REG_SZ C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\IDOL DRIVE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

Chinskip REG_SZ C:\DOCUME~1\Yass\APPLIC~1\BORETR~1\refthe.exe

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site
C:\Documents and Settings\NetworkService\Application Data\BORETR~1
C:\Documents and Settings\Yass\Application Data\BORETR~1
C:\Program Files\BORETR~1
C:\WINDOWS\tasks\AF749CA7918F0E63.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------------[ Recherche d'autres infections ]---------------------


! VUNDO Possible !


--------------------[ Fin du rapport à 22:35:55.93 ]----------------------

Autres pages sur : infection pub cid rapport

12 Mai 2008 12:58:26

Hello ,

Supprime LopResearch v3 puis ,

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge Lop S&D [:eric_71:22] < ici

Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

Contenus similaires
12 Mai 2008 22:23:48


-----------------------[ Lop S&D 4.2.0-8 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Yass ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-05-12 | 22:20:05.64 ] [ PC : COMPUTER-1 ]
[ MAJ : 11-05-2008 | 18:25 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2008-05-11|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-01-28|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-02-13|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-05-07|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-05-04|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
[2008-01-28|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[2008-02-11|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2008-05-12|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[2008-04-19|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-03-03|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-01-28|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-02-04|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2008-01-28|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[2008-04-19|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-04-12|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2008-01-28|19:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-01-28|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-01-28|19:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-27|08:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[2008-03-30|13:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Boretrustuser
[2008-01-28|19:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-03-26|11:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Adobe
[2008-01-28|22:27] C:\DOCUME~1\Yass\APPLIC~1\Ahead
[2008-05-04|08:06] C:\DOCUME~1\Yass\APPLIC~1\Boretrustuser
[2008-01-28|19:52] C:\DOCUME~1\Yass\APPLIC~1\desktop.ini
[2008-02-08|11:16] C:\DOCUME~1\Yass\APPLIC~1\GDIPFONTCACHEV1.DAT
[2008-02-24|17:58] C:\DOCUME~1\Yass\APPLIC~1\Google
[2008-01-28|21:45] C:\DOCUME~1\Yass\APPLIC~1\HP
[2008-01-28|19:10] C:\DOCUME~1\Yass\APPLIC~1\Identities
[2008-05-12|20:01] C:\DOCUME~1\Yass\APPLIC~1\LimeWire
[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Macromedia
[2008-04-15|10:58] C:\DOCUME~1\Yass\APPLIC~1\Microsoft
[2008-01-28|19:37] C:\DOCUME~1\Yass\APPLIC~1\Mozilla
[2008-02-16|14:34] C:\DOCUME~1\Yass\APPLIC~1\Samsung
[2008-05-11|18:09] C:\DOCUME~1\Yass\APPLIC~1\teamspeak2
[2008-01-28|19:46] C:\DOCUME~1\Yass\APPLIC~1\WinRAR

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-05-12 22:00][--ah-----] C:\WINDOWS\tasks\AF749CA7918F0E63.job
[2008-05-12 17:56][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[2001-08-24 18:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

