bonjour,


je vient d'attrapper un virus worm bagle.ca sur vista (dans le fichier hewlett packard/hp advisor/ hp advisor.exe

Je viens d'ouvrir un magasin et l'utilisation de mon ordinateur est très importante. Merci de votre aide

Bonjour,

Désactiver l'UAC: http://www.zebulon.fr/astuces/220- [...] vista.html

1. Télécharge [color=red]combofix.exe[/color] (par [color=#3366FF]sUBs[/color]) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe pour lancer le scan.
3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Bonjour,

Merci d'essayer de m'aider.
J'ai télécharger combofix mais dès que je veux cliquer dessus pour l'ouvrir, un message m'indique que windows explorer ne peut pas s'ouvrir (je fini en même temps de faire un scan en ligne de l'ordi sur secuser.com, je ne sais pas si cela a une influence)

Maintenant le message combofix n'est pas une application win32 valide apparait

Re,

Escuse moi j'ai oublié d'écrire quelque chose...

Supprime ComboFix de ton PC. Retélécharge le sur ton Bureau en le nommant Combo-Fix (il te faut le renommer avant de le télécharger)

2. Double clique sur Combo-Fix.exe pour lancer le scan.
3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

je les renommer combo-fix mais j'ai le même message (combo-fix n'est pas une application win 32

Bonjour,

Télécharge ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/des [...] ibagla.asp (clique sur le bouton "Descargar Elibagla" ) sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire.

Assure toi que le bouton Eliminar Ficheros Automaticamente soit coché.

Vérifie que C:\ soit sélectionné de Unidad.

Clique sur le bouton Explorar

Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\

ca y est apres installation de ccleaner, j'ai pu lancer combo fix.

ComboFix 08-07-17.3 - mick 2008-07-18 10:05:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2266 [GMT 2:00]
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\mick\AppData\Roaming\m
C:\Users\mick\AppData\Roaming\m\shared
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Commander 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Explorer 1.1.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Express 3.3a.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Extensions 1.0 build 53.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Guardian 1.2.56.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Keystroke Macro Automation Software 7.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard King 1.11.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Language Manager 1.2.1 build 50.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Launchpad 1.6.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Layout Manager 2.90.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard LED Control 1.09.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Logger 1.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Manager Deluxe 2.16.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Maniac 4.26.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Monitor 3.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Music 2.4.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Remapper 1.2.12.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Sample Trigger 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Shortcut Buddy 2.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Shortcuts Assistant 1.0 Build 3026.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Sounder 1.6.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Sounds for Visual Impaired 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Tester 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Texter 2.9.1.6851.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Tweaker 2.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboard Wizard 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyboardAssist 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyboardChanger 1.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyboarding 1.5.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyboardLocker 2.5.7.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyboardTest 3.0 Build 1000.zip
C:\Users\mick\AppData\Roaming\m\shared\Keybreeze Basic 3.1 Beta.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyCaptor Keylogger 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keychain Collector 5.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keychain Password Manager 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyChanger 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyChrono 1.3.3.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyCleanse 1.0.0.20.zip
C:\Users\mick\AppData\Roaming\m\shared\keyconfig 20060828.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyCounter 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyDB 1.50.03.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyDemon 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyEcho 2.3.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyedAccess 3.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyfinder Package 1.2.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyFinder Pro 2.1.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyfinder Thing 3.1.6.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyFour Restaurant 6.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyFrame Wing Living Model Navigator Plug-in 1.5a.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGen RC4 Emailer 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGen RC4 Encryption Key Maker 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGenerator demo project.zip
C:\Users\mick\AppData\Roaming\m\shared\Keygloo 1.0.14 beta.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGO 2.2d.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGuard 1.0.10.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyGuard 2.3c.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyhole LT 2.2.990.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyhole Spy 1.12.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyIC ConneX 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyInjector 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyJnote 0.9.4.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyJoke 1.01.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyKeeper 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyLaunch 2.1.7.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylime Cove Countdown 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylink 1.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Douglas 1.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Express 1.01.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger FTP PC Keystrokes Monitor 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Hunter 2.2.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Killer 1.5.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger King Home 2.3.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyLogger Mask 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Spy Monitor 6.2.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keylogger Stopper 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyMakerPRO 2.20.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyMan 2.5.2.zip
C:\Users\mick\AppData\Roaming\m\shared\Keymap SDK C++ Edition 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keynesis Portable Sweeper 1.5.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyNote 1.6.5.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyNote Music Drills 1.77.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyOff 2.1.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyOff Lite 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyoti RapidSpell Desktop .Net 3.7.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyparc 0.9.2.1.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyPass 4.7.1.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyPass Portable 4.7.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keypict 1.02.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyProwler Pro 3.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyring 1.0.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyring Creator 2006 1.0.13.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyroid 1.1.0.8.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyScrambler Personal 1.3.1.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyScrambler Professional 1.0.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keysend.bas 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyser Soze's Unofficial XP Security Pack 1.002.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyset 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeySim 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeySpy 7.71a.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyState 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyster Search Engine Rankings 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keystroke Converter 5.zip
C:\Users\mick\AppData\Roaming\m\shared\Keystroke POS 6.10 build 30.zip
C:\Users\mick\AppData\Roaming\m\shared\Keystroke Shortcut Recorder 2.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keystroke Spy 1.10.3.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyText 3.10.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyTool IUI 2.4.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyTools 1.0.8312.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyTweak 2.11.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyUpdater XP 1.0.1.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyWallet 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keywarden 1.4.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Analyzer 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyWord Crawler 1.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Creator 1.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Expander 1.5.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Expert 3.00.7.801.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Extractor 1.03.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Extreme 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Fisher 2.0.zip
C:\Users\mick\AppData\Roaming\m\shared\KeyWord Generator lite 1.0.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Highlight 1.01.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Live 2.20.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Market Value Analyzer 1.1.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Marketing Buddy 2.3.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Master 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Pad 1.0.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Page Creator 1.1.2.zip
C:\Users\mick\AppData\Roaming\m\shared\Keyword Page Generator 2004.12.20.zip
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\1003710.exe
C:\Windows\system32\drivers\downld\102757.exe
C:\Windows\system32\drivers\downld\1036782.exe
C:\Windows\system32\drivers\downld\1039122.exe
C:\Windows\system32\drivers\downld\1041353.exe
C:\Windows\system32\drivers\downld\1043287.exe
C:\Windows\system32\drivers\downld\1046517.exe
C:\Windows\system32\drivers\downld\1054488.exe
C:\Windows\system32\drivers\downld\105581.exe
C:\Windows\system32\drivers\downld\1059558.exe
C:\Windows\system32\drivers\downld\1061196.exe
C:\Windows\system32\drivers\downld\1071180.exe
C:\Windows\system32\drivers\downld\1089276.exe
C:\Windows\system32\drivers\downld\1091024.exe
C:\Windows\system32\drivers\downld\1093520.exe
C:\Windows\system32\drivers\downld\109793.exe
C:\Windows\system32\drivers\downld\1098340.exe
C:\Windows\system32\drivers\downld\110573.exe
C:\Windows\system32\drivers\downld\1123862.exe
C:\Windows\system32\drivers\downld\1125718.exe
C:\Windows\system32\drivers\downld\1129540.exe
C:\Windows\system32\drivers\downld\1133659.exe
C:\Windows\system32\drivers\downld\1147246.exe
C:\Windows\system32\drivers\downld\1149072.exe
C:\Windows\system32\drivers\downld\1196059.exe
C:\Windows\system32\drivers\downld\120307.exe
C:\Windows\system32\drivers\downld\120432.exe
C:\Windows\system32\drivers\downld\1226433.exe
C:\Windows\system32\drivers\downld\1228585.exe
C:\Windows\system32\drivers\downld\1230847.exe
C:\Windows\system32\drivers\downld\1235652.exe
C:\Windows\system32\drivers\downld\123646.exe
C:\Windows\system32\drivers\downld\1241268.exe
C:\Windows\system32\drivers\downld\1242891.exe
C:\Windows\system32\drivers\downld\1256790.exe
C:\Windows\system32\drivers\downld\1290923.exe
C:\Windows\system32\drivers\downld\1294543.exe
C:\Windows\system32\drivers\downld\1297694.exe
C:\Windows\system32\drivers\downld\1300252.exe
C:\Windows\system32\drivers\downld\1309690.exe
C:\Windows\system32\drivers\downld\1311344.exe
C:\Windows\system32\drivers\downld\1320720.exe
C:\Windows\system32\drivers\downld\1338550.exe
C:\Windows\system32\drivers\downld\141820.exe
C:\Windows\system32\drivers\downld\144207.exe
C:\Windows\system32\drivers\downld\14729239.exe
C:\Windows\system32\drivers\downld\14769987.exe
C:\Windows\system32\drivers\downld\14772826.exe
C:\Windows\system32\drivers\downld\14783699.exe
C:\Windows\system32\drivers\downld\14791515.exe
C:\Windows\system32\drivers\downld\14792841.exe
C:\Windows\system32\drivers\downld\14803933.exe
C:\Windows\system32\drivers\downld\15015735.exe
C:\Windows\system32\drivers\downld\15027716.exe
C:\Windows\system32\drivers\downld\151258.exe
C:\Windows\system32\drivers\downld\155548.exe
C:\Windows\system32\drivers\downld\166375.exe
C:\Windows\system32\drivers\downld\194158.exe
C:\Windows\system32\drivers\downld\196935.exe
C:\Windows\system32\drivers\downld\209119.exe
C:\Windows\system32\drivers\downld\214579.exe
C:\Windows\system32\drivers\downld\310488.exe
C:\Windows\system32\drivers\downld\320254.exe
C:\Windows\system32\drivers\downld\399456.exe
C:\Windows\system32\drivers\downld\433245.exe
C:\Windows\system32\drivers\downld\67470.exe
C:\Windows\system32\drivers\downld\67969.exe
C:\Windows\system32\drivers\downld\74537.exe
C:\Windows\system32\drivers\downld\84302.exe
C:\Windows\system32\drivers\downld\894010.exe
C:\Windows\system32\drivers\downld\909501.exe
C:\Windows\system32\drivers\downld\916006.exe
C:\Windows\system32\drivers\downld\918518.exe
C:\Windows\system32\drivers\downld\929282.exe
C:\Windows\system32\drivers\downld\930171.exe
C:\Windows\system32\drivers\downld\936910.exe
C:\Windows\system32\drivers\downld\941247.exe
C:\Windows\system32\drivers\downld\962089.exe
C:\Windows\system32\drivers\downld\968937.exe
C:\Windows\system32\drivers\downld\971917.exe
C:\Windows\system32\drivers\downld\974538.exe
C:\Windows\system32\drivers\downld\987564.exe
C:\Windows\system32\drivers\downld\989997.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\KBL.LOG
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))))))))
.

