[Virus]Problème Win32
à tous,
Voilà, j'ai un prob' de virus qui empêche l'installation de logiciel.... L'annulation se caractérise par un rapport d'erreur Windows qui indique que le prog' a cessé de fonctionner...
Voilà le rapport d'erreur de comboFix :
ComboFix 08-03-06.4 - Propriétaire 2008-03-15 15:39:18.6 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
.
2008-03-15 14:36 . 2008-03-15
14:36 9,916,387 --a------ C:\upload_moi_SN51350659
0239.tar.gz
2008-03-15 13:58 . 2008-03-15
13:58 307,968 --a------ C:\WINDOWS\system32\TuneUp
DefragService.exe
2008-03-15 13:58 . 2008-02-27
13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneu
p.dll
2008-03-15 13:55 . 2008-03-15 13:55 <REP> d-------- C:\Program Files\Fraps
2008-03-09 14:14 . 2008-03-09 14:44 50 --a------ C:\plug_in.ini
2008-03-08 11:05 . 2008-03-08 11:05 <REP> d-------- C:\Program Files\macourteau
2008-03-08 10:59 . 2008-03-08 11:04 <REP> d-------- C:\Program Files\VirtualDJ
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Downloads
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2008-03-06 17:20 . 2008-03-06 17:20 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 17:15 . 2008-03-06 17:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab
2008-03-06 10:33 . 2008-03-06 10:34 <REP> d-------- C:\WINDOWS\Packs
2008-03-06 09:40 . 2008-03-06
09:44 2,757 --a------ C:\WINDOWS\BricoPackFoldersD
elete.cmd
2008-03-05 22:35 . 2005-11-01
10:35 28,672 -ra------ C:\WINDOWS\system32\VModes.
exe
2008-03-05 22:34 . 2008-03-05 22:35 <REP> d-------- C:\Program Files\S3
2008-03-05 22:32 . 2005-05-10
19:49 221,184 --a------ C:\WINDOWS\system32\slmdms
p.dll
2008-03-05 22:32 . 2005-05-10
19:50 192,512 --a------ C:\WINDOWS\system32\slmdmg
x.dll
2008-03-05 22:32 . 2005-05-10
19:54 77,824 --a------ C:\WINDOWS\system32\slmdmco
.dll
2008-03-05 22:32 . 2005-05-10
19:53 61,440 --a------ C:\WINDOWS\system32\slmdmsr
.exe
2008-03-05 21:40 . 2008-03-05 21:40 <REP> d-------- C:\Program Files\ma-config.com
2008-03-05 21:40 . 2008-03-15 13:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
2008-03-05 17:18 . 2008-03-06 14:06 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sierra
2008-03-05 17:17 . 2008-03-05
17:17 98,304 --a------ C:\WINDOWS\system32\CmdLine
Ext.dll
2008-03-05 14:38 . 2008-03-05 14:39 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-03-05 14:25 . 2008-03-05 14:25 <REP> d-------- C:\Program Files\Sierra
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Program Files\VirginMega
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-04 14:41 . 2008-03-04 14:41 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-04 14:38 . 2008-03-04
14:39 <REP> d-------- C:\WINDOWS\system32\drivers\
UMDF
2008-03-04 13:46 . 2008-03-04 13:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-03-04 13:45 . 2008-03-04 13:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-03-04 13:36 . 2008-03-04 18:04 <REP> d-------- C:\Program Files\Free Easy Burner
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\WINDOWS\system\iosubsys
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\Program Files\Winamp
2008-03-04 11:58 . 2008-03-04 12:01 <REP> d-------- C:\Program Files\eMule
2008-03-04 09:37 . 2008-03-06 10:36 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-04 09:37 . 2008-03-06
09:44 39,538 --a------ C:\WINDOWS\BricoPackUninst.