AF749CA7918F0E63.job <--> c:\docume~1\yass\applic~1\boretr~1\Locksbytefree.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-02-14|21:43] C:\Program Files\Alcohol Soft
[2008-04-19|13:05] C:\Program Files\Alwil Software
[2008-05-11|23:08] C:\Program Files\Avira
[2008-05-04|08:02] C:\Program Files\Boretrustuser
[2008-05-12|19:23] C:\Program Files\BrowsingTool
[2008-01-28|19:24] C:\Program Files\C-Media
[2008-01-28|18:59] C:\Program Files\ComPlus Applications
[2008-05-01|01:06] C:\Program Files\DivX
[2008-05-07|22:16] C:\Program Files\EA GAMES
[2008-03-22|20:59] C:\Program Files\Fichiers communs
[2008-02-14|21:47] C:\Program Files\FileZilla
[2008-02-25|13:57] C:\Program Files\FlashGet
[2008-05-07|22:17] C:\Program Files\Google
[2008-02-11|20:47] C:\Program Files\Hewlett-Packard
[2008-02-11|20:47] C:\Program Files\HP
[2008-03-11|20:25] C:\Program Files\id Software
[2008-05-07|22:19] C:\Program Files\InstallShield Installation Information
[2008-02-05|17:49] C:\Program Files\Internet Explorer
[2008-02-14|20:31] C:\Program Files\Java
[2008-04-19|12:55] C:\Program Files\Lavasoft
[2008-02-14|20:32] C:\Program Files\LimeWire
[2008-02-25|14:16] C:\Program Files\Messenger Plus! Live
[2008-01-29|19:33] C:\Program Files\Microsoft Office
[2008-01-28|19:00] C:\Program Files\Movie Maker
[2008-05-12|22:17] C:\Program Files\Mozilla Firefox
[2008-02-25|14:16] C:\Program Files\MSN Messenger
[2008-01-28|22:25] C:\Program Files\Nero
[2008-01-28|19:01] C:\Program Files\NetMeeting
[2008-01-28|19:00] C:\Program Files\Outlook Express
[2008-03-12|17:22] C:\Program Files\PC Camera
[2008-02-16|14:21] C:\Program Files\Samsung
[2008-01-28|19:01] C:\Program Files\Services en ligne
[2008-04-19|12:57] C:\Program Files\Spybot - Search & Destroy
[2008-05-12|12:18] C:\Program Files\Steam
[2008-02-06|21:56] C:\Program Files\Teamspeak2_RC2
[2008-01-28|19:10] C:\Program Files\Uninstall Information
[2008-03-30|21:18] C:\Program Files\Warcraft III
[2008-02-25|14:16] C:\Program Files\Windows Live
[2008-05-07|22:37] C:\Program Files\Windows Media Connect 2
[2008-05-07|22:37] C:\Program Files\Windows Media Player
[2008-01-28|18:58] C:\Program Files\Windows NT
[2008-01-28|19:46] C:\Program Files\WinRAR
[2008-03-30|21:18] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2008-02-16|14:20] C:\Program Files\Fichiers communs\Adobe
[2008-01-28|22:26] C:\Program Files\Fichiers communs\Ahead
[2008-03-22|20:59] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-01-29|19:33] C:\Program Files\Fichiers communs\Designer
[2008-01-28|19:21] C:\Program Files\Fichiers communs\HP
[2008-05-07|22:25] C:\Program Files\Fichiers communs\InstallShield
[2008-02-14|20:29] C:\Program Files\Fichiers communs\Java
[2008-01-29|19:34] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-01-28|19:00] C:\Program Files\Fichiers communs\MSSoap
[2008-01-28|19:53] C:\Program Files\Fichiers communs\ODBC
[2008-03-12|17:22] C:\Program Files\Fichiers communs\PCCamera
[2008-01-28|19:00] C:\Program Files\Fichiers communs\Services
[2008-01-28|19:53] C:\Program Files\Fichiers communs\SpeechEngines
[2008-01-29|19:32] C:\Program Files\Fichiers communs\System
[2008-04-19|12:54] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 36

IEXPLORE.EXE ~ [1636]
IEXPLORE.EXE ~ [1912]
IEXPLORE.EXE ~ [2804]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\Yass\LOCALS~1\Temp\bis40.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\IDOL DRIVE.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\boretr~1
C:\DOCUME~1\NETWOR~1\APPLIC~1\boretr~1\refthe.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\2 delete bat meal.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\fbplntbf.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\hsrnhmju.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\Locks byte free.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\nlcfpmrm.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\refthe.exe
C:\DOCUME~1\Yass\APPLIC~1\boretr~1\sikyrirs.exe
C:\Program Files\boretr~1
C:\WINDOWS\Tasks\AF749CA7918F0E63.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chinskip"="C:\\DOCUME~1\\Yass\\APPLIC~1\\BORETR~1\\refthe.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"memo site kind that"="C:\\Documents and Settings\\All Users\\Application Data\\Grid Blue Memo Site\\IDOL DRIVE.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 22:21:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\huicfgaw.ini2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\ybeeg.ini2
! VUNDO Possible !

=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoDVD.crackShadowCast[www.donkey-games.com].rar
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast\Battlefield.2-RELOADED.ShadowCast.OSiOLEK.nfo
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast\CoreDLL.dll


/!\ [Fich:2378][Doss:52] C:\DOCUME~1\Yass\LOCALS~1\Temp
/!\ [Fich:490][Doss:0] C:\DOCUME~1\Yass\Cookies
/!\ [Fich:2152][Doss:4] C:\DOCUME~1\Yass\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:22:06.56 ]----------------------


Voila Eric_71 tu peux me dire quoi faire après ( merci de ton aide :) 
12 Mai 2008 22:38:53

Re ,

Supprime les cracks sur ton bureau ce sont des nids d'infections ...


Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\huicfgaw.ini2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\ybeeg.ini2

Relance Lop S&D
Choisis cette fois ci l'Option 4 ( LopScript )
Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

13 Mai 2008 20:32:32

J'ai fait 2 Raport le premier avec les petit crack que j'ai supprimé par la suite donc j'ai refait un 2eme raport

-----------------------[ Lop S&D 4.2.0-8 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Yass ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 2008-05-13 | 20:11:25.76 ] [ PC : COMPUTER-1 ]
[ MAJ : 11-05-2008 | 18:25 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\huicfgaw.ini2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\ybeeg.ini2

