virus packed win32 monder.gen
Forum Sécurité - Virus : virus packed win32 monder.gen
Bonjour,
j'ai un petit probleme. En faite mon anti virus (orange) me dit que j'ai un virus tres dangeureux puis me donne le nom de ce fichier "packed win32 monder.gen"
puis quand je mais " nettoyer" ou "supprimer le fiher infecté" sa redemarre l'ordinateur puis l'ordinateur mais que sa a echouer
comment supprimer ce virus ?
merci
Bonjour,
Quel emplacement ?
Répondre à Angeldark
il est dans C/windows/systeme32/GEBSQHYW.DLL
C'est un dossier que je ne peut apparement pas effacer..
C'est mauvais signe?
Re,
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:30, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [608024b3] rundll32.exe "C:\WINDOWS\system32\wovgqmap.dll",b
O4 - HKLM\..\Run: [BM63b3172f] Rundll32.exe "C:\WINDOWS\system32\lqyydfkm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 5835548375
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 7758 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 08-04-29.5 - Arthur 2008-05-01 15:48:31.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.264 [GMT 2:00]
Endroit: C:\Documents and Settings\Arthur\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\anais\Application Data\HbTools
C:\Documents and Settings\anais\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Anne-France\Application Data\HbTools
C:\Documents and Settings\Anne-France\Application Data\HbTools\HbTools.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\btknptpe.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\fudxeuhk.dll
C:\WINDOWS\system32\gbjfbwmi.dll
C:\WINDOWS\system32\geBsQHyW.dll
C:\WINDOWS\system32\kekchbdm.dll
C:\WINDOWS\system32\lqyydfkm.dll
C:\WINDOWS\system32\lwsovnyc.dll
C:\WINDOWS\system32\osebgbgs.dll
C:\WINDOWS\system32\pamqgvow.ini
C:\WINDOWS\system32\stdoxbmv.ini
C:\WINDOWS\system32\stmjeime.ini
C:\WINDOWS\system32\tDgMnUvw.ini
C:\WINDOWS\system32\tDgMnUvw.ini2
C:\WINDOWS\system32\wovgqmap.dll
C:\WINDOWS\system32\wvUnMgDt.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 15:48 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF24527.exe
2008-05-01 15:37 . 2008-05-01 15:37 <REP> d-------- C:\Inetpub
2008-05-01 15:36 . 2008-05-01 15:36 268 --ah----- C:\sqmdata12.sqm
2008-05-01 15:36 . 2008-05-01 15:36 244 --ah----- C:\sqmnoopt12.sqm
2008-05-01 13:00 . 2008-05-01 13:00 268 --ah----- C:\sqmdata11.sqm
2008-05-01 13:00 . 2008-05-01 13:00 244 --ah----- C:\sqmnoopt11.sqm
2008-04-26 19:29 . 2008-04-26 19:29 268 --ah----- C:\sqmdata10.sqm
2008-04-26 19:29 . 2008-04-26 19:29 244 --ah----- C:\sqmnoopt10.sqm
2008-04-26 17:19 . 2008-05-01 15:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-26 17:19 . 2008-05-01 15:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-26 11:27 . 2008-04-26 15:07 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-04-26 08:14 . 2008-04-26 08:14 268 --ah----- C:\sqmdata09.sqm
2008-04-26 08:14 . 2008-04-26 08:14 244 --ah----- C:\sqmnoopt09.sqm
2008-04-26 08:09 . 2008-04-26 08:09 <REP> d-------- C:\Program Files\Trend Micro
2008-04-25 23:20 . 2008-04-25 23:20 268 --ah----- C:\sqmdata08.sqm
2008-04-25 23:20 . 2008-04-25 23:20 244 --ah----- C:\sqmnoopt08.sqm
2008-04-25 19:02 . 2008-04-25 19:02 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Malwarebytes
2008-04-25 18:53 . 2008-04-25 18:53 268 --ah----- C:\sqmdata07.sqm
2008-04-25 18:53 . 2008-04-25 18:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-24 21:36 . 2008-04-24 21:36 268 --ah----- C:\sqmdata06.sqm
2008-04-24 21:36 . 2008-04-24 21:36 244 --ah----- C:\sqmnoopt06.sqm
2008-04-24 07:30 . 2008-05-01 12:50 109,734 --a------ C:\WINDOWS\BM63b3172f.xml
2008-04-24 00:49 . 2008-04-24 00:49 268 --ah----- C:\sqmdata05.sqm
2008-04-24 00:49 . 2008-04-24 00:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-23 20:15 . 2008-04-23 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-04-23 20:15 . 2008-04-23 20:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-04-23 13:31 . 2008-04-24 07:26 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-22 17:45 . 2008-04-22 17:45 268 --ah----- C:\sqmdata04.sqm
