Bonjour. Problème fenêtres intempestives Antivirus type orange
Forum Sécurité - Virus : Bonjour. Problème fenêtres intempestives Antivirus type orange
Bonjour.
Je suis désemparé :
Depuis trois jours, et après plusieurs passage de spybot, avast... j'ai toujours un gros ralentissement ordi et internet avec pleins de fenetres intempestives me précisant que mon système est en danger (ces fenetres s'ouvrent de type Orange)
Config :
Xp familiale
Live box orange
voici le rapport hijackthis ( systématiquement demandé donc déja fait !!!lol)
merci de m'aider par avance.
Alexbobol
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:31, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [68963a3b] rundll32.exe "C:\WINDOWS\system32\xngugukc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmdnbdn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9342 bytes
Salut,
Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Répondre à XmichouX
Re et merci encore de me donner un coup de main.
Voici le résultat : de combofix
ComboFix 08-02-17.2 - nad et alex 2008-02-17 19:35:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Local Settings\Temporary Internet Files\Content.IE5\33ZEBZEJ\ComboFix[1].exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckugugnx.ini
C:\WINDOWS\system32\drivers\PMH36.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\gndndqnw.dll
C:\WINDOWS\system32\koleplml.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njoahang.dllbox
C:\WINDOWS\system32\nmxwvwdz.dllbox
C:\WINDOWS\system32\nrynpats.ini
C:\WINDOWS\system32\rqrstts.dll
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\xngugukc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_PMH36
-------\LEGACY_RUNTIME
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-17 20:21 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 15:20 . 2008-02-17 15:20 29 --a------ C:\WINDOWS\system32\wgygstht.tmp
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 17:27 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 17:40 . 2008-02-16 17:40 6,656 --a------ C:\WINDOWS\system32\create.exe
2008-02-16 17:39 . 2008-02-16 17:39 16,384 --a------ C:\WINDOWS\system32\mmmdnbdn.dll
2008-02-16 17:30 . 2008-02-16 17:30 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-02-16 17:30 . 2008-02-17 20:19 21,120 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
2008-02-16 17:30 . 2008-02-16 17:30 16,384 --a------ C:\WINDOWS\system32\mmmctrct.dll
2008-02-16 17:30 . 2008-02-17 19:41 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 14:30 . 2008-02-16 17:30 3,584 --a------ C:\qrwkjyd.exe
2008-02-16 14:28 . 2008-02-16 17:30 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
2008-02-16 14:26 . 2008-02-16 14:27 151,552 --a------ C:\wpohl.exe~
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 14:30 . 2008-02-17 10:50 <REP> d-------- C:\Program Files\MultiMedia France Toolbar
2008-02-02 14:30 . 2008-02-02 14:30 <REP> d-------- C:\Program Files\Multi_Media_France
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 17:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-17 20:21 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
njoahang.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
nmxwvwdz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 19:41 6656 C:\WINDOWS\system32\WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmdnbdn.dll
R0 Hhw41;Hhw41;C:\WINDOWS\system32\Drivers\Hhw41.sys [2008-02-17 20:19]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
en vous remerciant
alexbobol
Re,
Copie le texte se situant dans le cadre ci-dessous :
File:: Folder:: Registry:: |
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
************
Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
dir C:\1754675860 |
Copie/colle moi ce qui apparaît.
*********
Fais analyser ces fichier sur ce site >> Virustotal <<
Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\GetServer.ini
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu%u2019à SHA1 : ***)
Fais la même chose avec ces fichiers : C:\WINDOWS\system32\drivers\Hhw41.sys
Message édité par XmichouX le 17-02-2008 à 21:12:26
Répondre à XmichouX
voila le rapport combofix :
ComboFix 08-02-17.2 - nad et alex 2008-02-17 21:25:44.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.801 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\qrwkjyd.exe
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\wpohl.exe~
.
et le HIjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - Winlogon Notify: njoahang - C:\WINDOWS\
O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9977 bytes
je continue la manip...
Rapport COmbofix incomplet !
Refais le script combofix, car apparemment rien n'a été fait (visible dans Hijackthis)
Répondre à XmichouX
refait a l'instant ::
ComboFix 08-02-17.2 - nad et alex 2008-02-17 21:54:58.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.808 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\qrwkjyd.exe
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\wpohl.exe~
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\WLCtrl32.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\tbMul1.dll
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
C:\qrwkjyd.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckugugnx.ini
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\PMH36.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\gndndqnw.dll
C:\WINDOWS\system32\koleplml.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dllbox
C:\WINDOWS\system32\nmxwvwdz.dllbox
C:\WINDOWS\system32\nrynpats.ini
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\rqrstts.dll
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\xngugukc.dll
C:\wpohl.exe~
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_PMH36
-------\LEGACY_RUNTIME
-------\LEGACY_LANMANDRV
-------\lanmandrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:33 . 2008-02-17 21:33 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-17 21:30 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 17:30 . 2008-02-17 21:28 21,120 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-17 21:31 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
et pour la commande cmd :
C:\Documents and Settings\nad et alex>dir C:\1754675860
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6896-3A94
Répertoire de C:\
2008-02-16 17:30 2 1754675860
1 fichier(s) 2 octets
0 Rép(s) 19,343,069,184 octets libres
C:\Documents and Settings\nad et alex>
et voila les resultats pour analyse virus total :
pour Getserver.ini :
Fichier GetServer.ini reçu le 2008.02.17 22:13:15 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 54 et 77 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.17 -
Avast 4.7.1098.0 2008.02.17 -
AVG 7.5.0.516 2008.02.17 -
BitDefender 7.2 2008.02.17 -
CAT-QuickHeal None 2008.02.16 -
ClamAV 0.92.1 2008.02.17 -
DrWeb 4.44.0.09170 2008.02.17 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5541 2008.02.15 -
Ewido 4.0 2008.02.17 -
FileAdvisor 1 2008.02.17 -
Fortinet 3.14.0.0 2008.02.17 -
F-Prot 4.4.2.54 2008.02.17 -
F-Secure 6.70.13260.0 2008.02.17 -
Ikarus T3.1.1.20 2008.02.17 -
Kaspersky 7.0.0.125 2008.02.17 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.17 -
NOD32v2 2881 2008.02.17 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.17 -
Prevx1 V2 2008.02.17 -
Rising 20.31.50.00 2008.02.16 -
Sophos 4.26.0 2008.02.17 -
Sunbelt 2.2.907.0 2008.02.16 -
Symantec 10 2008.02.17 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.17 -
Webwasher-Gateway 6.6.2 2008.02.15 -
Information additionnelle
File size: 170 bytes
MD5: 49b8f0c82aeb8140e53f2caf11816284
SHA1: e198ebe73b6caa82bc525169b1bb4893b30fdd9e
PEiD: -
Re,
Fais la suite, puis essaie de supprimer manuellement ce fichier en mode sans échec :
- C:\WINDOWS\system32\drivers\symavc32.sys
Répondre à XmichouX
et pour le deuxieme il me dit ça :
0 bytes size received / Se ha recibido un archivo vacio
voila. merci d'avance.
alexbobol
le fichier dans le driver du system32 n'existe pas. pas trouvé !!??
alexbobol
par contre plus de fenetres intempestives , et net augmentation vitesse pc !!!!
Re,
Et après avoir fait ça tu vois le fichier ?
Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK
Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK
(Tu recoches après)
Répondre à XmichouX
non toujours pas ...........
Repasse COmbofix sans script, poste le rapport .
Répondre à XmichouX
bonjour
Désolé pour hier soir, mais cette fois ci c'est le bonhomme qui a buggé.....
donc voici le combofix :sans script :
ComboFix 08-02-17.2 - nad et alex 2008-02-18 13:11:32.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.624 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 13:11 . 2008-02-18 13:11 <REP> d-------- C:\WINDOWS\LastGood
2008-02-17 22:02 . 2008-02-18 13:08 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 21:33 . 2008-02-17 23:10 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-18 13:09 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 17:30 . 2008-02-18 13:09 21,632 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-18 13:10 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-18 13:08 6656 C:\WINDOWS\system32\WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]
R0 Hhw41;Hhw41;C:\WINDOWS\system32\Drivers\Hhw41.sys [2008-02-18 13:09]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-17 23:10]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:14:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Temps d'accomplissement: 2008-02-18 13:14:29
ComboFix-quarantined-files.txt 2008-02-18 12:14:27
ComboFix2.txt 2008-02-17 22:02:49
.
2008-02-13 19:13:15 --- E O F ---
merci d'avance
alexbobol
Re,
Fais analyser ces fichier sur ce site >> Virustotal <<
Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\drivers\nkv2.sys
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Reposte un Hijackthis
Répondre à XmichouX
re, voici le rapport :
Fichier nkv2.sys reçu le 2008.02.18 13:54:04 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.18.0 2008.02.18 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.17 -
Avast 4.7.1098.0 2008.02.18 Win32:Agent-QOV
AVG 7.5.0.516 2008.02.18 Generic9.BBIQ
BitDefender 7.2 2008.02.18 -
CAT-QuickHeal 9.50 2008.02.16 -
ClamAV None 2008.02.18 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.18 -
Fortinet 3.14.0.0 2008.02.18 -
F-Prot 4.4.2.54 2008.02.17 -
F-Secure 6.70.13260.0 2008.02.18 -
Ikarus T3.1.1.20 2008.02.18 Virus.Win32.Agent.QOV
Kaspersky 7.0.0.125 2008.02.18 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.18 -
NOD32v2 2882 2008.02.18 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.17 Trj/Spammer.ADX
Prevx1 V2 2008.02.18 -
Rising 20.32.02.00 2008.02.18 -
Sophos 4.26.0 2008.02.18 -
Sunbelt 3.0.884.0 2008.02.18 -
Symantec 10 2008.02.18 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.17 -
Webwasher-Gateway 6.6.2 2008.02.18 -
Information additionnelle
File size: 51968 bytes
MD5: a4bd49332caa193fd07c5c1bfc4dc530
SHA1: 197b3b88822b91d6fd802da016e29fc3adef3f4f
PEiD: -
et le hijackthis qui va avec :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:55, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - Winlogon Notify: njoahang - C:\WINDOWS\
O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9789 bytes
alexbobol
Re,
Télécharge SDFix (d’Andy Manchesta)
Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
Répondre à XmichouX
re,
et voila le rapport :
SDFix: Version 1.143
Run by nad et alex on 18/02/2008 at 14:34
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services:
Name:
USB2_04
HHW41
Path:
\??\C:\WINDOWS\system32\drivers\nkv2.sys
System32\Drivers\Hhw41.sys
USB2_04 - Deleted
HHW41 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service HHW41 - Deleted after Reboot
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\drivers\HHW41.sys - Deleted
C:\175467~1 - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\System32\drivers\nkv2.sys - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 14:47:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:8de21d72
"s1"=dword:18317f75
"s2"=dword:0dbd311a
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex
7,ba,09,1c,58,14,89,91,65,4f,5c,f6,b3,aa,c6,bb,13,d4,15,2c,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,c5,52,4b,9c,53,1b,d1,70,be,5e,aa,73,ed,18,ab,47,0a,22,24,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,d3,a2,51,bf,cd,0c,36,42,c6,c3,45,76,c9,16,79,88,..