Supprimé! - C:\WINDOWS\system32\aycdd.ini2
Supprimé! - C:\WINDOWS\system32\efhkj.ini2
Supprimé! - C:\WINDOWS\system32\fhhkj.ini2
Supprimé! - C:\WINDOWS\system32\gjkkj.ini2
Supprimé! - C:\WINDOWS\system32\huicfgaw.ini2
Supprimé! - C:\WINDOWS\system32\mnnmp.ini2
Supprimé! - C:\WINDOWS\system32\oqtwa.ini2
Supprimé! - C:\WINDOWS\system32\pqtss.ini2
Supprimé! - C:\WINDOWS\system32\pqtwa.ini2
Supprimé! - C:\WINDOWS\system32\sstwa.ini2
Supprimé! - C:\WINDOWS\system32\tstwa.ini2
Supprimé! - C:\WINDOWS\system32\ybeeg.ini2

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\IDOL DRIVE.exe
Supprimé! - C:\DOCUME~1\NETWOR~1\APPLIC~1\boretr~1\refthe.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\2 delete bat meal.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\fbplntbf.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\hsrnhmju.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\Locks byte free.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\nlcfpmrm.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\refthe.exe
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1\sikyrirs.exe
Supprimé! - C:\WINDOWS\Tasks\AF749CA7918F0E63.job
Supprimé! - C:\DOCUME~1\Yass\LOCALS~1\Temp\bis40.exe
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
Supprimé! - C:\DOCUME~1\NETWOR~1\APPLIC~1\boretr~1
Supprimé! - C:\DOCUME~1\Yass\APPLIC~1\boretr~1
Supprimé! - C:\Program Files\boretr~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\IDOL DRIVE.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[2008-05-11|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-01-28|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-02-13|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-05-07|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-01-28|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[2008-02-11|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2008-05-12|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[2008-04-19|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-03-03|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-01-28|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-02-04|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2008-01-28|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[2008-04-19|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-04-12|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2008-01-28|19:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-01-28|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-01-28|19:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-27|08:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[2008-01-28|19:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-03-26|11:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Adobe
[2008-01-28|22:27] C:\DOCUME~1\Yass\APPLIC~1\Ahead
[2008-01-28|19:52] C:\DOCUME~1\Yass\APPLIC~1\desktop.ini
[2008-02-08|11:16] C:\DOCUME~1\Yass\APPLIC~1\GDIPFONTCACHEV1.DAT
[2008-02-24|17:58] C:\DOCUME~1\Yass\APPLIC~1\Google
[2008-01-28|21:45] C:\DOCUME~1\Yass\APPLIC~1\HP
[2008-01-28|19:10] C:\DOCUME~1\Yass\APPLIC~1\Identities
[2008-05-12|20:01] C:\DOCUME~1\Yass\APPLIC~1\LimeWire
[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Macromedia
[2008-04-15|10:58] C:\DOCUME~1\Yass\APPLIC~1\Microsoft
[2008-01-28|19:37] C:\DOCUME~1\Yass\APPLIC~1\Mozilla
[2008-02-16|14:34] C:\DOCUME~1\Yass\APPLIC~1\Samsung
[2008-05-11|18:09] C:\DOCUME~1\Yass\APPLIC~1\teamspeak2
[2008-01-28|19:46] C:\DOCUME~1\Yass\APPLIC~1\WinRAR