cmd
2008-03-04 09:33 . 2008-03-06 09:54 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-03 21:39 . 2008-03-03 21:40 <REP> d-------- C:\Program Files\LimeWire
2008-03-03 15:33 . 2008-03-03 21:59 <REP> d-------- C:\Program Files\LucasArts
2008-03-02 20:12 . 2008-03-02 20:12 <REP> d-------- C:\Program Files\uTorrent
2008-03-02 20:12 . 2008-03-15 14:27 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-02-29 21:14 . 2008-02-29 21:14 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 21:11 . 2008-02-29 21:11 <REP> d-------- C:\Deckard
2008-02-29 21:07 . 2008-02-29 21:07 250 --a------ C:\WINDOWS\gmer.ini
2008-02-29 20:50 . 2008-02-29 21:03 <REP> d-------- C:\Combo-Fix
2008-02-28 22:17 . 2005-08-27
02:38 1,435,272 --a------ C:\WINDOWS\system32\Flas
h.ocx
2008-02-28 22:17 . 2004-03-08
23:00 131,856 --a------ C:\WINDOWS\system32\MSADOD
C.ocx
2008-02-28 22:17 . 2000-12-05
23:00 109,248 --a------ C:\WINDOWS\system32\MSWINS
CK.OCX
2008-02-26 14:35 . 2008-03-03 10:44 <REP> d-------- C:\Program Files\TubeMaster
2008-02-25 00:03 . 2008-02-25 00:03 <REP> d-------- C:\Program Files\Realtek AC97
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Program Files\AMD
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-02-22 21:39 . 2008-03-07 16:56 <REP> d-------- C:\Program Files\Ro-Spirit client V2.5
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Program Files\Download Express
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MetaProducts
2008-02-22 20:30 . 2008-03-15 14:12 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 20:01 . 2006-06-20
10:56 225,280 --a------ C:\WINDOWS\system32\rewire
.dll
2008-02-22 20:00 . 2002-07-08
00:14 1,294,336 --a------ C:\WINDOWS\system32\vorb
is.acm
2008-02-22 19:56 . 2008-02-22 19:56 <REP> d-------- C:\Program Files\Steinberg
2008-02-22 19:56 . 2008-02-22 20:00 <REP> d-------- C:\Program Files\Image-Line
2008-02-21 18:52 . 2008-02-21 19:38 <REP> d-------- C:\Program Files\Notepad ++
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Program Files\Avira
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-20 20:13 . 2008-02-20 20:14 <REP> d-------- C:\WINDOWS\vf_hip
2008-02-20 20:13 . 2008-02-20 20:13 <REP> d-------- C:\Program Files\Hide IP Platinum
2008-02-20 14:21 . 2008-02-20 14:25 50,691,432 --a------ C:\CAPTURE.AVI
2008-02-20 14:20 . 2008-02-20 14:24 <REP> d-------- C:\Program Files\VideoCap
2008-02-20 13:57 . 2008-02-20 13:57 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\River Past G5
2008-02-20 13:57 . 2008-02-20 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-02-19 20:32 . 2008-02-19 20:32 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software
2008-02-19 20:31 . 2008-03-15 13:58 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-19 20:31 . 2008-02-19 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-19 20:30 . 2008-02-19 20:30 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-18 20:44 . 2000-05-22
16:58 608,448 --a------ C:\WINDOWS\system32\comctl
32.ocx
2008-02-18 20:44 . 2004-02-05
21:53 389,120 --a------ C:\WINDOWS\system32\actskn
43.ocx
2008-02-18 20:44 . 2004-01-08
02:43 253,952 --a------ C:\WINDOWS\system32\histog
ram.ocx
2008-02-18 20:44 . 2004-01-09
11:54 188,416 --a------ C:\WINDOWS\system32\actspl
ash.ocx
2008-02-18 18:35 . 2008-02-20 20:13 32 --a------ C:\WINDOWS\go
2008-02-17 20:30 . 2008-02-17 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\a32w
2008-02-17 20:25 . 2008-02-17 20:25 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-17 20:06 . 2008-02-17 20:06 <REP> d-------- C:\Program Files\WinPcap
2008-02-17 15:17 . 2008-02-17 15:17 <REP> d-------- C:\WINDOWS\Sun
2008-02-17 11:23 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239\Voisinage réseau
2008-02-17 11:23 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239\Voisinage d'impression
2008-02-17 11:23 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239\Modèles
2008-02-17 11:23 . 2004-08-16 18:19 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239\Mes documents
2008-02-17 11:23 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239\Menu Démarrer
2008-02-17 11:23 . 2008-01-29 09:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239\Favoris
2008-02-17 11:23 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239\Bureau
2008-02-17 11:23 . 2008-01-29 09:55 <REP> d-------- C:\Documents and
Settings\Administrateur.SN513506590239\Application
Data\You've Got Pictures Screensaver
2008-02-17 11:17 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-17 11:17 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-17 11:17 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-17 11:17 . 2004-08-16 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-17 11:17 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-17 11:17 . 2008-01-29 09:55 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-02-17 11:17 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-02-17 11:17 . 2008-01-29 09:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-02-16 21:40 . 2008-02-16 21:40 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 20:07 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-03-05 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04
08:37 219,648 ----a-w C:\WINDOWS\system32\uxtheme.
dll
2008-03-02 16:03 --------- d-----w C:\Program Files\Alice
2008-02-03 15:06 --------- d-----w C:\Program Files\Wirelwss LAN Utility
2008-02-03 13:50 --------- d-----w C:\Program Files\My Drivers
2008-02-03 12:44 --------- d-----w C:\Program Files\Java
2008-02-03 12:18 --------- d-----w C:\Program Files\Realtek
2008-02-03 12:18 --------- d-----w C:\Program Files\DIFX
2008-02-03 09:37 --------- d-----w C:\Program Files\Aruba Networks
2008-02-02 17:03 --------- d-----w C:\Program Files\7-Zip
2008-02-02 15:51 --------- d-----w C:\Program Files\Lavalys
2008-02-02 15:31 --------- d-----w C:\Program Files\VIAudioi
2008-02-02 14:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-02 13:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-02 13:19 --------- d-----w C:\Program Files\Windows Live
2008-02-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 13:04 --------- d-----w C:\Program Files\VIA
2008-02-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-02 12:58 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-02-02 12:57 --------- d-----w C:\Program Files\iTunes
2008-02-02 12:57 --------- d-----w C:\Program Files\iPod
2008-02-02 12:56 --------- d-----w C:\Program Files\Bonjour
2008-02-02 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-02 12:55 --------- d-----w C:\Program Files\QuickTime
2008-02-02 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-02-02 12:52 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-02-02 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-02 12:45 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-29 09:03 --------- d-----w C:\Program Files\Sonic
2008-01-29 09:03 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 08:57 --------- d-----w C:\Program Files\CyberLink
2008-01-29
08:55 8,552 ----a-w C:\WINDOWS\system32\drivers\as
ctrm.sys
2008-01-29 08:55 --------- d-----w C:\Program Files\Real
2008-01-29 08:55 --------- d-----w C:\Program Files\Learn2.com
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-01-29 08:55 --------- d-----w C:\Program Files\AOL 9.0
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-29 08:48 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-29 08:40 --------- d-----w C:\Program Files\Synaptics
2008-01-24
15:36 4,127,488 ----a-r C:\WINDOWS\system32\driver
s\alcxwdm.sys
2008-01-14
12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.
dll
2008-01-11
05:36 44,544 ------w C:\WINDOWS\system32\dllcache\
pngfilt.dll
2007-12-19
22:53 347,136 ------w C:\WINDOWS\system32\dllcache
\dxtmsft.dll
2007-12-18
09:51 179,584 ------w C:\WINDOWS\system32\dllcache
\mrxdav.sys
.
[code]<pre>
----a-w 291,928 2007-01-07 06:14:24 C:\Documents and Settings\Propriétaire\Mes
documents\Downloads\VirtualDJ\Plugins\VideoEffect\
PictureRotation v1.1 .exe
----a-w 291,928 2007-01-07 07:14:24 C:\Documents and Settings\Propriétaire\Mes
documents\Downloads\VirtualDJ\Plugins\VideoEffect\
PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w 291,928 2007-01-07 06:14:24 C:\Documents and Settings\Propriétaire\Mes
documents\VirtualDJ\Plugins\VideoEffect\PictureRot
ation v1.1 .exe
----a-w 291,928 2007-01-07 07:14:24 C:\Documents and Settings\Propriétaire\Mes
documents\VirtualDJ\Plugins\VideoEffect\PictureRot
ation v1.1\PictureRotation v1.1 .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-03-07_15.46.59.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-16
14:42:18 34,304 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-03-11
20:34:24 34,304 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-16
14:42:18 8,192 ----a-r C:\WINDOWS\Installer\{911B0
40C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-03-11
20:34:25 8,192 ----a-r C:\WINDOWS\Installer\{911B0
40C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-16
14:42:18 3,584 ----a-r C:\WINDOWS\Installer\{911B0
40C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-03-11
20:34:25 3,584 ----a-r C:\WINDOWS\Installer\{911B0
40C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-16
14:42:18 16,384 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-03-11
20:34:24 16,384 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-02-16
14:42:18 22,528 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-03-11
20:34:25 22,528 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-02-16
14:42:18 45,056 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-03-11
20:34:24 45,056 ----a-r C:\WINDOWS\Installer\{911B
040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-18
06:00:48 194,568 ----a-w C:\WINDOWS\system32\FNTCA
CHE.DAT
+ 2008-03-09
09:33:31 194,568 ----a-w C:\WINDOWS\system32\FNTCA
CHE.DAT
- 2008-02-04
23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MR
T.exe
+ 2008-03-05
16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MR
T.exe
+ 2001-08-23
15:58:06 36,224 ----a-w C:\WINDOWS\system32\Reinst
allBackups\[u]0[/u]009\DriverFiles\i386\isapnp.sys
+ 2007-09-21
16:49:10 9,216 ----a-w C:\WINDOWS\system32\Reinsta
llBackups\[u]0[/u]012\DriverFiles\videX32.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
- Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\curr
entversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2006-03-20 16:26 516096 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-02-21 07:42 249896 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
--a------ 2007-11-03 20:34 1548288 C:\Program Files\Hide IP Platinum\hideippla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a------ 2003-09-04 03:39 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a------ 2003-06-13 15:58 282624 C:\PROGRA~1\Lexmark 3100 Series\LXBRKsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 03:14 81920 c:\Apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBoosterPro]
C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-16 21:19 1266936 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-14 18:54 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2007-04-25 15:41 176128 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallp
olicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program
Files\\Steam\\SteamApps\\tribalman78\\counter-stri
ke\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
R0
videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3
2.sys [2007-09-21 17:49]
R2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
R2
PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.s
ys [2007-07-15 03:37]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
R3 XG350XP;NB 802.11g XG350 Driver;C:\WINDOWS\system32\DRIVERS\WlanCTG.sys [2004-12-10 11:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag
Service;C:\WINDOWS\System32\TuneUpDefragService.ex
e [2008-03-15 13:58]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curr
entversion\explorer\mountpoints2\{0c06e252-dcaf-11
dc-9504-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:10:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 14:00:36 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
- ***********************************************
- *********************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 15:43:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
- ***********************************************
- *********************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\
MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\
PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsS
dk.drv"
.
Temps d'accomplissement: 2008-03-15 15:44:10
ComboFix-quarantined-files.txt 2008-03-15 14:43:57
ComboFix2.txt 2008-03-15 13:35:27
ComboFix3.txt 2008-03-10 17:14:23
ComboFix4.txt 2008-03-07 14:47:30
.
2008-03-11 20:36:00 --- E O F ---
Peux tu coller un rapport avec hijackthis ?
Je suis LoS ^^
Aucun *.exe à partir du bureau ne se lancent 
Euh, je ne suis pas sur mais ...
En mode sans échec, tu peux installer hijackthis et lancer un scan.
J'y avais pas pensé, mais là je fais un scan AVG 
je le fais après 
Salut,
C'est Bagle à mon avis.
Si tu peux formater, fais-le.
Cheval à trois 
Formater à cause de bagle (ou beagle). (ce qui reste à vérifier)
Alors qu'il existe des outils de désinfection ciblés:
http://www.commentcamarche.net/faq/sujet-2731-virus-kit-de-desinfection-pour-eradiquer-w32-beagle-mm-bagle
et une restauration systeme ou tout simplement la reinstallation de win32
- Aide à l'achat Mac
- Création de Jeux
- Linux
- Création de sites web
- Programmation
- Internet
- Steam Deck
- Macintosh
- Hardware