probleme pub
Forum Sécurité - Virus : probleme pub
Bonjour, je suis envahi de pub d'antivirus gendre des scannerdefender ou adwaremover2007 (plein d'autre) j'ai lu qu'il faillais poster son log fais avec hijackthis le voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:48, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\SMP\SmpSys.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O2 - BHO: SXG Advisor - {FDC5F6BF-F822-47EE-A03D-8158DF526AC9} - C:\WINDOWS\dmdqdrxnrp.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O21 - SSODL: admggxp - {83218316-6670-459C-8D32-9FCA7D299812} - C:\WINDOWS\admggxp.dll
O21 - SSODL: bdmnopx - {37275F07-2805-4663-B246-B9E9F641FC41} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 9817 bytes
merci de m'aider au plus vite
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
ok merci voila raport
ComboFix 08-02-19.2 - N@rUtO 2008-02-19 16:27:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.501 [GMT 1:00]
Endroit: C:\Documents and Settings\N@rUtO\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\msnimport.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
----- BITS: Possible sites infectés -----
hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.
2008-02-19 16:28 . 2008-02-19 16:28 <REP> d-------- C:\WINDOWS\LastGood
2008-02-18 16:59 . 2007-09-26 18:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-18 16:59 . 2008-02-18 16:59 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 18:55 . 2008-02-17 18:55 <REP> d-------- C:\Program Files\CCleaner
2008-02-15 20:26 . 2008-02-15 20:26 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-14 19:33 . 2008-02-14 19:45 <REP> d-------- C:\Program Files\Antipub
2008-02-13 20:42 . 2008-02-16 11:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 20:42 . 2008-02-15 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 20:29 . 2008-02-13 20:29 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 08:38 . 2008-02-13 08:38 <REP> d-------- C:\Program Files\Fichiers communs\Xuisoft
2008-02-13 08:35 . 2008-02-13 08:35 27,912 --a------ C:\DWNLOG.THN
2008-02-13 08:34 . 2008-02-13 08:34 245 --a------ C:\WINDOWS\GCSULT30.INI
2008-02-13 08:33 . 2008-02-13 08:33 <REP> d-------- C:\Program Files\Alchemy Mindworks
2008-02-13 08:33 . 1999-03-15 16:39 212,992 --a------ C:\WINDOWS\ALCHUNIN.EXE
2008-02-13 08:24 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
2008-02-13 08:24 . 2008-02-13 08:24 16 --a------ C:\WINDOWS\aninst00.whe
2008-02-13 08:22 . 2008-02-13 02:49 245,760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
2008-02-13 08:22 . 2008-02-13 02:49 221,184 --a------ C:\WINDOWS\admggxp.dll
2008-02-13 08:22 . 2008-02-13 02:49 81,920 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-13 07:46 . 2008-02-13 07:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 07:38 . 2008-02-13 07:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-12 23:16 . 2008-02-12 23:16 <REP> d-------- C:\Program Files\vmntoolbar
2008-02-12 23:16 . 2008-02-18 22:26 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\vmntoolbar
2008-02-12 23:15 . 2008-02-13 17:53 <REP> d-------- C:\Program Files\Visicom Media
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Vbox
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Noslip
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Ulead Systems
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\os357577.bin
2008-02-12 18:48 . 2008-02-12 18:48 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Samsung
2008-02-12 18:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-02-12 18:46 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-02-12 18:46 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-02-12 18:46 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-02-12 18:44 . 2008-02-12 18:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-12 18:44 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-12 18:43 . 2008-02-12 18:43 <REP> d-------- C:\Program Files\Samsung
2008-02-12 18:43 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-07 16:34 . 2008-02-07 16:34 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-06 15:05 . 2008-02-06 15:14 <REP> d-------- C:\Program Files\DMW Scanner 3
2008-02-03 13:04 . 2008-02-03 13:06 <REP> d-------- C:\Program Files\Paintball2
2008-02-02 11:09 . 2008-02-02 11:09 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\Program Files\TeamSpeak3
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-01-21 08:07 . 2008-01-21 08:07 <REP> d-------- C:\Program Files\Switch Off
2008-01-21 08:00 . 2008-01-21 08:00 <REP> d-------- C:\Documents and Settings\N@rUtO\WINDOWS
2008-01-21 08:00 . 1998-02-06 22:39 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-01-20 15:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-19 16:35 . 2008-01-25 19:18 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\DMCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 18:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\teamspeak2