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-05-13 20:05][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[2001-08-24 18:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-02-14|21:43] C:\Program Files\Alcohol Soft
[2008-04-19|13:05] C:\Program Files\Alwil Software
[2008-05-11|23:08] C:\Program Files\Avira
[2008-05-12|19:23] C:\Program Files\BrowsingTool
[2008-01-28|19:24] C:\Program Files\C-Media
[2008-01-28|18:59] C:\Program Files\ComPlus Applications
[2008-05-01|01:06] C:\Program Files\DivX
[2008-05-07|22:16] C:\Program Files\EA GAMES
[2008-03-22|20:59] C:\Program Files\Fichiers communs
[2008-02-14|21:47] C:\Program Files\FileZilla
[2008-02-25|13:57] C:\Program Files\FlashGet
[2008-05-07|22:17] C:\Program Files\Google
[2008-02-11|20:47] C:\Program Files\Hewlett-Packard
[2008-02-11|20:47] C:\Program Files\HP
[2008-03-11|20:25] C:\Program Files\id Software
[2008-05-07|22:19] C:\Program Files\InstallShield Installation Information
[2008-02-05|17:49] C:\Program Files\Internet Explorer
[2008-02-14|20:31] C:\Program Files\Java
[2008-04-19|12:55] C:\Program Files\Lavasoft
[2008-02-14|20:32] C:\Program Files\LimeWire
[2008-02-25|14:16] C:\Program Files\Messenger Plus! Live
[2008-01-29|19:33] C:\Program Files\Microsoft Office
[2008-01-28|19:00] C:\Program Files\Movie Maker
[2008-05-12|22:42] C:\Program Files\Mozilla Firefox
[2008-02-25|14:16] C:\Program Files\MSN Messenger
[2008-01-28|22:25] C:\Program Files\Nero
[2008-01-28|19:01] C:\Program Files\NetMeeting
[2008-01-28|19:00] C:\Program Files\Outlook Express
[2008-03-12|17:22] C:\Program Files\PC Camera
[2008-02-16|14:21] C:\Program Files\Samsung
[2008-01-28|19:01] C:\Program Files\Services en ligne
[2008-04-19|12:57] C:\Program Files\Spybot - Search & Destroy
[2008-05-12|12:18] C:\Program Files\Steam
[2008-02-06|21:56] C:\Program Files\Teamspeak2_RC2
[2008-01-28|19:10] C:\Program Files\Uninstall Information
[2008-03-30|21:18] C:\Program Files\Warcraft III
[2008-02-25|14:16] C:\Program Files\Windows Live
[2008-05-07|22:37] C:\Program Files\Windows Media Connect 2
[2008-05-07|22:37] C:\Program Files\Windows Media Player
[2008-01-28|18:58] C:\Program Files\Windows NT
[2008-01-28|19:46] C:\Program Files\WinRAR
[2008-03-30|21:18] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2008-02-16|14:20] C:\Program Files\Fichiers communs\Adobe
[2008-01-28|22:26] C:\Program Files\Fichiers communs\Ahead
[2008-03-22|20:59] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-01-29|19:33] C:\Program Files\Fichiers communs\Designer
[2008-01-28|19:21] C:\Program Files\Fichiers communs\HP
[2008-05-07|22:25] C:\Program Files\Fichiers communs\InstallShield
[2008-02-14|20:29] C:\Program Files\Fichiers communs\Java
[2008-01-29|19:34] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-01-28|19:00] C:\Program Files\Fichiers communs\MSSoap
[2008-01-28|19:53] C:\Program Files\Fichiers communs\ODBC
[2008-03-12|17:22] C:\Program Files\Fichiers communs\PCCamera
[2008-01-28|19:00] C:\Program Files\Fichiers communs\Services
[2008-01-28|19:53] C:\Program Files\Fichiers communs\SpeechEngines
[2008-01-29|19:32] C:\Program Files\Fichiers communs\System
[2008-04-19|12:54] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 34

IEXPLORE.EXE ~ [2552]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 20:14:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoDVD.crackShadowCast[www.donkey-games.com].rar
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast\Battlefield.2-RELOADED.ShadowCast.OSiOLEK.nfo
=> C:\Documents and Settings\Yass\Bureau\battle field 2\Battlefield.2.NoCD.crack-RELOADED.ShadowCast\CoreDLL.dll


/!\ [Fich:2373][Doss:52] C:\DOCUME~1\Yass\LOCALS~1\Temp
/!\ [Fich:490][Doss:0] C:\DOCUME~1\Yass\Cookies
/!\ [Fich:2154][Doss:4] C:\DOCUME~1\Yass\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:14:45.14 ]----------------------
13 Mai 2008 20:33:02

Le 2eme


-----------------------[ Lop S&D 4.2.0-8 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Yass ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 2008-05-13 | 20:18:33.87 ] [ PC : COMPUTER-1 ]
[ MAJ : 11-05-2008 | 18:25 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\huicfgaw.ini2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\ybeeg.ini2


//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[2008-05-11|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-01-28|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-02-13|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[2008-05-07|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-01-28|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[2008-02-11|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2008-05-12|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[2008-04-19|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2008-03-03|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-01-28|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-02-04|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2008-01-28|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[2008-04-19|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-04-12|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2008-01-28|19:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-01-28|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-01-28|19:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-03-27|08:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[2008-01-28|19:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-03-26|11:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Adobe
[2008-01-28|22:27] C:\DOCUME~1\Yass\APPLIC~1\Ahead
[2008-01-28|19:52] C:\DOCUME~1\Yass\APPLIC~1\desktop.ini
[2008-02-08|11:16] C:\DOCUME~1\Yass\APPLIC~1\GDIPFONTCACHEV1.DAT
[2008-02-24|17:58] C:\DOCUME~1\Yass\APPLIC~1\Google
[2008-01-28|21:45] C:\DOCUME~1\Yass\APPLIC~1\HP
[2008-01-28|19:10] C:\DOCUME~1\Yass\APPLIC~1\Identities
[2008-05-12|20:01] C:\DOCUME~1\Yass\APPLIC~1\LimeWire
[2008-01-28|21:23] C:\DOCUME~1\Yass\APPLIC~1\Macromedia
[2008-04-15|10:58] C:\DOCUME~1\Yass\APPLIC~1\Microsoft
[2008-01-28|19:37] C:\DOCUME~1\Yass\APPLIC~1\Mozilla
[2008-02-16|14:34] C:\DOCUME~1\Yass\APPLIC~1\Samsung
[2008-05-11|18:09] C:\DOCUME~1\Yass\APPLIC~1\teamspeak2
[2008-01-28|19:46] C:\DOCUME~1\Yass\APPLIC~1\WinRAR

