Abebot...trojaner
Marjo -
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention - 16 mai 2008 à 10:46
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention - 16 mai 2008 à 10:46
10 réponses
slt,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\WINDOWS\vnbptxlf.dll
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_____________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
C:\WINDOWS\vnbptxlf.dll
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_____________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
Bonjour
Jai toujours des avertissement et le petit triangle jaune qui apparaissent. Jai chercher le document C:\WINDOWS\vnbptxlf.dll pour le faire analyser par virus total mais je ne le trouve pas et il nest pas la et il n'est pas dans les dossiers cachés. Je vous envoit le rapport hidjackthis et et le rapport bitdefender
Merci de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 13:53:51, on 2008-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wzclcxwt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [keffbwrq] C:\WINDOWS\system32\wzclcxwt.exe
O4 - HKCU\..\Run: [vqkkfryd] C:\WINDOWS\system32\mxqhwjqh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fp2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
BitDefender Online Scanner
Rapport d'analyse généré à: Thu, May 08, 2008 - 15:36:04
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:15:55
Fichiers
40003
Directoires
4576
Secteurs de boot
3
Archives
820
Paquets programmes
2849
Résultats
Virus identifiés
2
Fichiers infectés
2
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
2
Info sur les moteurs
Définition virus
1190717
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
15
Archive des plugins
34
Unpack des plugins
6
E-mail plugins
6
Système plugins
4
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
Détecté avec: Adware.Hotbar.Be.9.C
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
Supprimé
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
Détecté avec: Adware.Hotbar.BQ
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
Supprimé
Jai toujours des avertissement et le petit triangle jaune qui apparaissent. Jai chercher le document C:\WINDOWS\vnbptxlf.dll pour le faire analyser par virus total mais je ne le trouve pas et il nest pas la et il n'est pas dans les dossiers cachés. Je vous envoit le rapport hidjackthis et et le rapport bitdefender
Merci de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 13:53:51, on 2008-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wzclcxwt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [keffbwrq] C:\WINDOWS\system32\wzclcxwt.exe
O4 - HKCU\..\Run: [vqkkfryd] C:\WINDOWS\system32\mxqhwjqh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fp2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
BitDefender Online Scanner
Rapport d'analyse généré à: Thu, May 08, 2008 - 15:36:04
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:15:55
Fichiers
40003
Directoires
4576
Secteurs de boot
3
Archives
820
Paquets programmes
2849
Résultats
Virus identifiés
2
Fichiers infectés
2
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
2
Info sur les moteurs
Définition virus
1190717
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
15
Archive des plugins
34
Unpack des plugins
6
E-mail plugins
6
Système plugins
4
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
Détecté avec: Adware.Hotbar.Be.9.C
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
Supprimé
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
Détecté avec: Adware.Hotbar.BQ
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
Supprimé
telecharge combofix:
http://.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzclcxwt.exe
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\WINDOWS\system32\mxqhwjqh.exe
C:\WINDOWS\vnbptxlf.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cbMDNXwcgZ"=-
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"keffbwrq"=-
"vqkkfryd"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2765DD3A-7AB1-4813-9612-C14A5981728A}"=-
[HKEY_CLASSES_ROOT\clsid\{2765dd3a-7ab1-4813-9612-c14a5981728a}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{77ECF945-2592-41EE-8DCB-ECAC3CB628FB}]
[HKEY_CLASSES_ROOT\vnbptxlf]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
http://.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzclcxwt.exe
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\WINDOWS\system32\mxqhwjqh.exe
C:\WINDOWS\vnbptxlf.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cbMDNXwcgZ"=-
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"keffbwrq"=-
"vqkkfryd"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2765DD3A-7AB1-4813-9612-C14A5981728A}"=-
[HKEY_CLASSES_ROOT\clsid\{2765dd3a-7ab1-4813-9612-c14a5981728a}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{77ECF945-2592-41EE-8DCB-ECAC3CB628FB}]
[HKEY_CLASSES_ROOT\vnbptxlf]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question Voici le rapport combofix
Jattend votre réponse
Merci
ComboFix 08-05-08.1 - Owner 2008-05-09 16:15:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\WINDOWS\system32\mxqhwjqh.exe
C:\WINDOWS\system32\wzclcxwt.exe
C:\WINDOWS\vnbptxlf.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\WINDOWS\system32\wzclcxwt.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-11 23:10 . 2008-04-11 23:28 3,876 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 23:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-11 23:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-11 23:09 . 2008-04-10 21:00 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-11 23:09 . 2008-04-11 22:13 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-11 23:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-11 23:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-11 07:34 . 2008-04-11 07:34 <REP> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 00:05 . 2008-05-09 16:15 <REP> d-------- C:\Documents and Settings\All s\Application Data\avgbgton
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 17:04:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:17:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 16:19:18
ComboFix-quarantined-files.txt 2008-05-09 20:19:10
ComboFix2.txt 2008-05-02 02:33:57
Pre-Run: 41,222,840,320 octets libres
Post-Run: 41,383,477,248 octets libres
162 --- E O F --- 2008-04-10 03:25:41
Jattend votre réponse
Merci
ComboFix 08-05-08.1 - Owner 2008-05-09 16:15:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\WINDOWS\system32\mxqhwjqh.exe
C:\WINDOWS\system32\wzclcxwt.exe
C:\WINDOWS\vnbptxlf.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
C:\WINDOWS\system32\wzclcxwt.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-11 23:10 . 2008-04-11 23:28 3,876 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 23:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-11 23:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-11 23:09 . 2008-04-10 21:00 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-11 23:09 . 2008-04-11 22:13 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-11 23:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-11 23:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-11 07:34 . 2008-04-11 07:34 <REP> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 00:05 . 2008-05-09 16:15 <REP> d-------- C:\Documents and Settings\All s\Application Data\avgbgton
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 17:04:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:17:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 16:19:18
ComboFix-quarantined-files.txt 2008-05-09 20:19:10
ComboFix2.txt 2008-05-02 02:33:57
Pre-Run: 41,222,840,320 octets libres
Post-Run: 41,383,477,248 octets libres
162 --- E O F --- 2008-04-10 03:25:41
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzevehsj.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
Registry::
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csiphfok"="-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://commentcamarche.telechargertorrent.org/tutoriel-malwarebyte-anti-malware/
_________________
pense ensuite a coller un rapport hijackhtis
__________________
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzevehsj.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
Registry::
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csiphfok"="-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://commentcamarche.telechargertorrent.org/tutoriel-malwarebyte-anti-malware/
_________________
pense ensuite a coller un rapport hijackhtis
__________________
Voici le rapport combofix , ce que jai viré avec Anti Malware et le rapport hidjackthis
Merci
Je nai plus davertissement de virus
Jespère que le problème est réglé
ComboFix 08-05-08.1 - Owner 2008-05-11 22:14:30.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\WINDOWS\system32\wzevehsj.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All s\Application Data\avgbgton
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 02:10:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 22:16:27
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-11 22:18:26
ComboFix-quarantined-files.txt 2008-05-12 02:18:13
ComboFix2.txt 2008-05-09 20:19:18
ComboFix3.txt 2008-05-02 02:33:57
Pre-Run: 41,185,132,544 octets libres
Post-Run: 41,341,669,376 octets libres
151 --- E O F --- 2008-04-10 03:25:41
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 740
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95598
Temps écoulé: 36 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\vnbptxlf.beps (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\apoxqwfv.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP533\A0041849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP534\A0042073.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP536\A0042096.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042103.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042104.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Logfile of HijackThis v1.99.1
Scan saved at 23:16:29, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fp2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
O17 - HKLM\System\CS1\Services\Tip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
Merci
Je nai plus davertissement de virus
Jespère que le problème est réglé
ComboFix 08-05-08.1 - Owner 2008-05-11 22:14:30.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\WINDOWS\system32\wzevehsj.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All s\Application Data\avgbgton
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 02:10:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 22:16:27
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-11 22:18:26
ComboFix-quarantined-files.txt 2008-05-12 02:18:13
ComboFix2.txt 2008-05-09 20:19:18
ComboFix3.txt 2008-05-02 02:33:57
Pre-Run: 41,185,132,544 octets libres
Post-Run: 41,341,669,376 octets libres
151 --- E O F --- 2008-04-10 03:25:41
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 740
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95598
Temps écoulé: 36 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\vnbptxlf.beps (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\apoxqwfv.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP533\A0041849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP534\A0042073.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP536\A0042096.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042103.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042104.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Logfile of HijackThis v1.99.1
Scan saved at 23:16:29, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fp2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
O17 - HKLM\System\CS1\Services\Tip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
ok
vire ce qui est dans le dossier quarantine: en allant dans poste de travail puis C puis:
C:\QooBox\Quarantine
_____________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzevehsj.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir
Registry::
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csiphfok"="-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________
tu as quel antivirus????
si tu n'en as pas installe antivir et colle moi un rapport avec:
https://commentcamarche.telechargertorrent.org/avira-free-security-antivirus-gratuit/
si tu as un antivirus déjà :
n'installe pas antivir et
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
__________
vire ce qui est dans le dossier quarantine: en allant dans poste de travail puis C puis:
C:\QooBox\Quarantine
_____________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Drivers::
cusbohcn
File::
C:\WINDOWS\system32\wzevehsj.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir
Registry::
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"csiphfok"="-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________
tu as quel antivirus????
si tu n'en as pas installe antivir et colle moi un rapport avec:
https://commentcamarche.telechargertorrent.org/avira-free-security-antivirus-gratuit/
si tu as un antivirus déjà :
n'installe pas antivir et
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
__________
Bonjour,
Jai vidé le dossier quarantine et jai un anti virus (McAfee) est ce correcte? Voici le rapport ComboFix et Bitdefender.
Merci
ComboFix 08-05-11.1 - Owner 2008-05-12 14:41:54.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.126 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir
C:\WINDOWS\system32\wzevehsj.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 23:37 . 2008-05-11 23:38 <REP> d-------- C:\Documents and Settings\All s\Application Data\McAfee
2008-05-11 23:37 . 2007-10-16 20:50 171,272 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-11 23:37 . 2007-10-16 20:50 72,680 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-11 23:37 . 2007-10-16 20:50 64,168 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-05-11 23:37 . 2007-10-16 20:50 51,944 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-05-11 23:37 . 2007-10-16 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-11 23:36 . 2008-05-11 23:37 <REP> d-------- C:\Program Files\McAfee
2008-05-11 23:36 . 2008-05-11 23:36 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\All s\Application Data\Malwarebytes
2008-05-11 22:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 22:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-11 23:16 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-12 13:48 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All s\Application Data\avgbgton
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 13:20:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
+ 2006-11-30 12:50:00 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
+ 2007-02-23 00:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBl.dll
+ 2006-11-30 12:50:00 71,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
+ 2006-11-30 12:50:00 99,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
+ 2006-11-30 12:50:00 132,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptl.dll
+ 2007-02-23 00:50:00 71,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
+ 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
+ 2006-11-30 12:50:00 11,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
+ 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4834_mcconsol.exe
+ 2007-02-23 00:50:00 194,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
+ 2007-02-23 00:50:00 24,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
+ 2007-02-23 00:50:00 144,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
+ 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
+ 2006-11-30 12:50:00 263,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
+ 2007-02-23 00:50:00 54,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
+ 2006-11-30 12:50:00 13,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
+ 2007-02-23 00:50:00 79,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
+ 2006-11-30 12:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
+ 2006-11-30 12:50:00 41,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
+ 2006-11-30 12:50:00 25,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
+ 2007-02-23 00:50:00 58,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
+ 2006-11-30 12:50:00 16,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
+ 2006-11-30 12:50:00 19,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
+ 2007-02-23 00:50:00 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
+ 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
+ 2006-11-30 12:50:00 34,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
+ 2006-11-30 12:50:00 83,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
+ 2006-11-30 12:50:00 64,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
+ 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
+ 2006-11-30 12:50:00 72,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
+ 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
+ 2006-11-30 12:50:00 34,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
+ 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
+ 2006-11-30 12:50:00 46,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
+ 2007-02-23 00:50:00 170,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
+ 2006-11-30 12:50:00 18,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
+ 2006-11-30 12:50:00 52,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
+ 2006-11-30 12:50:00 132,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
+ 2007-02-23 00:50:00 226,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
+ 2006-11-30 12:50:00 75,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
+ 2006-11-30 12:50:00 362,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCDaemon.exe
+ 2007-02-23 00:50:00 333,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
+ 2006-11-30 12:50:00 149,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCInstall.dll
+ 2007-02-23 00:50:00 464,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
+ 2007-02-23 00:50:00 35,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASl.dll
+ 2006-11-30 12:50:00 263,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
+ 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
+ 2006-11-30 12:50:00 67,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
+ 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
+ 2007-02-23 00:50:00 112,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
+ 2007-02-23 00:50:00 243,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodsl.dll
+ 2006-11-30 12:50:00 83,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
+ 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdl.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-10-16 20:50 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-08-30 18:22 136512]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 14:44:01
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-12 14:46:06
ComboFix-quarantined-files.txt 2008-05-12 18:45:56
ComboFix2.txt 2008-05-12 02:18:27
ComboFix3.txt 2008-05-09 20:19:18
ComboFix4.txt 2008-05-02 02:33:57
Pre-Run: 40,967,737,344 octets libres
Post-Run: 41,172,910,080 octets libres
223 --- E O F --- 2008-04-10 03:25:41
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Mon, May 12, 2008 - 19:38:31
--------------------------------------------------------
Info d'analyse
Fichiers scannés
49471
Infectés Fichiers
0
Virus Détectés
Aucun virus trouvé.
Ce sommaire du processus d'analyse sera utilisé par les laboratoires
Antivirus BitDefender pour créer des statistiques agréguées sur l'activité
des virus dans le monde.
Jai vidé le dossier quarantine et jai un anti virus (McAfee) est ce correcte? Voici le rapport ComboFix et Bitdefender.
Merci
ComboFix 08-05-11.1 - Owner 2008-05-12 14:41:54.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.126 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir
C:\WINDOWS\system32\wzevehsj.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 23:37 . 2008-05-11 23:38 <REP> d-------- C:\Documents and Settings\All s\Application Data\McAfee
2008-05-11 23:37 . 2007-10-16 20:50 171,272 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-11 23:37 . 2007-10-16 20:50 72,680 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-11 23:37 . 2007-10-16 20:50 64,168 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-05-11 23:37 . 2007-10-16 20:50 51,944 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-05-11 23:37 . 2007-10-16 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-11 23:36 . 2008-05-11 23:37 <REP> d-------- C:\Program Files\McAfee
2008-05-11 23:36 . 2008-05-11 23:36 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\All s\Application Data\Malwarebytes
2008-05-11 22:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 22:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-08 13:52 . 2008-05-11 23:16 <REP> d-------- C:\Hijackthis
2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 22:43 . 2008-05-12 13:48 <REP> d-------- C:\Program Files\Navilog1
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All s\Application Data\avgbgton
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 13:20:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\ed Program Files\bdupd.dll
+ 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\ed Program Files\ipsupd.dll
+ 2006-11-30 12:50:00 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
+ 2007-02-23 00:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBl.dll
+ 2006-11-30 12:50:00 71,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
+ 2006-11-30 12:50:00 99,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
+ 2006-11-30 12:50:00 132,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptl.dll
+ 2007-02-23 00:50:00 71,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
+ 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
+ 2006-11-30 12:50:00 11,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
+ 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4834_mcconsol.exe
+ 2007-02-23 00:50:00 194,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
+ 2007-02-23 00:50:00 24,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
+ 2007-02-23 00:50:00 144,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
+ 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
+ 2006-11-30 12:50:00 263,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
+ 2007-02-23 00:50:00 54,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
+ 2006-11-30 12:50:00 13,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
+ 2007-02-23 00:50:00 79,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
+ 2006-11-30 12:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
+ 2006-11-30 12:50:00 41,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
+ 2006-11-30 12:50:00 25,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
+ 2007-02-23 00:50:00 58,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
+ 2006-11-30 12:50:00 16,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
+ 2006-11-30 12:50:00 19,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
+ 2007-02-23 00:50:00 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
+ 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
+ 2006-11-30 12:50:00 34,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
+ 2006-11-30 12:50:00 83,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
+ 2006-11-30 12:50:00 64,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
+ 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
+ 2006-11-30 12:50:00 72,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
+ 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
+ 2006-11-30 12:50:00 34,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
+ 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
+ 2006-11-30 12:50:00 46,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
+ 2007-02-23 00:50:00 170,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
+ 2006-11-30 12:50:00 18,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
+ 2006-11-30 12:50:00 52,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
+ 2006-11-30 12:50:00 132,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
+ 2007-02-23 00:50:00 226,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
+ 2006-11-30 12:50:00 75,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
+ 2006-11-30 12:50:00 362,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCDaemon.exe
+ 2007-02-23 00:50:00 333,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
+ 2006-11-30 12:50:00 149,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCInstall.dll
+ 2007-02-23 00:50:00 464,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
+ 2007-02-23 00:50:00 35,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASl.dll
+ 2006-11-30 12:50:00 263,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
+ 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
+ 2006-11-30 12:50:00 67,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
+ 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
+ 2007-02-23 00:50:00 112,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
+ 2007-02-23 00:50:00 243,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodsl.dll
+ 2006-11-30 12:50:00 83,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
+ 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdl.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-10-16 20:50 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-08-30 18:22 136512]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 14:44:01
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-12 14:46:06
ComboFix-quarantined-files.txt 2008-05-12 18:45:56
ComboFix2.txt 2008-05-12 02:18:27
ComboFix3.txt 2008-05-09 20:19:18
ComboFix4.txt 2008-05-02 02:33:57
Pre-Run: 40,967,737,344 octets libres
Post-Run: 41,172,910,080 octets libres
223 --- E O F --- 2008-04-10 03:25:41
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Mon, May 12, 2008 - 19:38:31
--------------------------------------------------------
Info d'analyse
Fichiers scannés
49471
Infectés Fichiers
0
Virus Détectés
Aucun virus trouvé.
Ce sommaire du processus d'analyse sera utilisé par les laboratoires
Antivirus BitDefender pour créer des statistiques agréguées sur l'activité
des virus dans le monde.
ok
________
si tout c'est bien é désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :
https://www.informatruc.com
__________
encore des soucis??????????????????,
________
si tout c'est bien é désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :
https://www.informatruc.com
__________
encore des soucis??????????????????,
Jai fais comme vous mavez dit voila le rapport combofix et navilog
Merci
ComboFix 08-04-28.2 - Owner 2008-05-01 22:30:03.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\HbTools
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1056123.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1066483.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1067625.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1078147.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1383582.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1384364.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1386073.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1386148.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1387540.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1399883.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1401976.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1404579.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1689157.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2014541.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2078058.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\215270.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2464437.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2497529.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2532242.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\33526.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3423454.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3442551.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3739953.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3786291.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\461576.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\516440.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\60207.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\639567.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\652352.sdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\3407.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1369
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14640
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14643
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15040
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15162
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15171
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16087
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17189
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17502
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1810
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19814
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20392
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20816
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20935
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20970
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21215
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\249862
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25424
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26134
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28383
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2924
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29297
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30604
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32415
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33069
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33110
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33116
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33912
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34267
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36598
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37135
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39897
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39972
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42372
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44293
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4487
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44915
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45820
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45827
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45837
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\469814
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\50830
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51233
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53813
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53933
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54473
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5535
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\55865
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\575586
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57904
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57973
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\580754
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\580792
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59598
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\63264
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64434
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64451
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64646
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64678
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6635
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66855
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67567
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68148
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6873
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\696893
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705036
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705206
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705238
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70907
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\71084
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\71822
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\72912
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\73840
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7518
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7521
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\78796
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79257
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79805
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79977
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79989
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80026
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83139
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83706
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85535
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85547
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85831
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87439
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87499
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\896
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90009
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90283
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\91224
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\92573
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93899
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95645
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95704
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95825
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97741
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9875
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3407.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar--hotbar-.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar--hotbar-.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\ads.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\BtnTrans.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\BtnTrans1.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\business_promo.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\buttondir.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_1000.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_2000.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_3000.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_bar.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_logos.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_buttons_other.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\d_icons_weather.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\default.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\email-t1-bg.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\hotbar-.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\hotbar_promo.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\icons2.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\keywords.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\keywords1.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\layout.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\linkpathlegal.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\progress.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\s_icons_buttons.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\sales_buttons.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\samplegroups2.txt
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\samplegroups2.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\t2_bg.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\top7.xip
C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\\tsd_bg.xip
C:\Documents and Settings\Owner\Bureaublackbird.jpg
C:\Documents and Settings\Owner\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Owner\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Owner\Bureaufilemanagerclient.exe
C:\Documents and Settings\Owner\Bureaufkwp1.5.exe
C:\Documents and Settings\Owner\Bureaufkwp2.0.exe
C:\Documents and Settings\Owner\Bureaufwebd.exe
C:\Documents and Settings\Owner\BureauFWebdEditor.exe
C:\Documents and Settings\Owner\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Owner\Bureauvirii
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\rs.txt
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-30 14:13 . 2008-04-30 14:13 98,304 --a------ C:\WINDOWS\system32\mxqhwjqh.exe
2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
2008-04-28 18:58 . 2008-04-28 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:58 . 2008-04-28 19:57 <REP> d-------- C:\Documents and Settings\All s\Application Data\Spybot - Search & Destroy
2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\IM
2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All s\Application Data\IncrediMail
2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All s\Application Data\TEMP
2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-11 23:10 . 2008-04-11 23:28 3,876 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 23:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-11 23:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-11 23:09 . 2008-04-10 21:00 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-11 23:09 . 2008-04-11 22:13 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-11 23:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-11 23:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-11 23:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-11 07:34 . 2008-04-11 07:34 <REP> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-04-11 00:05 . 2008-04-11 00:05 <REP> d-------- C:\Documents and Settings\All s\Application Data\avgbgton
2008-04-11 00:05 . 2008-04-11 00:05 94,208 --a------ C:\WINDOWS\system32\wzclcxwt.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All s\Application Data\McAfee.com
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All s\Application Data\WinZip
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2765DD3A-7AB1-4813-9612-C14A5981728A}"= "C:\WINDOWS\vnbptxlf.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{2765dd3a-7ab1-4813-9612-c14a5981728a}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{77ECF945-2592-41EE-8DCB-ECAC3CB628FB}]
[HKEY_CLASSES_ROOT\vnbptxlf]
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"keffbwrq"="C:\WINDOWS\system32\wzclcxwt.exe" [2008-04-11 00:05 94208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"vqkkfryd"="C:\WINDOWS\system32\mxqhwjqh.exe" [2008-04-30 14:13 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2005-03-17 23:05 339968]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"cbMDNXwcgZ"= C:\Documents and Settings\All s\Application Data\avgbgton\ajmjwtgt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eed8fcc-5401-11dc-99ad-0013d30d7190}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:32:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 22:33:57
ComboFix-quarantined-files.txt 2008-05-02 02:33:37
Pre-Run: 40,613,122,048 octets libres
Post-Run: 40,987,852,800 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
541 --- E O F --- 2008-04-10 03:25:41
Search Navipromo version 3.5.5 commencé le 2008-05-01 à 22:44:27,87
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Owner"
Mise à jour le 29.04.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Owner\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Owner\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Owner\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Owner\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Owner\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 2008-05-01 à 22:47:34,81 ***