2008-07-18 09:36 . 2008-07-18 09:36 <REP> d-------- C:\Program Files\Yahoo!
2008-07-18 09:36 . 2008-07-18 09:36 <REP> d-------- C:\Program Files\CCleaner
2008-07-17 22:26 . 2008-07-17 22:26 <REP> d-------- C:\Windows\Sun
2008-07-17 14:06 . 2008-07-17 14:06 <REP> d-------- C:\Windows\report
2008-07-17 14:06 . 2008-07-17 14:06 <REP> d-------- C:\Windows\AU_Backup
2008-07-17 14:06 . 2008-07-17 14:06 1,962,632 --a------ C:\Windows\tsc.ptn
2008-07-17 14:06 . 2008-07-17 14:06 1,213,784 --a------ C:\Windows\vsapi32.dll
2008-07-17 14:06 . 2008-07-17 14:06 333,576 --a------ C:\Windows\TSC.exe
2008-07-17 14:06 . 2008-07-17 14:06 91,744 --a------ C:\Windows\BPMNT.dll
2008-07-17 14:06 . 2008-07-17 14:06 71,749 --a------ C:\Windows\hcextoutput.dll
2008-07-17 14:06 . 2008-07-17 18:56 803 --a------ C:\Windows\tsc.ini
2008-07-17 14:05 . 2008-07-17 14:06 <REP> d-------- C:\Windows\AU_Temp
2008-07-17 14:05 . 2008-07-17 14:05 <REP> d-------- C:\Windows\AU_Log
2008-07-17 14:05 . 2008-07-17 14:06 25,375,093 --a------ C:\Windows\VPTNFILE.413
2008-07-17 14:05 . 2008-07-17 14:06 25,375,093 --a------ C:\Windows\LPT$VPN.413
2008-07-17 14:05 . 2008-07-17 14:05 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-07-17 14:05 . 2008-07-17 14:05 69,689 --a------ C:\Windows\UNZIP.DLL
2008-07-17 14:05 . 2008-07-17 14:05 170 --a------ C:\Windows\GetServer.ini
2008-07-17 14:04 . 2008-07-17 14:04 286,720 --a------ C:\Windows\PATCH.EXE
2008-07-17 12:43 . 2008-07-17 12:43 <REP> d-------- C:\Windows\system\color
2008-07-17 12:29 . 2001-09-06 15:55 90,112 --a------ C:\Windows\System32\adomps.dll
2008-07-17 12:10 . 2008-07-17 12:10 <REP> d-------- C:\Program Files\Universal Extractor
2008-07-17 08:56 . 2000-06-29 09:00 36,864 --a------ C:\Windows\System32\agusbsti.dll
2008-07-16 18:46 . 2008-07-16 18:46 <REP> d-------- C:\Program Files\Common Files\Agfa
2008-07-16 18:46 . 1998-11-13 13:16 308,224 --a------ C:\Windows\IsUn040c.exe
2008-07-16 18:46 . 2000-06-13 09:19 32,768 --a------ C:\Windows\System32\agsisti.dll
2008-07-16 18:01 . 2008-07-16 19:06 <REP> d-------- C:\Program Files\Agfa
2008-07-16 11:49 . 2008-07-16 11:59 <REP> d-------- C:\Users\mick\AppData\Roaming\XnView Deluxe
2008-07-16 11:49 . 2008-07-16 11:58 <REP> d-------- C:\Program Files\XnView Deluxe 2
2008-07-11 10:02 . 2008-06-26 02:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 10:02 . 2008-06-26 02:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 13:18 . 2008-07-10 13:18 <REP> d-------- C:\Users\mick\AppData\Roaming\SmartFTP
2008-07-10 13:17 . 2008-07-10 13:17 <REP> d-------- C:\Program Files\SmartFTP Client
2008-07-10 13:16 . 2008-07-10 13:16 <REP> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-07-10 11:11 . 2008-07-12 12:00 <REP> d-------- C:\Program Files\PhotoZoom Pro 2
2008-07-10 10:37 . 2008-07-10 10:37 3,605 --a------ C:\Windows\jwdv-tkg32.ini
2008-07-10 10:37 . 2008-07-10 10:37 1,432 --a------ C:\Windows\czht-w16.ini
2008-07-09 19:31 . 2008-07-09 19:32 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-07-08 18:04 . 2008-07-08 18:04 <REP> d-------- C:\Program Files\Siber Systems
2008-07-08 14:55 . 2008-07-08 14:55 <REP> d-------- C:\Users\All Users\RoboForm
2008-07-08 14:55 . 2008-07-08 14:55 <REP> d-------- C:\PROGRA~2\RoboForm
2008-07-07 19:06 . 2008-07-07 19:06 3,120 --a------ C:\Windows\MF_C425.lfa
2008-07-07 18:09 . 2008-07-07 18:09 3,120 --a------ C:\Windows\MF_C421.lfa
2008-07-07 18:09 . 2008-07-07 18:09 3,120 --a------ C:\Windows\MF_C420.lfa
2008-07-07 18:07 . 2001-02-14 13:58 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-07-07 18:05 . 2008-07-07 19:06 <REP> d-------- C:\Program Files\incredimail
2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Program Files\Common Files\Protexis
2008-07-07 17:52 . 2008-07-07 17:52 <REP> d-------- C:\Program Files\Common Files\Corel
2008-07-07 15:26 . 2008-07-07 15:26 <REP> d-------- C:\Users\mick\AppData\Roaming\Corel
2008-07-07 15:26 . 2008-07-17 17:07 2,828 --ahs---- C:\Users\All Users\KGyGaAvL.sys
2008-07-07 15:26 . 2008-07-17 17:07 2,828 --ahs---- C:\PROGRA~2\KGyGaAvL.sys
2008-07-07 15:26 . 2008-07-07 15:26 8 -r-hs---- C:\Users\All Users\956C1E711A.sys
2008-07-07 15:26 . 2008-07-07 15:26 8 -r-hs---- C:\PROGRA~2\956C1E711A.sys
2008-07-07 15:24 . 2008-07-07 17:55 <REP> d-------- C:\Users\All Users\Corel
2008-07-07 15:24 . 2008-07-07 17:55 <REP> d-------- C:\PROGRA~2\Corel
2008-07-07 15:11 . 2008-07-16 09:21 <REP> d-------- C:\Program Files\corel
2008-07-07 15:07 . 2008-07-16 17:50 <REP> d-------- C:\Users\mick\professionnel
2008-07-07 15:07 . 2008-07-07 15:07 <REP> d-------- C:\Users\mick\AppData\Roaming\CoSoSys
2008-07-05 18:26 . 2008-07-16 18:22 <REP> d-------- C:\Sollo
2008-07-05 18:23 . 2003-06-19 01:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-07-05 18:23 . 2008-07-05 18:23 382 --a------ C:\Windows\ODBC.INI
2008-07-05 18:20 . 2008-07-05 18:20 <REP> d-------- C:\Windows\PCHEALTH
2008-07-05 18:20 . 2008-07-05 18:20 <REP> d-------- C:\Program Files\Microsoft.NET
2008-07-05 18:18 . 2008-07-05 18:18 <REP> dr-h----- C:\MSOCache
2008-07-05 18:11 . 2008-07-05 18:21 <REP> d-------- C:\Program Files\office complet
2008-07-05 17:15 . 2008-07-05 17:15 <REP> d-------- C:\Users\mick\AppData\Roaming\ABBYY
2008-07-05 17:13 . 2008-07-05 17:13 <REP> d-------- C:\Program Files\Common Files\ABBYY
2008-07-05 17:12 . 2008-07-05 17:12 <REP> d-------- C:\Users\All Users\ABBYY
2008-07-05 17:12 . 2008-07-05 17:12 <REP> d-------- C:\PROGRA~2\ABBYY
2008-07-05 17:02 . 2008-07-05 17:34 <REP> d-------- C:\Program Files\OCR
2008-07-05 16:44 . 2008-07-05 16:44 <REP> d-------- C:\Users\mick\AppData\Roaming\ESTsoft
2008-07-05 16:44 . 2008-07-05 16:44 <REP> d-------- C:\Program Files\ESTsoft
2008-07-05 11:20 . 2008-07-05 11:20 <REP> d-------- C:\Users\All Users\Google
2008-07-03 10:04 . 2008-07-03 10:04 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-07-03 10:04 . 2008-07-03 10:04 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-07-03 10:03 . 2008-07-03 10:03 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-07-03 10:03 . 2008-07-03 10:03 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-07-03 10:02 . 2008-07-03 10:02 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-07-03 10:02 . 2008-07-03 10:02 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-07-03 10:02 . 2008-07-03 10:02 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-07-03 10:02 . 2008-07-03 10:02 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-07-03 10:02 . 2008-07-03 10:02 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-07-03 10:01 . 2008-07-03 10:01 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-03 10:01 . 2008-07-03 10:01 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-03 10:01 . 2008-07-03 10:01 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-07-03 10:01 . 2008-07-03 10:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-07-03 10:01 . 2008-07-03 10:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-07-03 10:01 . 2008-07-03 10:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-07-03 10:01 . 2008-07-03 10:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-07-03 10:01 . 2008-07-03 10:01 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-07-03 10:00 . 2008-07-03 10:00 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-07-03 10:00 . 2008-07-03 10:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-03 10:00 . 2008-07-03 10:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-07-03 10:00 . 2008-07-03 10:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-07-03 10:00 . 2008-07-03 10:00 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-07-03 10:00 . 2008-07-03 10:00 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-07-03 09:58 . 2008-07-03 09:58 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-07-03 09:58 . 2008-07-03 09:58 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-07-03 09:58 . 2008-07-03 09:58 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-07-03 09:58 . 2008-07-03 09:58 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-07-03 09:58 . 2008-07-03 09:58 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-07-03 09:58 . 2008-07-03 09:58 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-07-03 09:58 . 2008-07-03 09:58 2,048 --a------ C:\Windows\System32\asferror.dll
2008-07-03 09:57 . 2008-07-03 09:57 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-03 09:57 . 2008-07-03 09:57 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-03 09:57 . 2008-07-03 09:57 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-07-03 09:56 . 2008-07-03 09:56 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-03 09:56 . 2008-07-03 09:56 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-07-03 09:56 . 2008-07-03 09:56 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-07-03 09:56 . 2008-07-03 09:56 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-07-03 09:56 . 2008-07-03 09:56 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-07-03 09:56 . 2008-07-03 09:56 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-07-03 09:56 . 2008-07-03 09:56 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-07-03 09:56 . 2008-07-03 09:56 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-07-03 09:55 . 2008-07-03 09:55 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-07-03 09:55 . 2008-07-03 09:55 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-03 09:55 . 2008-07-03 09:55 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-03 09:55 . 2008-07-03 09:55 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-03 09:55 . 2008-07-03 09:55 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-03 09:55 . 2008-07-03 09:55 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-03 09:55 . 2008-07-03 09:55 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-03 09:55 . 2008-07-03 09:55 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-03 09:55 . 2008-07-03 09:55 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-03 09:54 . 2008-07-03 09:54 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-03 09:52 . 2008-07-03 09:52 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 07:19 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 07:11 --------- d-----w C:\Program Files\Windows Mail
2008-07-03 08:45 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-03 08:05 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-07-03 08:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-07-03 08:05 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-07-03 08:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-03 08:05 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-07-03 08:05 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-07-03 07:59 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-07-03 07:59 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-07-03 07:59 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-07-03 07:59 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-07-03 07:59 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-07-03 07:59 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-07-03 07:59 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-07-03 07:59 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-07-03 07:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-03 07:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-03 07:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-03 07:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-03 07:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-03 07:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-03 07:39 --------- d-----w C:\Program Files\Microsoft Works
2008-07-03 07:30 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-02 20:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-02 20:30 --------- d-----w C:\PROGRA~2\Symantec
2008-07-02 11:25 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-07-02 11:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 10:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-02 10:51 --------- d-sh--w C:\PROGRA~2\Modèles
2008-07-02 10:51 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-07-02 10:51 --------- d-sh--w C:\PROGRA~2\Favoris
2008-07-02 10:51 --------- d-sh--w C:\PROGRA~2\Bureau
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-03 09:57 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2008-07-07 19:19 208946]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-08 18:04 160832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 14:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 14:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 14:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 14:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 10:09 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-521734349-3866553280-131952410-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053AB282-E2DF-4F2E-B806-4A8C143D0FDF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C0C2D29-F3D6-444D-8A5C-21AC5D347C8A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{21592082-8707-4982-AA79-54813E0AAB47}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8D1815AF-1BEE-4954-B52F-068958F25A47}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{64F3B16E-0FBC-452C-A8CB-53B8302B3B76}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{B80EDF73-3997-4A91-99D5-B35AFCD44B6A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{F0A3AD4B-00D9-4BB6-9F10-56396FE92F67}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"{84C48F1B-ED1B-4EA0-86E2-FAC86E65EF98}"= Disabled:UDP:C:\Program Files\incredimail\bin\ImpCnt.exe:IncrediMail
"{8691D9D9-6686-43EE-BCBC-900E5ADE94C5}"= Disabled:TCP:C:\Program Files\incredimail\bin\ImpCnt.exe:IncrediMail
"{D9C3E2F9-7F9D-4057-8591-AD38FB867C7D}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{1FCE5123-F559-48C2-8646-744BED46AB70}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{E1AECFF0-8B34-4362-9BB0-42763AAE28CA}"= Disabled:UDP:C:\Program Files\incredimail\bin\IncMail.exe:IncrediMail
"{9BEF70FD-6734-4634-9600-E6A3912A1599}"= Disabled:TCP:C:\Program Files\incredimail\bin\IncMail.exe:IncrediMail
"{B1A76E48-EED7-417D-BA7C-EAFA9968EDF0}"= Disabled:UDP:C:\Program Files\incredimail\bin\ImApp.exe:IncrediMail
"{651CD559-AE2E-43E1-AD0E-7CBFF07170E9}"= Disabled:TCP:C:\Program Files\incredimail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 21:03]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 06:26]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-27 17:33]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 10:14:09
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-18 10:20:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 08:19:51

Pre-Run: 169,987,657,728 octets libres
Post-Run: 169,628,250,112 octets libres

491 --- E O F --- 2008-07-11 08:04:57