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-05-13 20:05][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[2001-08-24 18:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-02-14|21:43] C:\Program Files\Alcohol Soft
[2008-04-19|13:05] C:\Program Files\Alwil Software
[2008-05-11|23:08] C:\Program Files\Avira
[2008-05-12|19:23] C:\Program Files\BrowsingTool
[2008-01-28|19:24] C:\Program Files\C-Media
[2008-01-28|18:59] C:\Program Files\ComPlus Applications
[2008-05-01|01:06] C:\Program Files\DivX
[2008-05-07|22:16] C:\Program Files\EA GAMES
[2008-03-22|20:59] C:\Program Files\Fichiers communs
[2008-02-14|21:47] C:\Program Files\FileZilla
[2008-02-25|13:57] C:\Program Files\FlashGet
[2008-05-07|22:17] C:\Program Files\Google
[2008-02-11|20:47] C:\Program Files\Hewlett-Packard
[2008-02-11|20:47] C:\Program Files\HP
[2008-03-11|20:25] C:\Program Files\id Software
[2008-05-07|22:19] C:\Program Files\InstallShield Installation Information
[2008-02-05|17:49] C:\Program Files\Internet Explorer
[2008-02-14|20:31] C:\Program Files\Java
[2008-04-19|12:55] C:\Program Files\Lavasoft
[2008-02-14|20:32] C:\Program Files\LimeWire
[2008-02-25|14:16] C:\Program Files\Messenger Plus! Live
[2008-01-29|19:33] C:\Program Files\Microsoft Office
[2008-01-28|19:00] C:\Program Files\Movie Maker
[2008-05-12|22:42] C:\Program Files\Mozilla Firefox
[2008-02-25|14:16] C:\Program Files\MSN Messenger
[2008-01-28|22:25] C:\Program Files\Nero
[2008-01-28|19:01] C:\Program Files\NetMeeting
[2008-01-28|19:00] C:\Program Files\Outlook Express
[2008-03-12|17:22] C:\Program Files\PC Camera
[2008-02-16|14:21] C:\Program Files\Samsung
[2008-01-28|19:01] C:\Program Files\Services en ligne
[2008-04-19|12:57] C:\Program Files\Spybot - Search & Destroy
[2008-05-12|12:18] C:\Program Files\Steam
[2008-02-06|21:56] C:\Program Files\Teamspeak2_RC2
[2008-01-28|19:10] C:\Program Files\Uninstall Information
[2008-03-30|21:18] C:\Program Files\Warcraft III
[2008-02-25|14:16] C:\Program Files\Windows Live
[2008-05-07|22:37] C:\Program Files\Windows Media Connect 2
[2008-05-07|22:37] C:\Program Files\Windows Media Player
[2008-01-28|18:58] C:\Program Files\Windows NT
[2008-01-28|19:46] C:\Program Files\WinRAR
[2008-03-30|21:18] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2008-02-16|14:20] C:\Program Files\Fichiers communs\Adobe
[2008-01-28|22:26] C:\Program Files\Fichiers communs\Ahead
[2008-03-22|20:59] C:\Program Files\Fichiers communs\Blizzard Entertainment
[2008-01-29|19:33] C:\Program Files\Fichiers communs\Designer
[2008-01-28|19:21] C:\Program Files\Fichiers communs\HP
[2008-05-07|22:25] C:\Program Files\Fichiers communs\InstallShield
[2008-02-14|20:29] C:\Program Files\Fichiers communs\Java
[2008-01-29|19:34] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-01-28|19:00] C:\Program Files\Fichiers communs\MSSoap
[2008-01-28|19:53] C:\Program Files\Fichiers communs\ODBC
[2008-03-12|17:22] C:\Program Files\Fichiers communs\PCCamera
[2008-01-28|19:00] C:\Program Files\Fichiers communs\Services
[2008-01-28|19:53] C:\Program Files\Fichiers communs\SpeechEngines
[2008-01-29|19:32] C:\Program Files\Fichiers communs\System
[2008-04-19|12:54] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 33

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 20:20:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

/!\ [Fich:2373][Doss:52] C:\DOCUME~1\Yass\LOCALS~1\Temp
/!\ [Fich:490][Doss:0] C:\DOCUME~1\Yass\Cookies
/!\ [Fich:2154][Doss:4] C:\DOCUME~1\Yass\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:20:56.54 ]----------------------
13 Mai 2008 20:47:54