"khjeh"=hex:ff,3b,1d,c9,7a,53,50,54,df,75,9c,43,44,dd,56,54,46,21,16,25,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,e0,9d,49,9a,97,74,e4,be,97,52,bb,0d,ba,ce,a5,20,12,67,06,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fa,2c,93,0f,66,f9,7c,07,6c,87,d4,aa,69,0d,f0,e0,16,7f,d9,80,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex7,ba,09,1c,58,14,89,91,65,4f,5c,f6,b3,aa,c6,bb,13,d4,15,2c,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,c5,52,4b,9c,53,1b,d1,70,be,5e,aa,73,ed,18,ab,47,0a,22,24,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,d3,a2,51,bf,cd,0c,36,42,c6,c3,45,76,c9,16,79,88,..
"khjeh"=hex:ff,3b,1d,c9,7a,53,50,54,df,75,9c,43,44,dd,56,54,46,21,16,25,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,e0,9d,49,9a,97,74,e4,be,97,52,bb,0d,ba,ce,a5,20,12,67,06,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fa,2c,93,0f,66,f9,7c,07,6c,87,d4,aa,69,0d,f0,e0,16,7f,d9,80,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 6 Mar 2006 56 A.SHR --- "C:\i386\110F656167.sys"
Mon 6 Mar 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 16 Feb 2008 104 ..SHR --- "C:\WINDOWS\system32\110F656167.sys"
Thu 5 Aug 2004 65,024 A.SH. --- "C:\WINDOWS\system32\asycfilt.dll"
Fri 25 Aug 2006 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll"
Sat 16 Feb 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 5 Aug 2004 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll"
Thu 5 Aug 2004 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll"
Thu 5 Aug 2004 413,696 A.SH. --- "C:\WINDOWS\system32\MSVCP60.dll"
Thu 5 Aug 2004 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 5 Aug 2004 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll"
Tue 4 Dec 2007 550,912 A.SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Thu 5 Aug 2004 83,456 A.SH. --- "C:\WINDOWS\system32\olepro32.dll"
Thu 5 Aug 2004 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll"
Fri 11 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Finished!
alexbobol
Bien,
Reposte un Hijackthis maintenant.
Répondre à XmichouX
hop la
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:37, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - Winlogon Notify: njoahang - C:\WINDOWS\
O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 10112 bytes
;-)
Bizarre ...
Refais un rapport Combofix.
Répondre à XmichouX
et voila :
ComboFix 08-02-17.2 - nad et alex 2008-02-18 15:27:26.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.624 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:24 . 2008-02-18 14:24 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-18 14:21 . 2008-02-18 14:49 <REP> d-------- C:\SDFix
2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-18 13:38 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-18 15:27 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 15:28:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-18 15:29:26
ComboFix-quarantined-files.txt 2008-02-18 14:29:17
ComboFix2.txt 2008-02-18 12:14:30
ComboFix3.txt 2008-02-17 22:02:49
.
2008-02-13 19:13:15 --- E O F ---
Refais ce script là stp :
File::
|
Répondre à XmichouX
hop hop hop
ComboFix 08-02-17.2 - nad et alex 2008-02-18 16:50:46.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.636 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\qrwkjyd.exe
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\wpohl.exe~
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:24 . 2008-02-18 14:24 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-18 14:21 . 2008-02-18 14:49 <REP> d-------- C:\SDFix
2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-18 15:36 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-18 15:49 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-18 15:49 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-18 16:48 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
*Newly Created Service* - PNKBSTRK
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 16:53:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-18 16:54:25
ComboFix-quarantined-files.txt 2008-02-18 15:54:17
ComboFix2.txt 2008-02-18 14:29:26
ComboFix3.txt 2008-02-18 12:14:30
ComboFix4.txt 2008-02-17 22:02:49
.
2008-02-13 19:13:15 --- E O F ---
encore merci alexbobol
Cette fois, c'est bon.
reposte un Hijackthis.
Répondre à XmichouX
hop hop hop
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:28, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - Winlogon Notify: njoahang - C:\WINDOWS\
O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 10145 bytes
docteur, le verdict ????
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
|
Puis Fix Checked !
********
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
********
Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
Répondre à XmichouX
Il y a 307 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