2008-04-22 17:45 . 2008-04-22 17:45 244 --ah----- C:\sqmnoopt04.sqm
2008-04-22 01:02 . 2008-04-22 01:02 268 --ah----- C:\sqmdata03.sqm
2008-04-22 01:02 . 2008-04-22 01:02 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 19:05 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-21 18:49 . 2008-04-21 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-04-20 22:21 . 2008-04-20 22:21 <REP> d-------- C:\Documents and Settings\Arthur\Contacts
2008-04-20 20:48 . 2008-04-20 20:48 268 --ah----- C:\sqmdata02.sqm
2008-04-20 20:48 . 2008-04-20 20:48 244 --ah----- C:\sqmnoopt02.sqm
2008-04-20 11:25 . 2008-04-20 11:25 244 --ah----- C:\sqmnoopt01.sqm
2008-04-20 11:25 . 2008-04-20 11:25 232 --ah----- C:\sqmdata01.sqm
2008-04-20 10:11 . 2008-04-20 10:11 244 --ah----- C:\sqmnoopt00.sqm
2008-04-20 10:11 . 2008-04-20 10:11 232 --ah----- C:\sqmdata00.sqm
2008-04-20 09:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-20 09:39 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-19 19:44 . 2008-04-19 19:44 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\AdobeUM
2008-04-19 16:00 . 2008-04-19 16:00 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Contacts
2008-04-19 15:48 . 2008-04-19 15:48 <REP> d---s---- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\UserData
2008-04-19 15:45 . 2008-04-19 15:57 <REP> d-------- C:\Program Files\Windows Live
2008-04-19 15:45 . 2008-04-19 15:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-19 15:44 . 2008-04-19 15:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-19 15:44 . 2008-04-19 15:44 2,402,832 --a------ C:\Program Files\WLinstaller.exe
2008-04-19 15:37 . 2008-04-19 15:55 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\F-Secure
2008-04-18 19:40 . 2008-04-18 19:40 <REP> d-------- C:\Program Files\free-downloads.net
2008-04-18 19:40 . 2008-04-18 19:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-18 18:43 . 2008-04-18 18:50 41 ---hs---- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
2008-04-18 18:42 . 2008-04-18 19:13 <REP> d-------- C:\Program Files\SlySoft
2008-04-18 18:42 . 2008-04-18 18:43 24 --ahs---- C:\WINDOWS\SEA717FDA.tmp
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Anne-France\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\anais\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FarStone
2008-04-18 18:41 . 2008-04-26 18:15 273 --a------ C:\WINDOWS\Wininit.ini
2008-04-18 18:19 . 2008-04-24 18:05 <REP> d-------- C:\Program Files\EA GAMES
2008-04-18 11:21 . 2008-04-18 11:21 <REP> d-------- C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\Application Data\FarStone
2008-04-18 11:21 . 2008-04-18 11:21 24 --a------ C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\UpdateLog.GDZ
2008-04-16 13:02 . 2008-04-16 13:02 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\FarStone
2008-04-16 13:02 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\farstone
2008-04-16 13:02 . 2008-04-18 18:07 96 --a------ C:\Documents and Settings\Arthur\UpdateLog.GDZ
2008-04-16 12:56 . 2008-04-16 12:56 <REP> d-------- C:\Program Files\FarStone
2008-04-16 12:50 . 2007-03-02 13:48 36,864 --------- C:\WINDOWS\system32\unVHDDrvExe.exe
2008-04-16 12:50 . 2007-04-10 08:05 32,768 --------- C:\WINDOWS\system32\inVHDDrvExe.exe
2008-04-16 10:40 . 2008-04-16 10:40 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2008-04-16 09:37 . 2008-04-16 09:37 <REP> d-------- C:\Program Files\P2P_Energy
2008-04-16 09:37 . 2008-04-16 09:37 <REP> d-------- C:\Program Files\Conduit
2008-04-16 09:31 . 2008-04-16 09:31 <REP> d-------- C:\Program Files\WinShut XP
2008-04-16 09:21 . 2008-04-16 09:29 <REP> d-------- C:\Program Files\Switch Off
2008-04-14 23:49 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-14 23:49 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-14 23:49 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-14 23:48 . 2008-04-14 23:57 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-14 16:13 . 2008-04-14 16:13 <REP> d-------- C:\Program Files\Yahoo!
2008-04-14 16:12 . 2008-04-14 16:13 <REP> d-------- C:\Program Files\CCleaner
2008-04-14 15:00 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-14 14:29 . 2008-04-14 14:29 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\DAEMON Tools
2008-04-14 13:29 . 2008-04-14 13:29 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer
2008-04-14 11:42 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-14 11:36 . 2008-04-14 11:36 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-14 11:28 . 2008-04-14 11:40 <REP> d-------- C:\WINDOWS\EHome
2008-04-14 08:10 . 2005-01-21 00:09 <REP> d-------- C:\Patch NoCD + Construction
2008-04-13 21:40 . 2008-04-25 19:23 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-13 20:34 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-08 00:50 . 2008-04-25 19:27 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-07 23:21 . 2008-04-13 22:49 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\LimeWire
2008-04-07 10:08 . 2008-04-07 10:08 <REP> d-------- C:\Program Files\CDBurnerXP
2008-04-07 10:08 . 2008-04-07 10:08 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\CDBurnerXP_Soft
2008-04-07 09:56 . 2008-04-14 14:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-07 08:30 . 2008-04-07 08:30 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-07 08:29 . 2008-04-07 08:29 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-04-07 08:29 . 2008-04-07 08:29 <REP> d-------- C:\Program Files\Ahead
2008-04-07 08:29 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-07 08:29 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-07 08:29 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-07 08:29 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-04-07 08:29 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-07 08:29 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-07 08:29 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-06 19:42 . 2008-04-14 16:28 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-04-06 11:04 . 2008-04-06 11:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-04-06 11:03 . 2008-04-17 11:49 <REP> d-------- C:\Program Files\Azureus
2008-04-06 11:03 . 2008-04-24 00:49 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Azureus
2008-04-04 20:10 . 2008-04-04 20:10 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc
2008-04-03 20:57 . 2008-04-03 20:57 <REP> d-------- C:\WINDOWS\naevius
2008-04-03 20:57 . 2008-04-14 16:28 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 10:25 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
2008-04-24 16:15 --------- d-----w C:\Program Files\Dofus
2008-04-23 18:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-21 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 07:31 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-16 07:31 253,952 ------w C:\WINDOWS\Setup1.exe
2008-04-14 14:25 --------- d-----w C:\Program Files\Java
2008-04-14 13:38 --------- d-----w C:\Program Files\QuickTime
2008-04-14 07:16 --------- d-----w C:\Program Files\LimeWire
2008-04-07 20:08 --------- d-----w C:\Documents and Settings\Philippe\Application Data\MSN6
2008-04-05 14:43 --------- d-----w C:\Documents and Settings\Arthur\Application Data\LimeWire
2008-04-03 18:20 --------- d-----w C:\Program Files\MediaCoder
2008-03-28 16:51 --------- d-----w C:\Program Files\IDA
2008-03-28 12:07 --------- d-----w C:\Documents and Settings\Philippe\Application Data\F-Secure
2008-03-27 18:10 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Internet Download Accelerator
2008-03-24 14:16 317,158 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-24 12:39 --------- d-----w C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\ispnews
2008-03-23 19:27 --------- d-----w C:\Documents and Settings\Arthur\Application Data\F-Secure
2008-03-23 17:10 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-20 11:38 --------- d-----w C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\Application Data\ispnews
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 10:53 --------- d-----w C:\Documents and Settings\Arthur\Application Data\ispnews
2008-03-18 10:15 --------- d-----w C:\Documents and Settings\Philippe\Application Data\PEX
2008-03-18 10:11 --------- d-----w C:\Documents and Settings\Philippe\Application Data\ispnews
2008-03-18 08:23 --------- d-----w C:\Program Files\Securitoo
2008-03-15 17:17 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-03-15 17:17 --------- d-----w C:\Program Files\AVS4YOU
2008-03-15 17:14 --------- d-----w C:\Documents and Settings\Arthur\Application Data\vlc
2008-03-14 10:09 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Thunderbird
2008-03-13 17:02 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Thunderbird
2008-03-13 13:05 --------- d-----w C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\vlc
2008-03-12 20:02 --------- d-----w C:\Documents and Settings\Arthur\Application Data\AVS4YOU
2008-03-12 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-03-12 19:20 --------- d-----w C:\Program Files\Riva
2008-03-12 19:20 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-03-12 19:19 --------- d-----w C:\Program Files\Total Video Converter
2008-03-12 18:22 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-10 18:38 --------- d-----w C:\Documents and Settings\Arthur\Application Data\AdobeUM
2008-03-10 18:08 --------- d-----w C:\Program Files\VideoLAN
2008-03-10 13:15 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-02 09:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-03-02 08:47 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Datel
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-21 18:49:15 113664]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-01-15 19:08:28 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsQHyW]
geBsQHyW.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 16:09]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 19:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 15:49:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 15:49:55
ComboFix-quarantined-files.txt 2008-05-01 13:49:48
Pre-Run: 8,427,249,664 octets libres
Post-Run: 8,412,336,128 octets libres
246 --- E O F --- 2008-04-21 00:11:28
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 599
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 153760
Temps écoulé: 30 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\gbjfbwmi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5DF2AA57-7AC7-4FFA-9DA2-63B689034D56}\RP207\A0042326.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Refais un scan Combofix 
Répondre à Angeldark
ComboFix 08-04-29.5 - Arthur 2008-05-01 21:10:49.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.175 [GMT 2:00]
Endroit: C:\Documents and Settings\Arthur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 17:15 . 2008-05-01 17:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 17:15 . 2008-05-01 17:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-01 15:37 . 2008-05-01 15:37 <REP> d-------- C:\Inetpub
2008-05-01 15:36 . 2008-05-01 15:36 268 --ah----- C:\sqmdata12.sqm
2008-05-01 15:36 . 2008-05-01 15:36 244 --ah----- C:\sqmnoopt12.sqm
2008-05-01 13:00 . 2008-05-01 13:00 268 --ah----- C:\sqmdata11.sqm
2008-05-01 13:00 . 2008-05-01 13:00 244 --ah----- C:\sqmnoopt11.sqm
2008-04-26 19:29 . 2008-04-26 19:29 268 --ah----- C:\sqmdata10.sqm
2008-04-26 19:29 . 2008-04-26 19:29 244 --ah----- C:\sqmnoopt10.sqm
2008-04-26 17:19 . 2008-05-01 15:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-26 17:19 . 2008-05-01 15:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-26 11:27 . 2008-04-26 15:07 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-04-26 08:14 . 2008-04-26 08:14 268 --ah----- C:\sqmdata09.sqm