Oki ,

Il reste sûrement du Vundo ,

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

14 Mai 2008 18:40:29

ComboFix 08-05-12.1 - Yass 2008-05-14 18:28:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1213 [GMT 2:00]
Endroit: C:\Documents and Settings\Yass\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ablgtlve.dll
C:\WINDOWS\system32\aemxracc.ini
C:\WINDOWS\system32\ahjlldrs.ini
C:\WINDOWS\system32\alrpfdld.ini
C:\WINDOWS\system32\anqxntpf.ini
C:\WINDOWS\system32\aotfkovx.ini
C:\WINDOWS\system32\aoutpixp.ini
C:\WINDOWS\system32\aoxnbhub.ini
C:\WINDOWS\system32\asafgmaa.ini
C:\WINDOWS\system32\awuqfqaq.ini
C:\WINDOWS\system32\axueccfc.ini
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\bgubomvw.dll
C:\WINDOWS\system32\cjqtjcln.ini
C:\WINDOWS\system32\clghfkpa.ini
C:\WINDOWS\system32\cqwaacil.ini
C:\WINDOWS\system32\cvcjbhmr.ini
C:\WINDOWS\system32\cwngxvex.ini
C:\WINDOWS\system32\dbcqmuhm.ini
C:\WINDOWS\system32\disffatv.ini
C:\WINDOWS\system32\dsiroajm.ini
C:\WINDOWS\system32\dysmfkym.ini
C:\WINDOWS\system32\edjaiieu.dll
C:\WINDOWS\system32\eelisgun.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\eglioryp.dll
C:\WINDOWS\system32\envysyqu.ini
C:\WINDOWS\system32\fgwgagsi.dll
C:\WINDOWS\system32\fkdcxctk.ini
C:\WINDOWS\system32\fsexflqq.ini
C:\WINDOWS\system32\gecyrowx.ini
C:\WINDOWS\system32\giutlskb.ini
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gounadhc.dll
C:\WINDOWS\system32\gpnygfbm.dll
C:\WINDOWS\system32\gtbiswgc.ini
C:\WINDOWS\system32\gwdybqyt.ini
C:\WINDOWS\system32\hgmqeers.ini
C:\WINDOWS\system32\hidnhsoq.ini
C:\WINDOWS\system32\hljeucxq.ini
C:\WINDOWS\system32\htmcnmec.dll
C:\WINDOWS\system32\huicfgaw.ini
C:\WINDOWS\system32\hutikups.ini
C:\WINDOWS\system32\hywuvynm.ini
C:\WINDOWS\system32\hyybllnd.dll
C:\WINDOWS\system32\ibnwwnkm.ini
C:\WINDOWS\system32\ioptwlok.ini
C:\WINDOWS\system32\iqfiqsyu.ini
C:\WINDOWS\system32\irrfpkqn.ini
C:\WINDOWS\system32\iypyravw.ini
C:\WINDOWS\system32\jemdijmw.ini
C:\WINDOWS\system32\jqxvbqkw.ini
C:\WINDOWS\system32\jshkvimg.dll
C:\WINDOWS\system32\jshtplfy.ini
C:\WINDOWS\system32\kepgpdwa.dll
C:\WINDOWS\system32\kjrukegb.ini
C:\WINDOWS\system32\knnjqabn.dll
C:\WINDOWS\system32\kpgkbgjs.ini
C:\WINDOWS\system32\kuepihkq.ini
C:\WINDOWS\system32\kwamoxvd.ini
C:\WINDOWS\system32\kwxvporh.dll
C:\WINDOWS\system32\kyqmcpno.dll
C:\WINDOWS\system32\lafsdbbm.ini
C:\WINDOWS\system32\liqrsllr.ini
C:\WINDOWS\system32\lrvakudo.ini
C:\WINDOWS\system32\lvdshnpg.ini
C:\WINDOWS\system32\lwxfsgep.ini
C:\WINDOWS\system32\mdyaboph.ini
C:\WINDOWS\system32\meldfung.ini
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mprehwfy.dll
C:\WINDOWS\system32\mqytksdu.dll
C:\WINDOWS\system32\nbdlwphw.dll
C:\WINDOWS\system32\nlhdwdym.ini
C:\WINDOWS\system32\nxpxcnag.ini
C:\WINDOWS\system32\oijuyona.ini
C:\WINDOWS\system32\oktvarwv.ini
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\owhbebgx.ini
C:\WINDOWS\system32\pdoonuul.ini
C:\WINDOWS\system32\pdyafdqi.ini
C:\WINDOWS\system32\phkcrebo.dll
C:\WINDOWS\system32\pornnkyq.ini
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pusjrtxb.ini
C:\WINDOWS\system32\qbiwvsdo.ini
C:\WINDOWS\system32\qidxedjf.dll
C:\WINDOWS\system32\qkywloix.ini
C:\WINDOWS\system32\qsdvuisk.ini
C:\WINDOWS\system32\qtkqdqwe.ini
C:\WINDOWS\system32\quywycqk.dll
C:\WINDOWS\system32\ruofrnos.ini
C:\WINDOWS\system32\ryemhtnb.dll
C:\WINDOWS\system32\seyhggod.ini
C:\WINDOWS\system32\sfnbsndp.ini
C:\WINDOWS\system32\sfsudcnf.ini
C:\WINDOWS\system32\shwxlsot.ini
C:\WINDOWS\system32\sjwjxxxp.ini
C:\WINDOWS\system32\sotruoym.ini
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\ssxdffxn.dll
C:\WINDOWS\system32\tcebeyho.ini
C:\WINDOWS\system32\tdfwqwbw.ini
C:\WINDOWS\system32\tinamwrv.ini
C:\WINDOWS\system32\tkytjohx.dll
C:\WINDOWS\system32\toaosuin.ini
C:\WINDOWS\system32\tribvemm.ini
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\uagyghks.ini
C:\WINDOWS\system32\uajnsvkd.dll
C:\WINDOWS\system32\ujrcrobr.dll
C:\WINDOWS\system32\ujyqahwt.ini
C:\WINDOWS\system32\unrthnbh.ini
C:\WINDOWS\system32\uovwetkv.ini
C:\WINDOWS\system32\uqslhsxf.dll
C:\WINDOWS\system32\uqslikqr.ini
C:\WINDOWS\system32\usbenduw.ini
C:\WINDOWS\system32\vdfrakxa.ini
C:\WINDOWS\system32\vfpeajuu.dll
C:\WINDOWS\system32\vhbwivty.ini
C:\WINDOWS\system32\vhpkkwod.ini
C:\WINDOWS\system32\vkjwqpmb.dll
C:\WINDOWS\system32\wcgxuycg.ini
C:\WINDOWS\system32\widiesxd.ini
C:\WINDOWS\system32\wkmjfprx.ini
C:\WINDOWS\system32\wrrwepfu.ini
C:\WINDOWS\system32\wwfivyba.ini
C:\WINDOWS\system32\xeqyklkw.dll
C:\WINDOWS\system32\xhkonpls.ini
C:\WINDOWS\system32\xjxqpoxs.ini
C:\WINDOWS\system32\xtwffglk.ini
C:\WINDOWS\system32\xxpsgpfp.ini
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ydlpyltb.ini
.
---- Previous Run -------
.
C:\install\install.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.