2008-02-16 20:15 --------- d-----w C:\Program Files\Shareaza
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 20:24 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-13 06:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 21:44 --------- d-----w C:\Program Files\Ultime Pack Maps DMW
2008-02-12 20:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-12 19:47 --------- d-----w C:\Program Files\Ulead Systems
2008-02-10 09:34 --------- d-----w C:\Program Files\World of Warcraft
2008-02-03 16:17 --------- d-----w C:\Program Files\StuffPlug3
2008-02-03 09:51 --------- d-----w C:\Program Files\WoW2
2008-01-28 14:06 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\WinButler
2008-01-20 14:58 --------- d-----w C:\Program Files\Java
2008-01-19 14:36 --------- d-----w C:\Program Files\DivX
2008-01-17 16:44 --------- d-----w C:\Program Files\Counter-Strike Source
2008-01-16 16:47 --------- d-----w C:\Program Files\Activision
2008-01-14 07:16 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\ma-config.com
2008-01-13 11:38 --------- d-----w C:\Program Files\Warcraft III
2008-01-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-01-09 21:54 --------- d-----w C:\Program Files\ATI Technologies
2008-01-05 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-02 09:06 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-02 09:06 54,444 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-02 09:06 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-29 11:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-28 22:46 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\uTorrent
2007-12-27 22:53 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 11:32 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-12-26 20:47 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-26 01:49 --------- d-----w C:\Program Files\LucasArts
2007-12-25 19:56 --------- d-----w C:\Program Files\mohaa
2007-12-24 23:44 --------- d-----w C:\Program Files\Logitech
2007-12-24 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Printer Info Cache
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Image Zone Express
2007-12-21 14:13 22,328 ----a-w C:\Documents and Settings\N@rUtO\Application Data\PnkBstrK.sys
2007-12-21 12:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 17:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-19 17:19 --------- d--h--r C:\Documents and Settings\N@rUtO\Application Data\SecuROM
2007-12-19 13:19 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-12-19 13:19 --------- d-----w C:\Program Files\AVSMedia
2007-12-19 13:09 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\DeepBurner
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Sonic
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Leadertech
2007-12-19 11:55 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\vlc
2007-12-19 11:51 --------- d-----w C:\Program Files\VideoLAN
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.
------- Sigcheck -------
"C:\WINDOWS\explorer.exe"
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-10 13:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 15:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDC5F6BF-F822-47EE-A03D-8158DF526AC9}]
2008-02-13 02:49 245760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263}
{A057A204-BACC-4D26-8287-79A187E26987}
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 15:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 07:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 07:15 81920]
"EULA"="C:\APPS\PB_TB\EULALauncher.exe" [2006-09-29 13:14 18944]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Diamondback"="C:\Program Files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 14:07 147456]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 16126464 C:\WINDOWS\RTHDCPL.EXE]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin300.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2007-12-15 19:42:12 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"admggxp"= {83218316-6670-459C-8D32-9FCA7D299812} - C:\WINDOWS\admggxp.dll [2008-02-13 02:49 221184]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\WINDOWS\system32\Drivers\DB3G.sys [2005-04-24 22:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 17:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 16:31:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-19 16:32:08
ComboFix-quarantined-files.txt 2008-02-19 15:32:06
.
2008-02-13 19:29:38 --- E O F ---
Re,
Télécharge le fichier suivant :
http://dcangeldark.googlepages.com/KillD.zip
Dézippe le sur ton bureau. Lance Kill.cmd puis poste le rapport.
Répondre à Angeldark
voila
C:\WINDOWS\admggxp.dll - Erreur de Suppression !
----------
C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------
Tu peux relancer la suppression en sans échec ?
Répondre à Angeldark
non dsl je sais le faire mais ya t'il besoin de se logiciel ??
Tu lances Kill.cmd en sans échec 
Répondre à Angeldark
enfaite je redemarre mon pc en mode sans echec c'est sa ???
Oui.
Répondre à Angeldark
toujours la meme chose
ppression ![/b]
----------
C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------
J'ai changé le contenu du zip.
Retélécharge-le puis recommence.
http://dcangeldark.googlepages.com/KillD.zip
Répondre à Angeldark
meme chose C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------
Bizarre, refais un scan Combofix.
Répondre à Angeldark
voila
ComboFix 08-02-19.2 - N@rUtO 2008-02-19 19:02:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.549 [GMT 1:00]
Endroit: C:\Documents and Settings\N@rUtO\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible sites infectés -----
hxxp://softworldnetwork.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.
2008-02-19 18:36 . 2008-02-19 18:36 <REP> d-------- C:\WINDOWS\LastGood
2008-02-18 16:59 . 2008-02-18 16:59 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-18 16:58 . 2008-02-19 18:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-17 18:55 . 2008-02-17 18:55 <REP> d-------- C:\Program Files\CCleaner
2008-02-15 20:26 . 2008-02-15 20:26 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-14 19:33 . 2008-02-14 19:45 <REP> d-------- C:\Program Files\Antipub
2008-02-13 20:42 . 2008-02-16 11:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 20:42 . 2008-02-15 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 20:29 . 2008-02-13 20:29 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 08:38 . 2008-02-13 08:38 <REP> d-------- C:\Program Files\Fichiers communs\Xuisoft
2008-02-13 08:35 . 2008-02-13 08:35 27,912 --a------ C:\DWNLOG.THN
2008-02-13 08:34 . 2008-02-13 08:34 245 --a------ C:\WINDOWS\GCSULT30.INI
2008-02-13 08:33 . 2008-02-13 08:33 <REP> d-------- C:\Program Files\Alchemy Mindworks
2008-02-13 08:33 . 1999-03-15 16:39 212,992 --a------ C:\WINDOWS\ALCHUNIN.EXE
2008-02-13 08:24 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
2008-02-13 08:24 . 2008-02-13 08:24 16 --a------ C:\WINDOWS\aninst00.whe
2008-02-13 08:22 . 2008-02-13 02:49 245,760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
2008-02-13 07:46 . 2008-02-13 07:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 07:38 . 2008-02-13 07:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-12 23:16 . 2008-02-12 23:16 <REP> d-------- C:\Program Files\vmntoolbar
2008-02-12 23:16 . 2008-02-18 22:26 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\vmntoolbar
2008-02-12 23:15 . 2008-02-13 17:53 <REP> d-------- C:\Program Files\Visicom Media
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Vbox
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Noslip
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Ulead Systems
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\os357577.bin
2008-02-12 18:48 . 2008-02-12 18:48 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Samsung
2008-02-12 18:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-02-12 18:46 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-02-12 18:46 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-02-12 18:46 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-02-12 18:44 . 2008-02-12 18:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-12 18:44 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-12 18:43 . 2008-02-12 18:43 <REP> d-------- C:\Program Files\Samsung
2008-02-12 18:43 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-07 16:34 . 2008-02-07 16:34 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-06 15:05 . 2008-02-06 15:14 <REP> d-------- C:\Program Files\DMW Scanner 3
2008-02-03 13:04 . 2008-02-03 13:06 <REP> d-------- C:\Program Files\Paintball2
2008-02-02 11:09 . 2008-02-02 11:09 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\Program Files\TeamSpeak3
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-01-21 08:07 . 2008-01-21 08:07 <REP> d-------- C:\Program Files\Switch Off
2008-01-21 08:00 . 1998-02-06 22:39 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-01-20 15:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-19 16:35 . 2008-01-25 19:18 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\DMCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 16:00 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\teamspeak2
2008-02-16 20:15 --------- d-----w C:\Program Files\Shareaza
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 20:24 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-13 06:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 21:44 --------- d-----w C:\Program Files\Ultime Pack Maps DMW
2008-02-12 20:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-12 19:47 --------- d-----w C:\Program Files\Ulead Systems
2008-02-10 09:34 --------- d-----w C:\Program Files\World of Warcraft
2008-02-03 16:17 --------- d-----w C:\Program Files\StuffPlug3
2008-02-03 09:51 --------- d-----w C:\Program Files\WoW2
2008-01-28 14:06 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\WinButler
2008-01-20 14:58 --------- d-----w C:\Program Files\Java
2008-01-19 14:36 --------- d-----w C:\Program Files\DivX
2008-01-17 16:44 --------- d-----w C:\Program Files\Counter-Strike Source