2008-04-26 08:14 . 2008-04-26 08:14 244 --ah----- C:\sqmnoopt09.sqm
2008-04-26 08:09 . 2008-04-26 08:09 <REP> d-------- C:\Program Files\Trend Micro
2008-04-25 23:20 . 2008-04-25 23:20 268 --ah----- C:\sqmdata08.sqm
2008-04-25 23:20 . 2008-04-25 23:20 244 --ah----- C:\sqmnoopt08.sqm
2008-04-25 19:02 . 2008-04-25 19:02 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Malwarebytes
2008-04-25 18:53 . 2008-04-25 18:53 268 --ah----- C:\sqmdata07.sqm
2008-04-25 18:53 . 2008-04-25 18:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-24 21:36 . 2008-04-24 21:36 268 --ah----- C:\sqmdata06.sqm
2008-04-24 21:36 . 2008-04-24 21:36 244 --ah----- C:\sqmnoopt06.sqm
2008-04-24 07:30 . 2008-05-01 12:50 109,734 --a------ C:\WINDOWS\BM63b3172f.xml
2008-04-24 00:49 . 2008-04-24 00:49 268 --ah----- C:\sqmdata05.sqm
2008-04-24 00:49 . 2008-04-24 00:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-23 20:15 . 2008-04-23 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-04-23 20:15 . 2008-04-23 20:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-04-23 13:31 . 2008-04-24 07:26 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-22 17:45 . 2008-04-22 17:45 268 --ah----- C:\sqmdata04.sqm
2008-04-22 17:45 . 2008-04-22 17:45 244 --ah----- C:\sqmnoopt04.sqm
2008-04-22 01:02 . 2008-04-22 01:02 268 --ah----- C:\sqmdata03.sqm
2008-04-22 01:02 . 2008-04-22 01:02 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 19:05 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-21 18:49 . 2008-04-21 18:49 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-04-20 22:21 . 2008-04-20 22:21 <REP> d-------- C:\Documents and Settings\Arthur\Contacts
2008-04-20 20:48 . 2008-04-20 20:48 268 --ah----- C:\sqmdata02.sqm
2008-04-20 20:48 . 2008-04-20 20:48 244 --ah----- C:\sqmnoopt02.sqm
2008-04-20 11:25 . 2008-04-20 11:25 244 --ah----- C:\sqmnoopt01.sqm
2008-04-20 11:25 . 2008-04-20 11:25 232 --ah----- C:\sqmdata01.sqm
2008-04-20 10:11 . 2008-04-20 10:11 244 --ah----- C:\sqmnoopt00.sqm
2008-04-20 10:11 . 2008-04-20 10:11 232 --ah----- C:\sqmdata00.sqm
2008-04-20 09:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-20 09:39 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-19 19:44 . 2008-04-19 19:44 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\AdobeUM
2008-04-19 16:00 . 2008-04-19 16:00 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Contacts
2008-04-19 15:48 . 2008-04-19 15:48 <REP> d---s---- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\UserData
2008-04-19 15:45 . 2008-04-19 15:57 <REP> d-------- C:\Program Files\Windows Live
2008-04-19 15:45 . 2008-04-19 15:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-19 15:44 . 2008-04-19 15:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-19 15:44 . 2008-04-19 15:44 2,402,832 --a------ C:\Program Files\WLinstaller.exe
2008-04-19 15:37 . 2008-04-19 15:55 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\F-Secure
2008-04-18 19:40 . 2008-04-18 19:40 <REP> d-------- C:\Program Files\free-downloads.net
2008-04-18 19:40 . 2008-04-18 19:40 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-18 18:43 . 2008-04-18 18:50 41 ---hs---- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
2008-04-18 18:42 . 2008-04-18 19:13 <REP> d-------- C:\Program Files\SlySoft
2008-04-18 18:42 . 2008-04-18 18:43 24 --ahs---- C:\WINDOWS\SEA717FDA.tmp
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Anne-France\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\anais\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\FarStone
2008-04-18 18:41 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FarStone
2008-04-18 18:41 . 2008-04-26 18:15 273 --a------ C:\WINDOWS\Wininit.ini
2008-04-18 18:19 . 2008-04-24 18:05 <REP> d-------- C:\Program Files\EA GAMES
2008-04-18 11:21 . 2008-04-18 11:21 <REP> d-------- C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\Application Data\FarStone
2008-04-18 11:21 . 2008-04-18 11:21 24 --a------ C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\UpdateLog.GDZ
2008-04-16 13:02 . 2008-04-16 13:02 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\FarStone
2008-04-16 13:02 . 2008-04-18 18:41 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\farstone
2008-04-16 13:02 . 2008-04-18 18:07 96 --a------ C:\Documents and Settings\Arthur\UpdateLog.GDZ
2008-04-16 12:56 . 2008-04-16 12:56 <REP> d-------- C:\Program Files\FarStone
2008-04-16 12:50 . 2007-03-02 13:48 36,864 --------- C:\WINDOWS\system32\unVHDDrvExe.exe
2008-04-16 12:50 . 2007-04-10 08:05 32,768 --------- C:\WINDOWS\system32\inVHDDrvExe.exe
2008-04-16 10:40 . 2008-04-16 10:40 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2008-04-16 09:37 . 2008-04-16 09:37 <REP> d-------- C:\Program Files\P2P_Energy
2008-04-16 09:37 . 2008-04-16 09:37 <REP> d-------- C:\Program Files\Conduit
2008-04-16 09:31 . 2008-04-16 09:31 <REP> d-------- C:\Program Files\WinShut XP
2008-04-16 09:21 . 2008-04-16 09:29 <REP> d-------- C:\Program Files\Switch Off
2008-04-14 23:49 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-14 23:49 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-14 23:49 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-14 23:48 . 2008-04-14 23:57 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-14 16:13 . 2008-04-14 16:13 <REP> d-------- C:\Program Files\Yahoo!
2008-04-14 16:12 . 2008-04-14 16:13 <REP> d-------- C:\Program Files\CCleaner
2008-04-14 15:00 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-14 14:29 . 2008-04-14 14:29 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\DAEMON Tools
2008-04-14 13:29 . 2008-04-14 13:29 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer
2008-04-14 11:42 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-14 11:36 . 2008-04-14 11:36 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-14 11:28 . 2008-04-14 11:40 <REP> d-------- C:\WINDOWS\EHome
2008-04-14 08:10 . 2005-01-21 00:09 <REP> d-------- C:\Patch NoCD + Construction
2008-04-13 21:40 . 2008-04-25 19:23 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-13 20:34 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-08 00:50 . 2008-04-25 19:27 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-07 23:21 . 2008-04-13 22:49 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\LimeWire
2008-04-07 10:08 . 2008-04-07 10:08 <REP> d-------- C:\Program Files\CDBurnerXP
2008-04-07 10:08 . 2008-04-07 10:08 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\CDBurnerXP_Soft
2008-04-07 09:56 . 2008-04-14 14:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-07 08:30 . 2008-04-07 08:30 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-07 08:29 . 2008-04-07 08:29 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-04-07 08:29 . 2008-04-07 08:29 <REP> d-------- C:\Program Files\Ahead
2008-04-07 08:29 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-07 08:29 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-07 08:29 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-07 08:29 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-04-07 08:29 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-07 08:29 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-07 08:29 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-06 19:42 . 2008-04-14 16:28 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-04-06 11:04 . 2008-04-06 11:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-04-06 11:03 . 2008-04-17 11:49 <REP> d-------- C:\Program Files\Azureus
2008-04-06 11:03 . 2008-04-24 00:49 <REP> d-------- C:\Documents and Settings\Arthur\Application Data\Azureus
2008-04-04 20:10 . 2008-04-04 20:10 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\vlc
2008-04-03 20:57 . 2008-04-03 20:57 <REP> d-------- C:\WINDOWS\naevius
2008-04-03 20:57 . 2008-04-14 16:28 <REP> d-------- C:\Program Files\Multimediafeed 3GP Mobile Video Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 10:25 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
2008-04-24 16:15 --------- d-----w C:\Program Files\Dofus
2008-04-23 18:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-21 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 07:31 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-16 07:31 253,952 ------w C:\WINDOWS\Setup1.exe
2008-04-14 14:25 --------- d-----w C:\Program Files\Java
2008-04-14 13:38 --------- d-----w C:\Program Files\QuickTime
2008-04-14 07:16 --------- d-----w C:\Program Files\LimeWire
2008-04-07 20:08 --------- d-----w C:\Documents and Settings\Philippe\Application Data\MSN6
2008-04-05 14:43 --------- d-----w C:\Documents and Settings\Arthur\Application Data\LimeWire
2008-04-03 18:20 --------- d-----w C:\Program Files\MediaCoder
2008-03-28 16:51 --------- d-----w C:\Program Files\IDA
2008-03-28 12:07 --------- d-----w C:\Documents and Settings\Philippe\Application Data\F-Secure
2008-03-27 18:10 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Internet Download Accelerator
2008-03-24 14:16 317,158 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-24 12:39 --------- d-----w C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\ispnews
2008-03-23 19:27 --------- d-----w C:\Documents and Settings\Arthur\Application Data\F-Secure
2008-03-23 17:10 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-20 11:38 --------- d-----w C:\Documents and Settings\Anne-France.AGE-SCFI8YG9G6L\Application Data\ispnews
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 10:53 --------- d-----w C:\Documents and Settings\Arthur\Application Data\ispnews
2008-03-18 10:15 --------- d-----w C:\Documents and Settings\Philippe\Application Data\PEX
2008-03-18 10:11 --------- d-----w C:\Documents and Settings\Philippe\Application Data\ispnews
2008-03-18 08:23 --------- d-----w C:\Program Files\Securitoo
2008-03-15 17:17 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-03-15 17:17 --------- d-----w C:\Program Files\AVS4YOU
2008-03-15 17:14 --------- d-----w C:\Documents and Settings\Arthur\Application Data\vlc
2008-03-14 10:09 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Thunderbird
2008-03-13 17:02 --------- d-----w C:\Documents and Settings\Arthur\Application Data\Thunderbird
2008-03-13 13:05 --------- d-----w C:\Documents and Settings\Anais.AGE-SCFI8YG9G6L\Application Data\vlc
2008-03-12 20:02 --------- d-----w C:\Documents and Settings\Arthur\Application Data\AVS4YOU
2008-03-12 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-03-12 19:20 --------- d-----w C:\Program Files\Riva
2008-03-12 19:20 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-03-12 19:19 --------- d-----w C:\Program Files\Total Video Converter
2008-03-12 18:22 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-10 18:38 --------- d-----w C:\Documents and Settings\Arthur\Application Data\AdobeUM
2008-03-10 18:08 --------- d-----w C:\Program Files\VideoLAN
2008-03-10 13:15 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-02 09:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-03-02 08:47 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Datel
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-21 18:49:15 113664]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-01-15 19:08:28 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsQHyW]
geBsQHyW.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 16:09]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 19:44]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 21:12:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 21:13:22
ComboFix-quarantined-files.txt 2008-05-01 19:13:18
ComboFix2.txt 2008-05-01 13:49:56
Pre-Run: 9,549,676,544 octets libres
Post-Run: 9,535,582,208 octets libres
220 --- E O F --- 2008-04-21 00:11:28
Tu as encore des problèmes ?
Répondre à Angeldark
OUI TOUT REMARCHE MERCI
Reposte un rapport Hijackthis on termine.
Répondre à Angeldark
Il y a 310 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