2008-05-14 18:32 . 2008-05-14 18:32 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-14 18:32 . 2008-05-14 18:32 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-12 22:19 . 2008-05-13 20:20 <REP> d-------- C:\Lop SD
2008-05-11 23:08 . 2008-05-11 23:08 <REP> d-------- C:\Program Files\Avira
2008-05-11 23:08 . 2008-05-11 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-11 22:57 . 2008-05-14 18:28 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-10 19:17 . 2008-05-10 19:17 672,455 --a------ C:\upload_moi_COMPUTER-1.tar.gz
2008-05-10 00:25 . 2008-05-14 16:18 <REP> d-------- C:\Program Files\Steam
2008-05-07 22:37 . 2008-05-07 22:37 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-07 22:37 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\DllCache\sysmain.sdb
2008-05-07 22:37 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\DllCache\apph_sp.sdb
2008-05-07 22:37 . 2004-08-04 04:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-07 22:37 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\DllCache\apphelp.sdb
2008-05-07 22:35 . 2008-05-07 22:35 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-07 22:35 . 2008-05-07 22:36 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-07 22:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-01 01:06 . 2008-05-01 01:06 <REP> d-------- C:\Program Files\DivX
2008-05-01 01:06 . 2008-05-01 01:06 684 --a------ C:\WINDOWS\mozver.dat
2008-04-29 20:54 . 2008-04-29 20:54 1,484,782 ---hs---- C:\WINDOWS\system32\lrvakudo.tmp
2008-04-29 20:31 . 2008-04-29 20:31 67 --a------ C:\WINDOWS\system32\ywkptdwf.dll
2008-04-27 20:06 . 2008-04-27 20:06 244 --ah----- C:\sqmnoopt09.sqm
2008-04-27 20:06 . 2008-04-27 20:06 232 --ah----- C:\sqmdata10.sqm
2008-04-26 09:53 . 2008-04-26 09:53 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-04-26 09:49 . 2008-04-26 10:10 414 ---hs---- C:\WINDOWS\system32\yqwtjuni.ini
2008-04-26 09:47 . 2008-04-26 09:47 294 ---hs---- C:\WINDOWS\system32\iyimuitu.ini
2008-04-25 08:48 . 2008-04-25 16:01 354 ---hs---- C:\WINDOWS\system32\esirlpbd.ini
2008-04-23 19:33 . 2008-04-23 19:33 294 ---hs---- C:\WINDOWS\system32\rqlcirow.ini
2008-04-19 13:05 . 2008-04-19 13:05 <REP> d-------- C:\Program Files\Alwil Software
2008-04-19 12:57 . 2008-04-19 12:57 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-19 12:57 . 2008-04-19 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Program Files\Lavasoft
2008-04-19 12:55 . 2008-04-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-19 12:54 . 2008-04-19 12:54 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 16:31 . 2008-04-18 17:43 354 ---hs---- C:\WINDOWS\system32\ibcidner.ini
2008-04-18 15:28 . 2008-04-18 15:29 594 ---hs---- C:\WINDOWS\system32\qemuyufo.ini
2008-04-15 10:26 . 2008-04-18 15:20 474 ---hs---- C:\WINDOWS\system32\oqaysihg.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 18:33 --------- d-----w C:\Program Files\BrowsingTool
2008-05-12 18:01 --------- d-----w C:\Documents and Settings\Yass\Application Data\LimeWire
2008-05-11 16:09 --------- d-----w C:\Documents and Settings\Yass\Application Data\teamspeak2
2008-05-07 20:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-07 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 20:17 --------- d-----w C:\Program Files\Google
2008-05-07 20:16 --------- d-----w C:\Program Files\EA GAMES
2008-04-03 10:01 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Xfire
2008-04-01 06:08 26,800 ----a-w C:\WINDOWS\system32\efcYQGVm.dll
2008-03-30 19:18 --------- d-----w C:\Program Files\Yahoo!
2008-03-30 19:18 --------- d-----w C:\Program Files\Warcraft III
2008-03-27 06:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-26 09:47 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-22 18:59 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-15 15:55 1,241,180 -csh--w C:\WINDOWS\system32\axueccfc.tmp
2008-02-08 09:16 17,144 ----a-w C:\Documents and Settings\Yass\Application Data\GDIPFONTCACHEV1.DAT
2006-06-29 14:45 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2005-04-15 22:44 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll

2005-03-10 13:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\system32\wininet.dll

2004-08-18 08:08 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys

2005-04-15 22:45 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\system32\ntkrnlpa.exe

2005-04-15 22:40 2321408 209f3a54eedb976282da5e183c17388d C:\WINDOWS\system32\ntoskrnl.exe

2004-10-14 01:38 1036288 f14e8c29a1045d115e308d30e825a1eb C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FB76FC6-5B14-4607-9DD8-7131DE8C4B0B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{312C06F2-6EEB-4F53-915E-E8D86164BC79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E9E59F0-0F4E-4EA2-ABBC-88576FC18A5E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A99C7644-96BB-48E4-BA4E-6852B8CED039}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]
2007-12-30 22:48 1019904 --a--c--- C:\Program Files\BrowsingTool\BrowsingTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5B0F611-08F6-4DD9-B0C6-F88C31F255DD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:54 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57 94208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 11:47 7561216]
"nwiz"="nwiz.exe" [2006-04-28 11:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 11:47 86016]
"C-Media Mixer"="Mixer.exe" [2006-06-29 16:45 1581056 C:\WINDOWS\mixer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"4891d0d5"="C:\WINDOWS\system32\qqlfxesf.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 04:54 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:37 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkhi]
jkklkhi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Yass^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\Yass\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-10 00:25 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Steam\\steamapps\\ya2s58\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ya2s58\\counter-strike\\hl.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 18:33:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\DOCUME~1\Yass\LOCALS~1\Temp\~DF443B.tmp

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 18:36:38 - machine was rebooted [Yass]
ComboFix-quarantined-files.txt 2008-05-14 16:36:32

Pre-Run: 86,818,684,928 octets libres
Post-Run: 87,362,203,648 octets libres

331
14 Mai 2008 18:40:50

Sa va mieu =)
14 Mai 2008 21:36:05

Re ,

Encore du Vundo ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
KillAll::

File::
C:\WINDOWS\system32\lrvakudo.tmp
C:\WINDOWS\system32\ywkptdwf.dll
C:\WINDOWS\system32\yqwtjuni.ini
C:\WINDOWS\system32\iyimuitu.ini
C:\WINDOWS\system32\esirlpbd.ini
C:\WINDOWS\system32\rqlcirow.ini
C:\WINDOWS\system32\ibcidner.ini
C:\WINDOWS\system32\qemuyufo.ini
C:\WINDOWS\system32\oqaysihg.ini
C:\WINDOWS\system32\efcYQGVm.dll
C:\WINDOWS\system32\axueccfc.tmp
C:\WINDOWS\system32\qqlfxesf.dll
C:\Program Files\BrowsingTool\BrowsingTool-2.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FB76FC6-5B14-4607-9DD8-7131DE8C4B0B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{312C06F2-6EEB-4F53-915E-E8D86164BC79}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E9E59F0-0F4E-4EA2-ABBC-88576FC18A5E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A99C7644-96BB-48E4-BA4E-6852B8CED039}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5B0F611-08F6-4DD9-B0C6-F88C31F255DD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkhi]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4891d0d5"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS