Spy & adware, google bloquéRésolu/Fermé

Question

Bonjour,

J'ai de gros problèmes niveau spy & adware. J'ai déjà réinstaller deux fois mon OS mais ils reviennent toujours. Mon surf sur le net et tout ce qu'il y'a de plus normal, jeux par navigateur, certains sites que je ne citerais pas :P.

Mon problème principal avec ces spy & adware :

Je peux plus faire de recherche google sur le net, sur IE, ça bloque complet et je peux pas fermer la fenêtre, sur mozilla, je peux pas faire de recherche, ça bloque mais je peux toujours fermé la fenêtre ;)

J'ai :

Vista 32 bit
Nod 32 en anti virus

J'ai déjà essayer :

Reboot de l'os x2
Spybot S&D
AVG anti-spyware
glary utilities


J'ai aussi fait un rapport HiJackThis en cherchant conseil sur ce forum que voici :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:03, on 23/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ESET
od32kui.exe
C:\Windows\System32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Windows\system32undll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eset
od32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: {0aa1c570-0df0-6b0b-81f4-a447c0c42c52} - {25c24c0c-744a-4f18-b0b6-0fd0075c1aa0} - C:\Windows\system32\ufvrmc.dll
O2 - BHO: (no name) - {491E2E99-5C2C-4098-A80C-C2AC30BFDE09} - C:\Windows\system32\kgbtgxrw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} - C:\Windows\system32\byXRjjKB.dll
O2 - BHO: (no name) - {DB3F79E7-CA6B-449D-AB59-FC2561B25C49} - C:\Windows\system32\ddcdebBu.dll
O2 - BHO: (no name) - {F16EEED2-12D2-4449-8F2B-6A6458FBA39D} - C:\Windows\system32\iifgebxw.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXRjjKB.dll,#1
O4 - HKLM\..\Run: [BM2f4b4a4a] Rundll32.exe "C:\Windows\system32\jmidvlsp.dll",s
O4 - HKLM\..\Run: [2c7879d6] rundll32.exe "C:\Windows\system32	nphylqb.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Utilisateur anonyme · Answer

bonjour

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse complète" n'est pas coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

sKe69 · Answer

Salut,

infection Vundo ...

A ) Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
 
Aller dans démarrer puis panneau de configuration 
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs" 
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ... 


B )Télécharges MalwareByte's : 
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
 
Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour . 

(NB : S'il te manque "COMCTL32.OCX" alors télécharges le ici: https://www.malekal.com/tutorial-aboutbuster/ )

Potasses le tuto pour te familiariser avec le prg : https://forum.pcastuces.com/sujet.asp?f=31&s=3 
( cela dis, il est très simple d'utilisation ).

Impératif : redémarres en mode sans échec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
 
Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan )  et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les objets infectés soient validés, puis click sur " suppression " .

Redémarres ton PC ( mode normal ). 

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

Draxealen · Answer

Merci pour les réponses, j'essaye tout ça une fois revenu de boulot ;)


A cet après midi pour les nouvelles alors ;)


Drax.
Alex.

Draxealen · Answer

Merci beaucoup messieurs, on dirait bien que ça a marché, et si ça revient, je sais désormais quoi faire ;)

Continuez à aider les gens comme ça :D


Encore merci (je vais mettre au courant mon ami informaticien de ce programme, il pourrait en avoir l'utilité ;) )


Drax
Alex

Utilisateur anonyme · Answer

pourrais tu poster le rapport de MBAM et un nouveaux log hijackthis stp

Draxealen · Answer

Si ça peut faire plaisir ;)


J'en ai fait deux ;) : Un normal et un approfondi


Malwarebytes' Anti-Malware 1.23
Version de la base de données: 990
Windows 6.0.6001 Service Pack 1

13:47:30 25/07/2008
mbam-log-7-25-2008 (13-47-30).txt

Type de recherche: Examen rapide
Eléments examinés: 36246
Temps écoulé: 1 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 104

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\ddcdebBu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\jonhnjdc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\pinouuld.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\uvkcrjvt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\llesytxt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32
nnomjih.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32eisej.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dywvuuhn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32
ejswiuj.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d30568f-2c66-4885-b602-bfc3991f0974} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1d30568f-2c66-4885-b602-bfc3991f0974} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54d2b4d2-bec5-410f-82fa-eed5aaf0880c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54d2b4d2-bec5-410f-82fa-eed5aaf0880c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6ea321d-ee5f-4ed5-b1ff-3a87f9d81abf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6ea321d-ee5f-4ed5-b1ff-3a87f9d81abf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c7879d6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2f4b4a4a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c6ea321d-ee5f-4ed5-b1ff-3a87f9d81abf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdebbu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdebbu  -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\ddcdebBu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\uBbedcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uBbedcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32eisej.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\awttuTkH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\HkTuttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\HkTuttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXOhgHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\WHghOXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\WHghOXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcCVPji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ijPVCcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ijPVCcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcYPfDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wDfPYcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wDfPYcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iqorycdi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\idcyroqi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkHWOhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ehOWHkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ehOWHkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jonhnjdc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\cdjnhnoj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kHaAqrpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qprqAaHk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qprqAaHk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfGxUOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fOUxGfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fOUxGfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khFxvvTL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\LTvvxFhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\LTvvxFhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJYRJdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\bdJRYJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\bdJRYJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32
nnLdEUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oUEdLnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oUEdLnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oonpeaoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hoaepnoo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pinouuld.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dluuonip.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMcyATM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\MTAycMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\MTAycMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqoMeFW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\WFeMoqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\WFeMoqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	uvWpQgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ggQpWvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ggQpWvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uvkcrjvt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32	vjrckvu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUlMfDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	DfMlUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	DfMlUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxYRKAQI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\IQAKRYxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\IQAKRYxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxywtsss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssstwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssstwyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yayWqoOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fOoqWyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fOoqWyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\llesytxt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32
nnomjih.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dywvuuhn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32
ejswiuj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\avmhsjpf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\blsuugwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXOhHAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hkbeunhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iddqhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\isvjtlfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jmidvlsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jndadofj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jxdprerv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\puvcjmwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qtgneqml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32gyxsryk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32ycbdsjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\sjfqyysk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uxprbvij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gEWNdbCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32
xcpdjtx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xylyftjn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtULdcdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUlMdcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\maleuxur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp00007aba (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp00007f9a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp0000815f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp00008bca (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp0000e06f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Temp	mp0000fe3b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcARhIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXNeCVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtQkLEu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifefgGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJAqpml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJDurPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJDwxyY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJBTkHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.23
Version de la base de données: 990
Windows 6.0.6001 Service Pack 1

14:15:03 25/07/2008
mbam-log-7-25-2008 (14-15-03).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 129019
Temps écoulé: 18 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKYTCCO\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UKYTCCO\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G83W1B6\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLUSXNY1\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FS9DTMTE\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FS9DTMTE\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTWX6MZZ\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLU6PE3P\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO2D3P5R\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO2D3P5R\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO2D3P5R\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBLQFNLC\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:18, on 25/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\ESET
od32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {491E2E99-5C2C-4098-A80C-C2AC30BFDE09} - C:\Windows\system32\kgbtgxrw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F16EEED2-12D2-4449-8F2B-6A6458FBA39D} - C:\Windows\system32\iifgebxw.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

sKe69 · Answer

bien ... Malwarebytes à bien bosser, mais ce n'est pas finis ^^

pour faire avancer :

fais exactement ce qui suit : 

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . 

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment  : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

Draxealen · Answer

ComboFix 08-07-24.3 - Alexandre 2008-08-17 8:19:39.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2758 [GMT 2:00] Endroit: C:\Users\Alexandre\Desktop\ComboFix.exe * Resident AV is active . - FONCTIONNALITES REDUITES - . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))))))) . 2008-08-11 12:48 . 2008-08-17 05:31 240,569,518 --a------ C:\Windows\MEMORY.DMP 2008-08-08 15:57 . 2008-08-08 15:57 d-------- C:\Users\Alexandre\AppData\Roaming\Turbine 2008-08-08 15:55 . 2008-08-08 15:55 d-------- C:\Windows\System32\URTTEMP 2008-08-08 15:41 . 2008-08-08 15:41 d-------- C:\Program Files\Codemasters 2008-08-08 13:35 . 2008-08-08 13:35 d-------- C:\Program Files\KONAMI 2008-08-06 22:52 . 2008-08-06 22:52 d-------- C:\Users\Alexandre\AppData\Roaming\Sierra Entertainment 2008-08-06 22:52 . 2008-08-06 22:52 dr-h----- C:\Users\Alexandre\AppData\Roaming\SecuROM 2008-08-06 21:57 . 2008-08-06 21:57 d-------- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP 2008-08-04 10:11 . 2008-08-04 10:11 0 --ah----- C:\Users\Default.LOG2 2008-08-04 10:11 . 2008-08-04 10:11 0 --ah----- C:\Users\Default.LOG1 2008-08-04 10:11 . 2008-08-04 10:11 0 --ah----- C:\ProgramData.LOG2 2008-08-04 10:11 . 2008-08-04 10:11 0 --ah----- C:\ProgramData.LOG1 2008-08-03 23:32 . 2008-08-03 23:32 268 --ah----- C:\sqmdata01.sqm 2008-08-03 23:32 . 2008-08-03 23:32 244 --ah----- C:\sqmnoopt01.sqm 2008-08-02 19:30 . 2008-08-02 19:31 d-------- C:\Program Files\iTunes 2008-08-02 19:30 . 2008-08-02 19:30 d-------- C:\Program Files\iPod 2008-07-27 14:09 . 2008-07-27 14:09 d-------- C:\Windows\System32\Adobe 2008-07-27 14:09 . 2008-06-17 15:14 499,712 --a------ C:\Windows\System32\msvcp71.dll 2008-07-27 14:09 . 2008-06-17 15:17 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-07-27 14:08 . 2008-07-27 14:09 4,535,224 --a------ C:\Users\Alexandre\Shockwave_Installer_Slim.exe 2008-07-25 21:06 . 2008-07-25 21:06 19,521,928 --a------ C:\Users\Alexandre\SafariSetup.exe 2008-07-25 13:40 . 2008-07-25 13:40 d-------- C:\Users\All Users\Malwarebytes 2008-07-25 13:40 . 2008-07-25 13:40 d-------- C:\Users\Alexandre\AppData\Roaming\Malwarebytes 2008-07-25 13:40 . 2008-07-25 13:40 d-------- C:\ProgramData\Malwarebytes 2008-07-25 13:40 . 2008-07-25 13:40 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-25 13:40 . 2008-07-23 20:09 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-07-25 13:40 . 2008-07-23 20:09 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-25 13:35 . 2008-07-25 13:35 1,845,456 --a------ C:\Users\Alexandre\mbam-setup.exe 2008-07-24 19:56 . 2008-07-24 21:37 710,269 ---hs---- C:\Windows\System32\myvchwkm.ini 2008-07-24 18:59 . 2008-07-24 19:52 709,969 ---hs---- C:\Windows\System32\cwchtxhv.ini 2008-07-24 16:47 . 2008-07-24 18:48 709,900 ---hs---- C:\Windows\System32\iinvmugk.ini 2008-07-24 15:07 . 2008-07-24 16:41 709,789 ---hs---- C:\Windows\System32\knboiymc.ini 2008-07-24 00:27 . 2008-07-24 00:27 d-------- C:\Users\All Users\CheckPoint 2008-07-24 00:27 . 2008-07-24 00:27 d-------- C:\ProgramData\CheckPoint 2008-07-24 00:27 . 2008-07-24 00:27 d-------- C:\Program Files\Zone Labs 2008-07-24 00:26 . 2008-08-17 08:16 d-------- C:\Windows\Internet Logs 2008-07-23 19:03 . 2008-07-24 13:56 709,729 ---hs---- C:\Windows\System32\knpijyyp.ini 2008-07-23 17:10 . 2008-07-25 15:03 d-------- C:\HiJackThis 2008-07-23 15:06 . 2008-07-23 18:52 709,453 ---hs---- C:\Windows\System32\bqlyhpnt.ini 2008-07-23 14:36 . 2006-11-02 12:23 dr------- C:\Users\LogMeInRemoteUser\Videos 2008-07-23 14:36 . 2006-11-02 12:23 dr------- C:\Users\LogMeInRemoteUser\Pictures 2008-07-23 14:36 . 2006-11-02 12:23 dr------- C:\Users\LogMeInRemoteUser\Music 2008-07-23 14:36 . 2006-11-02 12:23 dr------- C:\Users\LogMeInRemoteUser\Links 2008-07-23 14:36 . 2006-11-02 12:23 dr------- C:\Users\LogMeInRemoteUser\Downloads 2008-07-23 14:36 . 2008-07-23 14:36 dr------- C:\Users\LogMeInRemoteUser\Documents 2008-07-23 14:36 . 2006-11-02 13:18 d--h----- C:\Users\LogMeInRemoteUser\AppData 2008-07-23 14:36 . 2008-08-17 08:09 d-------- C:\Users\LogMeInRemoteUser 2008-07-23 09:30 . 2008-07-23 09:36 426,272 --ahs---- C:\Windows\System32\MoUEOUtv.ini 2008-07-23 09:30 . 2008-07-23 09:33 426,045 --ahs---- C:\Windows\System32\MoUEOUtv.ini2 2008-07-22 18:04 . 2008-07-22 18:11 426,272 --ahs---- C:\Windows\System32\WxyacMoq.ini 2008-07-22 18:04 . 2008-07-22 18:07 426,045 --ahs---- C:\Windows\System32\WxyacMoq.ini2 2008-07-22 18:00 . 2008-07-22 18:00 44,121 ---hs---- C:\Windows\System32\hoaepnoo.tmp 2008-07-22 11:06 . 2008-07-22 11:50 44,001 ---hs---- C:\Windows\System32\ducunpph.ini 2008-07-21 21:23 . 2008-07-22 10:55 43,821 ---hs---- C:\Windows\System32 qpcurdf.ini 2008-07-20 09:45 . 2008-07-20 09:42 294 --ahs---- C:\Windows\System32\yqljbdyq.ini 2008-07-20 05:06 . 2008-07-20 05:07 425,982 --ahs---- C:\Windows\System32\KkmmTvut.ini 2008-07-20 05:06 . 2008-07-20 05:06 345 --ahs---- C:\Windows\System32\KkmmTvut.ini2 2008-07-20 05:01 . 2008-07-20 05:01 877,547 ---hs---- C:\Windows\System32\yqljbdyq.tmp 2008-07-19 11:29 . 2008-07-19 11:35 426,277 --ahs---- C:\Windows\System32\vxbedfii.ini 2008-07-19 11:29 . 2008-07-19 11:32 426,045 --ahs---- C:\Windows\System32\vxbedfii.ini2 2008-07-19 08:28 . 2008-07-19 08:00 877,136 --ahs---- C:\Windows\System32\gwolwrrx.ini 2008-07-19 08:00 . 2008-07-19 08:00 877,076 ---hs---- C:\Windows\System32\gwolwrrx.tmp 2008-07-18 10:48 . 2008-07-18 16:30 843,107 ---hs---- C:\Windows\System32 whqohwc.ini 2008-07-17 11:29 . 2008-07-18 10:37 831,692 ---hs---- C:\Windows\System32\pejectao.ini 2008-07-17 01:08 . 2008-07-17 01:14 426,272 --ahs---- C:\Windows\System32\sCLRYJjl.ini 2008-07-17 01:08 . 2008-07-17 01:11 426,045 --ahs---- C:\Windows\System32\sCLRYJjl.ini2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 06:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-17 06:08 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-17 06:08 --------- d-----w C:\Program Files\QuickTime 2008-08-17 06:08 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-17 06:08 --------- d-----w C:\Program Files\eMule 2008-08-17 05:41 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-08-17 03:19 --------- d-----w C:\Program Files\LogMeIn 2008-08-15 05:48 --------- d-----w C:\Users\Alexandre\AppData\Roaming\uTorrent 2008-08-14 14:37 1,420,288 ----a-w C:\Windows\Internet Logs\xDB65B4.tmp 2008-08-12 18:45 1,412,608 ----a-w C:\Windows\Internet Logs\xDB63B1.tmp 2008-08-12 12:02 55,808 ----a-w C:\Windows\Internet Logs\xDB6325.tmp 2008-08-12 12:02 1,411,584 ----a-w C:\Windows\Internet Logs\xDB6383.tmp 2008-08-11 15:57 149,504 ----a-w C:\Windows\Internet Logs\xDB640F.tmp 2008-08-09 22:49 2,112,512 ----a-w C:\Windows\Internet Logs\xDB5EC2.tmp 2008-08-08 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-08 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-08 11:16 --------- d-----w C:\Program Files\Electronic Arts 2008-08-06 19:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-06 19:56 --------- d-----w C:\Program Files\Sierra Entertainment 2008-08-06 18:58 --------- d-----w C:\ProgramData\TrackMania 2008-08-02 06:56 --------- d-----w C:\Program Files\Glary Utilities 2008-08-01 11:31 98,237 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_08_01_08_17_32_small.dmp.zip 2008-08-01 11:26 415,698 ----a-w C:\Windows\Internet Logs vDebug.zip 2008-07-30 18:58 102,491 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_07_30_20_51_31_small.dmp.zip 2008-07-25 19:07 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Apple Computer 2008-07-24 12:48 --------- d-----w C:\ProgramData\Ubisoft 2008-07-23 12:47 --------- d-----w C:\Users\Alexandre\AppData\Roaming\GlarySoft 2008-07-21 19:25 426,986 --sha-w C:\Windows\System32\wxbegfii.ini2 2008-07-17 08:53 --------- d-----w C:\ProgramData\Messenger Plus! 2008-07-16 12:11 429,731 --sha-w C:\Windows\System32\IOVDKnnn.ini2 2008-07-16 06:40 429,731 --sha-w C:\Windows\System32\FPAddcdd.ini2 2008-07-15 14:49 423,928 --sha-w C:\Windows\System32\XadgPqru.ini2 2008-07-15 14:39 164 ----a-w C:\install.dat 2008-07-15 14:39 --------- d-----w C:\Users\Alexandre\AppData\Roaming\GetRightToGo 2008-07-12 17:15 --------- d-----w C:\ProgramData\Apple Computer 2008-07-12 10:56 --------- d-----w C:\Program Files\Apple Software Update 2008-07-11 06:06 --------- d-----w C:\ProgramData\Grisoft 2008-07-10 19:00 422,428 --sha-w C:\Windows\System32\MpXayyxx.ini2 2008-07-08 12:24 691,545 ----a-w C:\Windows\unins000.exe 2008-07-08 12:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-08 12:07 --------- d-----w C:\Program Files\ESET 2008-07-05 21:02 --------- d-----w C:\Users\Alexandre\AppData\Roaming\vlc 2008-07-05 21:02 --------- d-----w C:\Program Files\VideoLAN 2008-07-05 18:49 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-07-05 16:44 --------- d-----w C:\Program Files\TmNationsForever 2008-07-05 16:33 --------- d-----w C:\Program Files\Windows Live 2008-07-05 16:32 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-07-05 16:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-05 16:31 --------- d-----w C:\Program Files\AGEIA Technologies 2008-07-05 16:25 --------- d-----w C:\ProgramData\WLInstaller 2008-07-05 16:08 --------- d-----w C:\Program Files\Bonjour 2008-07-05 16:07 --------- d-----w C:\ProgramData\Apple 2008-07-05 16:07 --------- d-----w C:\Program Files\Common Files\Apple 2008-07-05 16:06 --------- d-----w C:\Program Files\Video mp3 Extractor 2008-07-05 15:43 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Ahead 2008-07-05 15:43 --------- d-----w C:\ProgramData\LightScribe 2008-07-05 15:15 --------- d-----w C:\ProgramData\NVIDIA 2008-07-05 15:08 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-05 15:08 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-07-05 15:07 --------- d-----w C:\Program Files\Common Files\Ahead 2008-07-05 15:04 --------- d-----w C:\ProgramData\Nero 2008-07-05 15:04 --------- d-----w C:\Program Files\Nero 2008-07-05 15:02 --------- d-----w C:\ProgramData\Media Center Programs 2008-07-05 14:56 --------- d-----w C:\Program Files\Flagship Studios 2008-07-05 14:38 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-07-05 14:38 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-07-05 14:38 22,328 ----a-w C:\Users\Alexandre\AppData\Roaming\PnkBstrK.sys 2008-07-05 14:38 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe 2008-07-05 14:38 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-07-05 14:25 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-07-05 14:22 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-07-05 14:22 --------- d-----w C:\Users\Alexandre\AppData\Roaming\DAEMON Tools 2008-07-05 13:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-05 13:31 --------- d-----w C:\Program Files\UltraISO 2008-07-05 13:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-07-05 13:11 512,096 ----a-w C:\Windows\system32\drivers\amon.sys 2008-07-05 13:11 298,104 ----a-w C:\Windows\System32\imon.dll 2008-07-05 13:11 15,424 ----a-w C:\Windows\system32\drivers od32drv.sys 2008-07-05 13:10 --------- d-----w C:\Program Files\SuperCopier2 2008-07-05 12:05 --------- d-----w C:\Program Files\Windows Mail 2008-07-05 11:50 174 --sha-w C:\Program Files\desktop.ini 2008-07-05 11:45 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-07-05 11:45 --------- d-----w C:\Program Files\Windows Journal 2008-07-05 11:45 --------- d-----w C:\Program Files\Windows Defender 2008-07-05 11:45 --------- d-----w C:\Program Files\Windows Collaboration 2008-07-05 11:45 --------- d-----w C:\Program Files\Windows Calendar 2008-07-05 11:38 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-07-05 11:38 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-07-05 11:21 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-07-05 11:21 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-07-05 11:18 --------- d-sh--w C:\ProgramData\Modèles 2008-07-05 11:18 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-07-05 11:18 --------- d-sh--w C:\ProgramData\Favoris 2008-07-05 11:18 --------- d-sh--w C:\ProgramData\Bureau 2008-07-05 11:18 --------- d-sh--w C:\Program Files\Fichiers communs 2008-05-28 10:33 83,288 ----a-w C:\Windows\System32\LMIRfsClientNP.dll 2008-05-28 10:33 24,608 ----a-w C:\Windows\System32\LMIport.dll 2008-05-28 10:32 87,352 ----a-w C:\Windows\System32\LMIinit.dll 2008-05-28 10:32 23,736 ----a-w C:\Windows\System32\lmimirr.dll 2008-05-28 10:32 10,040 ----a-w C:\Windows\System32\lmimirr2.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2008-07-05 15:11 949376] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-disabled] "NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-527905102-3225844392-1765247900-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F7853743-D118-49F0-AF4F-8AEC9E1515F3}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{D2D012ED-C5C9-4F9D-A147-8732ED5587AC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{A0A1AA82-CDD6-4837-8AD4-BB3DF4106264}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{7C169176-C2E2-4C6B-B06A-40E13FD2C26D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{FAF50757-0928-43E5-A21E-3A6B176D29D5}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate : London "{E57CB058-8042-4DC8-AA70-684A5C07FBA6}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate : London "{C552E6C7-E50E-4919-A182-5EF6E7F74BDB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{F0FFF827-3F14-4EBE-A3EB-282732937ACE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{E2BCDD1A-E8B5-457D-A1DC-705C14B32609}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{28F1EA44-C7C6-4D1E-9A20-445802CFEA60}C:\program files\tmnationsforever\tmforever.exe"= UDP:C:\program files mnationsforever mforever.exe:TmForever "UDP Query User{686872E7-BB3D-42A3-8311-6BE87D04EBA9}C:\program files\tmnationsforever\tmforever.exe"= TCP:C:\program files mnationsforever mforever.exe:TmForever "TCP Query User{02F38644-C975-4CEA-B60B-B956DCC50629}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus "UDP Query User{826C3DA5-9AAE-4E9F-961E-75613BA2301D}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus "{8FF514E5-F5FF-4D47-A8A9-41C0A9AB9999}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{08E3BA9C-CD37-41F0-A270-2297224A7026}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{3A74D3ED-E859-4609-BDC6-988955FDDFF6}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{CE201442-25C6-460F-9F3E-78124516FD6F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{3743F45F-7A24-4D3C-B485-CECDAD23A972}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{DFE727E9-F65B-4FD2-81EB-F96D0C3C1336}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{E8E2B49F-19B9-44D2-8973-BE235D622BCC}"= UDP:4444:µtorrent "{4D3D511B-5804-4DAC-8D5B-F5EFA4C54E7B}"= TCP:4444:µtorrent "{B11B780E-DABA-4842-B101-2AD46A8E47AE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{65F5F1E3-EE17-4759-9CC7-571F93F2CE6F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{ABEF01F1-5BC5-47E1-B9D0-E5EBBEC1CC6C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{CD2B8B72-4B89-4A2F-9EDE-2BC25185F2AC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C36CCB64-E6BF-4AA0-AE5E-AEE59E1E0C8A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{12CF5D32-E007-49B4-88D1-1BBCADF5CCE9}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{30ECCBE6-4441-4FF1-8F08-5DCD340FDEA2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{D397A59B-FF3B-4E29-B563-7AC09D086B8B}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{DCCAFFC9-B382-4BD2-B21D-AD0331FB2F7E}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{9856EE00-457C-45AC-8835-2B1293688129}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{51B5AC79-0432-4577-9354-F70656329476}"= UDP:C:\Program Files\Sierra Entertainment\Empire Earth III Public Demo\EE3.exe:Empire Earth III Public Demo "{48E910A3-CCE5-4E76-890C-F2AC57B57E0E}"= TCP:C:\Program Files\Sierra Entertainment\Empire Earth III Public Demo\EE3.exe:Empire Earth III Public Demo "{EE2BF837-82D0-441F-B879-A4A15FD7F266}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5CD51119-E7D4-42C5-9581-9AEDD3B31851}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FB6E9874-80A9-4A01-B629-3588156D89AC}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{91F1E39D-1CAB-4620-A154-64C0F37A4F7C}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{BCADEF00-F4EA-45F1-BC72-E1E0DB064F2D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{58DE6B70-AE30-4D3E-B889-FFEA53A6080F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{1CCE1877-6472-4147-9F2C-8426D3139C89}"= UDP:C:\Users\Alexandre\Downloads\utorrent.exe:µTorrent (TCP-In) "{344ECB93-4C5A-4F1F-964B-FDF3A79EC9A9}"= TCP:C:\Users\Alexandre\Downloads\utorrent.exe:µTorrent (UDP-In) "{25520066-6230-402F-A4C6-653C24CFCECE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In) "{A182935A-94CF-439E-A507-002A272C16FA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In) "{A3BABDFC-7ADE-497A-B725-D66060F140A8}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{E1376FBA-3005-4849-8DCE-C16980E9C18C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{11635A7E-61C8-4A20-903E-32C04B7E9FE4}"= UDP:C:\Users\Alexandre\Downloads\utorrent(3).exe:µTorrent (TCP-In) "{E08B3AB5-7466-4137-A298-9CBF94EF9D30}"= TCP:C:\Users\Alexandre\Downloads\utorrent(3).exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-07-23 20:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b0a8dee-4a83-11dd-bf4d-806e6f6e6963}] \shell\AutoRun\command - E:\lotrosetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee0720fb-4a9d-11dd-a99a-001a922487eb}] \shell\AutoRun\command - G:\Setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-08-17 05:41:10 C:\Windows\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.msn.com R0 -: HKLM-Main,Start Page = hxxp://www.msn.com R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 08:19:50 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-08-17 8:21:31 ComboFix-quarantined-files.txt 2008-08-17 06:20:25 Pre-Run: 34,671,906,816 octets libres Post-Run: 34,712,334,336 octets libres 296 --- E O F --- 2008-07-05 22:13:02 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:22:53, on 17/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32 askeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\explorer.exe C:\Windows\system32 otepad.exe C:\Windows\system32\SearchFilterHost.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset od32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset od32krn.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32 vvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