2008-01-16 16:47 --------- d-----w C:\Program Files\Activision
2008-01-14 07:16 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\ma-config.com
2008-01-13 11:38 --------- d-----w C:\Program Files\Warcraft III
2008-01-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-01-09 21:54 --------- d-----w C:\Program Files\ATI Technologies
2008-01-05 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-02 09:06 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-02 09:06 54,444 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-02 09:06 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-29 11:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-28 22:46 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\uTorrent
2007-12-27 22:53 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 11:32 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-12-26 20:47 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-26 01:49 --------- d-----w C:\Program Files\LucasArts
2007-12-25 19:56 --------- d-----w C:\Program Files\mohaa
2007-12-24 23:44 --------- d-----w C:\Program Files\Logitech
2007-12-24 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Printer Info Cache
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Image Zone Express
2007-12-21 14:13 22,328 ----a-w C:\Documents and Settings\N@rUtO\Application Data\PnkBstrK.sys
2007-12-21 12:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 17:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-19 17:19 --------- d--h--r C:\Documents and Settings\N@rUtO\Application Data\SecuROM
2007-12-19 13:19 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-12-19 13:19 --------- d-----w C:\Program Files\AVSMedia
2007-12-19 13:09 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\DeepBurner
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Sonic
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Leadertech
2007-12-19 11:55 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\vlc
2007-12-19 11:51 --------- d-----w C:\Program Files\VideoLAN
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-06 23:40 369,152 ----a-w C:\WINDOWS\system32\SET2A.tmp
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.
------- Sigcheck -------
"C:\WINDOWS\explorer.exe"
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-10 13:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 15:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDC5F6BF-F822-47EE-A03D-8158DF526AC9}]
2008-02-13 02:49 245760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263}
{A057A204-BACC-4D26-8287-79A187E26987}
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 15:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin300.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2007-12-15 19:42:12 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\WINDOWS\system32\Drivers\DB3G.sys [2005-04-24 22:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 17:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 19:05:16
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\DMW Client 3\jpglib.dll
-> C:\Program Files\DMW Client 3\gamelauncher.dll
.
Temps d'accomplissement: 2008-02-19 19:05:42
ComboFix-quarantined-files.txt 2008-02-19 18:05:40
ComboFix2.txt 2008-02-19 15:32:09
.
2008-02-19 17:40:21 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File:: Folder:: Registry:: |
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Message édité par Angeldark le 20-02-2008 à 13:14:39
Répondre à Angeldark
voila le compte rendu combofix
ComboFix 08-02-19.2 - N@rUtO 2008-02-20 8:29:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.549 [GMT 1:00]
Endroit: C:\Documents and Settings\N@rUtO\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\N@rUtO\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\vmntoolbar
C:\Program Files\vmntoolbar\install.ico
C:\Program Files\vmntoolbar\tbuninstall.exe
C:\Program Files\vmntoolbar\toolbar.ini
C:\Program Files\vmntoolbar\uninstall.exe
C:\Program Files\vmntoolbar\vmntoolbar.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:59 . 2008-02-18 16:59 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-18 16:58 . 2008-02-19 18:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-17 18:55 . 2008-02-17 18:55 <REP> d-------- C:\Program Files\CCleaner
2008-02-15 20:26 . 2008-02-15 20:26 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-14 19:33 . 2008-02-14 19:45 <REP> d-------- C:\Program Files\Antipub
2008-02-13 20:42 . 2008-02-16 11:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 20:42 . 2008-02-15 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 20:29 . 2008-02-13 20:29 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 08:38 . 2008-02-13 08:38 <REP> d-------- C:\Program Files\Fichiers communs\Xuisoft
2008-02-13 08:35 . 2008-02-13 08:35 27,912 --a------ C:\DWNLOG.THN
2008-02-13 08:34 . 2008-02-13 08:34 245 --a------ C:\WINDOWS\GCSULT30.INI
2008-02-13 08:33 . 2008-02-13 08:33 <REP> d-------- C:\Program Files\Alchemy Mindworks
2008-02-13 08:33 . 1999-03-15 16:39 212,992 --a------ C:\WINDOWS\ALCHUNIN.EXE