g!rly · Answer

Salut

supprime tous ces fichiers :

C:\Windows\System32\myvchwkm.ini
C:\Windows\System32\cwchtxhv.ini
C:\Windows\System32\iinvmugk.ini
C:\Windows\System32\knboiymc.ini 
C:\Windows\System32\knpijyyp.ini
C:\Windows\System32\bqlyhpnt.ini 
C:\Windows\System32\MoUEOUtv.ini
C:\Windows\System32\MoUEOUtv.ini2
C:\Windows\System32\WxyacMoq.ini
C:\Windows\System32\WxyacMoq.ini2
C:\Windows\System32\hoaepnoo.tmp
C:\Windows\System32\ducunpph.ini
C:\Windows\System32	qpcurdf.ini
:\Windows\System32\yqljbdyq.ini
C:\Windows\System32\KkmmTvut.ini
C:\Windows\System32\KkmmTvut.ini2
C:\Windows\System32\yqljbdyq.tmp
C:\Windows\System32\vxbedfii.ini
C:\Windows\System32\vxbedfii.ini2
C:\Windows\System32\gwolwrrx.ini
C:\Windows\System32\gwolwrrx.tmp
C:\Windows\System32	whqohwc.ini
C:\Windows\System32\pejectao.ini
C:\Windows\System32\sCLRYJjl.ini
C:\Windows\System32\sCLRYJjl.ini2 
C:\Windows\Internet Logs\xDB65B4.tmp
C:\Windows\Internet Logs\xDB63B1.tmp
C:\Windows\Internet Logs\xDB6325.tmp
C:\Windows\Internet Logs\xDB6383.tmp
C:\Windows\Internet Logs\xDB640F.tmp
C:\Windows\Internet Logs\xDB5EC2.tmp
C:\Windows\System32\wxbegfii.ini2
C:\ProgramData\Messenger Plus!
C:\Windows\System32\IOVDKnnn.ini2
C:\Windows\System32\FPAddcdd.ini2
C:\Windows\System32\XadgPqru.ini2 

puis passe ceci pour voir

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

@+

g!rly · Answer

ok

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\Windows\System32\myvchwkm.ini
C:\Windows\System32\cwchtxhv.ini
C:\Windows\System32\iinvmugk.ini
C:\Windows\System32\knboiymc.ini
C:\Windows\System32\knpijyyp.ini
C:\Windows\System32\bqlyhpnt.ini
C:\Windows\System32\MoUEOUtv.ini
C:\Windows\System32\MoUEOUtv.ini2
C:\Windows\System32\WxyacMoq.ini
C:\Windows\System32\WxyacMoq.ini2
C:\Windows\System32\hoaepnoo.tmp
C:\Windows\System32\ducunpph.ini
C:\Windows\System32	qpcurdf.ini
:\Windows\System32\yqljbdyq.ini
C:\Windows\System32\KkmmTvut.ini
C:\Windows\System32\KkmmTvut.ini2
C:\Windows\System32\yqljbdyq.tmp
C:\Windows\System32\vxbedfii.ini
C:\Windows\System32\vxbedfii.ini2
C:\Windows\System32\gwolwrrx.ini
C:\Windows\System32\gwolwrrx.tmp
C:\Windows\System32	whqohwc.ini
C:\Windows\System32\pejectao.ini
C:\Windows\System32\sCLRYJjl.ini
C:\Windows\System32\sCLRYJjl.ini2
C:\Windows\Internet Logs\xDB65B4.tmp
C:\Windows\Internet Logs\xDB63B1.tmp
C:\Windows\Internet Logs\xDB6325.tmp
C:\Windows\Internet Logs\xDB6383.tmp
C:\Windows\Internet Logs\xDB640F.tmp
C:\Windows\Internet Logs\xDB5EC2.tmp
C:\Windows\System32\wxbegfii.ini2
C:\ProgramData\Messenger Plus!
C:\Windows\System32\IOVDKnnn.ini2
C:\Windows\System32\FPAddcdd.ini2
C:\Windows\System32\XadgPqru.ini2

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

post aussi le rapport de lopsd ;)

@+

g!rly · Answer

Salut Draxealen,

Désolé pour le délais...

On dirait que ot_move it n´a pas vraiment fait de miracle ;(

De plus tu as pas mal de cracks !

On va supprimer tout ca avec combofix :

Copie le texte ci-dessous :

File::
C:\Windows\system32\FPAddcdd.ini
C:\Windows\system32\FPAddcdd.ini2
C:\Windows\system32\IOVDKnnn.ini
C:\Windows\system32\IOVDKnnn.ini2
C:\Windows\system32\KkmmTvut.ini
C:\Windows\system32\KkmmTvut.ini2
C:\Windows\system32\KnpYxyxx.ini
C:\Windows\system32\KnpYxyxx.ini2
C:\Windows\system32\KQAbJkkj.ini
C:\Windows\system32\KQAbJkkj.ini2
C:\Windows\system32\MoUEOUtv.ini
C:\Windows\system32\MoUEOUtv.ini2
C:\Windows\system32\MpXayyxx.ini
C:\Windows\system32\MpXayyxx.ini2
C:\Windows\system32\sCLRYJjl.ini
C:\Windows\system32\sCLRYJjl.ini2
C:\Windows\system32\suBJSCcf.ini
C:\Windows\system32\suBJSCcf.ini2
C:\Windows\system32\vxbedfii.ini
C:\Windows\system32\vxbedfii.ini2
C:\Windows\system32\wxbegfii.ini
C:\Windows\system32\wxbegfii.ini2
C:\Windows\system32\WxyacMoq.ini
C:\Windows\system32\WxyacMoq.ini2
C:\Windows\system32\XadgPqru.ini
C:\Windows\system32\XadgPqru.ini2
C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\crack hallgate london (2).lnk
C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk
C:\Users\ALEXAN~1\Desktop\sauvegarde\Alexandre\Documents\divers\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Lavasoft Ad-Aware 2007 Professional Edition v7.0.1.4 Incl-Crack.rar
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Nod32 Antivirus v2.70.39 Fr Incl-Crack.rar
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\PC CILLIN 14 + CRACK.rar
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Spysubtract Pro 2.6 Crack.zip
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Spysweeper 4.5.5 Fix And Keygen.rar
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Nod32 Antivirus v2.70.39 Fr Incl-Crack\http--www.emule-paradise.com-.url
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Nod32 Antivirus v2.70.39 Fr Incl-Crack
entfrst.exe
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Nod32 Antivirus v2.70.39 Fr Incl-Crack\Crack\NOD32.FiX.v2.2-nsane - Copie.ex
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Nod32 Antivirus v2.70.39 Fr Incl-Crack\Crack\NOD32.FiX.v2.2-nsane.exe
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinVista
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinXP
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinVista\Bin32\Crysis.exe
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinVista\Bin64\Crysis.exe
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinXP\Crysis.exe
C:\Users\ALEXAN~1\Desktop\sauvegarde\Crysis\Crysis-Cracks\Crack for WinXP\WinXp nfo.txt

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

g!rly · Answer

Salut,

Le rapport combofix est ici :

C:\Combofix2.txt

@+

Draxealen · Answer

Il n'y a rien du tout...et je peux t'assurer que j'ai fait ce que tu m'as demandé...j'avais même le rapport avant et quand je l'ai fermé, j'ai pas réussi à le retrouver.

g!rly · Answer

Re,

Ok, peux tu refaire lopsd option 1 et poster le rapport stp

@+

Draxealen · Answer

--------------------\  Lop S&D 4.2.3-0   XP/Vista

   [ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
   [ USER : Alexandre ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 26/08/2008 | 16:14:17 ] [ PC : PC-DE-ALEXANDRE (Proc:x86) ]
   [ MAJ : 17-08-2008 | 01:58 ]
   [ UAC => 1 ]
 
   --------------------\  Listing des dossiers dans Local  

   [17/08/2008|08:08] C:\Users\ALEXAN~1\AppData\Local\Adobe
   [05/07/2008|17:07] C:\Users\ALEXAN~1\AppData\Local\Ahead
   [23/08/2008|19:08] C:\Users\ALEXAN~1\AppData\Local\Apple
   [25/07/2008|21:07] C:\Users\ALEXAN~1\AppData\Local\Apple Computer
   [05/07/2008|13:20] C:\Users\ALEXAN~1\AppData\Local\Application Data 
   [24/08/2008|10:58] C:\Users\ALEXAN~1\AppData\Local\ApplicationHistory
   [17/08/2008|08:08] C:\Users\ALEXAN~1\AppData\Local\Ares
   [12/07/2008|09:09] C:\Users\ALEXAN~1\AppData\Local\d3d9caps.dat
   [08/08/2008|18:48] C:\Users\ALEXAN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [08/08/2008|15:56] C:\Users\ALEXAN~1\AppData\Local\fusioncache.dat
   [19/08/2008|13:43] C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [05/07/2008|13:20] C:\Users\ALEXAN~1\AppData\Local\Historique 
   [25/08/2008|23:48] C:\Users\ALEXAN~1\AppData\Local\IconCache.db
   [05/07/2008|15:35] C:\Users\ALEXAN~1\AppData\Local\LogMeIn
   [20/08/2008|08:54] C:\Users\ALEXAN~1\AppData\Local\Microsoft
   [05/07/2008|21:42] C:\Users\ALEXAN~1\AppData\Local\Microsoft Games
   [05/07/2008|15:50] C:\Users\ALEXAN~1\AppData\Local\Mozilla
   [26/08/2008|16:13] C:\Users\ALEXAN~1\AppData\Local\Temp
   [05/07/2008|13:20] C:\Users\ALEXAN~1\AppData\Local\Temporary Internet Files 
   [18/08/2008|11:55] C:\Users\ALEXAN~1\AppData\Local\TomTom
   [08/08/2008|15:56] C:\Users\ALEXAN~1\AppData\Local\Turbine
   [22/08/2008|21:59] C:\Users\ALEXAN~1\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [25/08/2008 19:27][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{019B89F8-47C9-4C61-A541-81980AA4E8C9}.job
   [26/08/2008 09:08][--a------] C:\Windows	asks\GlaryInitialize.job
   [26/08/2008 09:08][--ah-----] C:\Windows	asks\SA.DAT
   [25/08/2008 23:48][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [05/07/2008|15:42] C:\ProgramData\Adobe
   [05/07/2008|18:07] C:\ProgramData\Apple
   [12/07/2008|19:15] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [08/07/2008|14:46] C:\ProgramData\BM2f4b4a4a.txt
   [25/07/2008|13:35] C:\ProgramData\BM2f4b4a4a.xml
   [05/07/2008|13:18] C:\ProgramData\Bureau 
   [24/07/2008|00:27] C:\ProgramData\CheckPoint
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [05/07/2008|13:18] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [11/07/2008|08:06] C:\ProgramData\Grisoft
   [05/07/2008|17:43] C:\ProgramData\LightScribe
   [17/08/2008|12:59] C:\ProgramData\LogMeIn
   [25/07/2008|13:40] C:\ProgramData\Malwarebytes
   [05/07/2008|17:02] C:\ProgramData\Media Center Programs
   [05/07/2008|13:18] C:\ProgramData\Menu D‚marrer 
   [17/08/2008|18:44] C:\ProgramData\Messenger Plus!
   [19/08/2008|13:32] C:\ProgramData\Microsoft
   [05/07/2008|13:18] C:\ProgramData\ModŠles 
   [05/07/2008|17:04] C:\ProgramData\Nero
   [17/08/2008|08:42] C:\ProgramData
tuser.pol
   [05/07/2008|17:15] C:\ProgramData\NVIDIA
   [25/07/2008|13:45] C:\ProgramData\pskt.ini
   [17/08/2008|08:08] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [18/08/2008|11:55] C:\ProgramData\TomTom
   [06/08/2008|20:58] C:\ProgramData\TrackMania
   [24/07/2008|14:48] C:\ProgramData\Ubisoft
   [05/07/2008|18:25] C:\ProgramData\WLInstaller
   [17/08/2008|18:38] C:\ProgramData\Xfire

   --------------------\  Listing des dossiers dans C:\Program Files

   [05/07/2008|15:41] C:\Program Files\Adobe
   [05/07/2008|18:31] C:\Program Files\AGEIA Technologies
   [12/07/2008|12:56] C:\Program Files\Apple Software Update
   [05/07/2008|18:08] C:\Program Files\Bonjour
   [08/08/2008|15:41] C:\Program Files\Codemasters
   [05/07/2008|18:30] C:\Program Files\Common Files
   [05/07/2008|16:25] C:\Program Files\DAEMON Tools Lite
   [05/07/2008|13:50] C:\Program Files\desktop.ini
   [08/08/2008|13:16] C:\Program Files\Electronic Arts
   [17/08/2008|08:08] C:\Program Files\eMule
   [08/07/2008|14:07] C:\Program Files\ESET
   [05/07/2008|13:18] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [05/07/2008|16:56] C:\Program Files\Flagship Studios
   [02/08/2008|08:56] C:\Program Files\Glary Utilities
   [11/07/2008|08:00] C:\Program Files\Grisoft
   [08/08/2008|13:39] C:\Program Files\InstallShield Installation Information
   [08/08/2008|15:56] C:\Program Files\Internet Explorer
   [02/08/2008|19:30] C:\Program Files\iPod
   [02/08/2008|19:31] C:\Program Files\iTunes
   [08/08/2008|13:35] C:\Program Files\KONAMI
   [26/08/2008|09:08] C:\Program Files\LogMeIn
   [25/07/2008|13:40] C:\Program Files\Malwarebytes' Anti-Malware
   [17/08/2008|08:08] C:\Program Files\Messenger Plus! Live
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [05/07/2008|17:09] C:\Program Files\Microsoft Office
   [20/08/2008|14:48] C:\Program Files\Microsoft Silverlight
   [05/07/2008|17:08] C:\Program Files\Microsoft.NET
   [05/07/2008|13:45] C:\Program Files\Movie Maker
   [17/08/2008|18:50] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [05/07/2008|17:04] C:\Program Files\Nero
   [17/08/2008|08:08] C:\Program Files\QuickTime
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [06/08/2008|21:56] C:\Program Files\Sierra Entertainment
   [08/07/2008|14:24] C:\Program Files\Spybot - Search & Destroy
   [05/07/2008|15:10] C:\Program Files\SuperCopier2
   [05/07/2008|18:44] C:\Program Files\TmNationsForever
   [18/08/2008|11:55] C:\Program Files\TomTom HOME 2
   [05/07/2008|15:31] C:\Program Files\UltraISO
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [17/08/2008|18:29] C:\Program Files\uTorrent
   [05/07/2008|18:06] C:\Program Files\Video mp3 Extractor
   [05/07/2008|23:02] C:\Program Files\VideoLAN
   [24/08/2008|12:58] C:\Program Files\VSO
   [05/07/2008|13:45] C:\Program Files\Windows Calendar
   [05/07/2008|13:45] C:\Program Files\Windows Collaboration
   [05/07/2008|13:45] C:\Program Files\Windows Defender
   [05/07/2008|13:45] C:\Program Files\Windows Journal
   [05/07/2008|18:33] C:\Program Files\Windows Live
   [18/08/2008|10:03] C:\Program Files\Windows Mail
   [17/08/2008|08:08] C:\Program Files\Windows Media Player
   [05/07/2008|13:18] C:\Program Files\Windows NT
   [05/07/2008|13:45] C:\Program Files\Windows Photo Gallery
   [17/08/2008|08:08] C:\Program Files\Windows Sidebar
   [05/07/2008|15:13] C:\Program Files\WinRAR
   [17/08/2008|18:38] C:\Program Files\Xfire
   [24/07/2008|00:27] C:\Program Files\Zone Labs

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [05/07/2008|15:41] C:\Program Files\Common Files\Adobe
   [05/07/2008|17:07] C:\Program Files\Common Files\Ahead
   [05/07/2008|18:07] C:\Program Files\Common Files\Apple
   [05/07/2008|17:09] C:\Program Files\Common Files\DESIGNER
   [05/07/2008|15:31] C:\Program Files\Common Files\EZB Systems
   [08/08/2008|13:34] C:\Program Files\Common Files\InstallShield
   [05/07/2008|17:08] C:\Program Files\Common Files\LightScribe
   [19/08/2008|13:32] C:\Program Files\Common Files\microsoft shared
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [05/07/2008|13:45] C:\Program Files\Common Files\System
   [05/07/2008|18:31] C:\Program Files\Common Files\WindowsLiveInstaller
   [06/08/2008|21:57] C:\Program Files\Common Files\Wise Installation Wizard

   --------------------\  Process

   ( 53 Processus )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-26 16:14:25
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\crack hallgate london (2).lnk
   C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk
   C:\Users\ALEXAN~1\Desktop\sauvegarde\Alexandre\Documents\divers\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
   C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Spysubtract Pro 2.6  Crack.zip


   [F:67][D:8]-> C:\Users\ALEXAN~1\AppData\Local\Temp
   [F:49][D:1]-> C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:216][D:5]-> C:\Users\ALEXAN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:2][D:2]-> C:\$Recycle.Bin

   --------------------\  Fin du rapport a 16:16:05,24
   [ UAC => 1 ]

g!rly · Answer

Salut DRAXEALEN,

C´est ok pour les fichiers supprimés par combofix...

Par contre tu as encore des cracks surement infectés...

C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\crack hallgate london (2).lnk
C:\Users\ALEXAN~1\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk
C:\Users\ALEXAN~1\Desktop\sauvegarde\Alexandre\Documents\divers\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
C:\Users\ALEXAN~1\Desktop\sauvegarde\antivirus\Spysubtract Pro 2.6 Crack.zip 

Supprime les et post un nouveau rapport hijack this et précise tes soucis

@+

Spy & adware, google bloqué

16 réponses

Discussions similaires

Newsletters