2008-02-13 08:24 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
2008-02-13 08:24 . 2008-02-13 08:24 16 --a------ C:\WINDOWS\aninst00.whe
2008-02-13 08:22 . 2008-02-13 02:49 245,760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
2008-02-13 07:46 . 2008-02-13 07:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 07:38 . 2008-02-13 07:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-12 23:16 . 2008-02-18 22:26 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\vmntoolbar
2008-02-12 23:15 . 2008-02-13 17:53 <REP> d-------- C:\Program Files\Visicom Media
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Vbox
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Noslip
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Ulead Systems
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\os357577.bin
2008-02-12 18:48 . 2008-02-12 18:48 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Samsung
2008-02-12 18:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-02-12 18:46 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-02-12 18:46 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-02-12 18:46 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-02-12 18:44 . 2008-02-12 18:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-12 18:44 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-12 18:43 . 2008-02-12 18:43 <REP> d-------- C:\Program Files\Samsung
2008-02-12 18:43 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-07 16:34 . 2008-02-07 16:34 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-06 15:05 . 2008-02-06 15:14 <REP> d-------- C:\Program Files\DMW Scanner 3
2008-02-03 13:04 . 2008-02-03 13:06 <REP> d-------- C:\Program Files\Paintball2
2008-02-02 11:09 . 2008-02-02 11:09 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\Program Files\TeamSpeak3
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-01-21 08:07 . 2008-01-21 08:07 <REP> d-------- C:\Program Files\Switch Off
2008-01-21 08:00 . 1998-02-06 22:39 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-01-20 15:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 19:45 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\teamspeak2
2008-02-16 20:15 --------- d-----w C:\Program Files\Shareaza
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 20:24 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-13 06:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 21:44 --------- d-----w C:\Program Files\Ultime Pack Maps DMW
2008-02-12 20:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-12 19:47 --------- d-----w C:\Program Files\Ulead Systems
2008-02-10 09:34 --------- d-----w C:\Program Files\World of Warcraft
2008-02-03 16:17 --------- d-----w C:\Program Files\StuffPlug3
2008-02-03 09:51 --------- d-----w C:\Program Files\WoW2
2008-01-28 14:06 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\WinButler
2008-01-25 18:18 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\DMCache
2008-01-20 14:58 --------- d-----w C:\Program Files\Java
2008-01-19 14:36 --------- d-----w C:\Program Files\DivX
2008-01-17 16:44 --------- d-----w C:\Program Files\Counter-Strike Source
2008-01-16 16:47 --------- d-----w C:\Program Files\Activision
2008-01-14 07:16 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\ma-config.com
2008-01-13 11:38 --------- d-----w C:\Program Files\Warcraft III
2008-01-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-01-09 21:54 --------- d-----w C:\Program Files\ATI Technologies
2008-01-05 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-02 09:06 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-02 09:06 54,444 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-02 09:06 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-29 11:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-28 22:46 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\uTorrent
2007-12-27 22:53 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 11:32 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-12-26 20:47 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-26 01:49 --------- d-----w C:\Program Files\LucasArts
2007-12-25 19:56 --------- d-----w C:\Program Files\mohaa
2007-12-24 23:44 --------- d-----w C:\Program Files\Logitech
2007-12-24 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Printer Info Cache
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Image Zone Express
2007-12-21 14:13 22,328 ----a-w C:\Documents and Settings\N@rUtO\Application Data\PnkBstrK.sys
2007-12-21 12:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 17:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.
------- Sigcheck -------
"C:\WINDOWS\explorer.exe"
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-10 13:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin300.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2007-12-15 19:42:12 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\WINDOWS\system32\Drivers\DB3G.sys [2005-04-24 22:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 07:26:08 C:\WINDOWS\Tasks\avast! Antivirus.job"
- C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe
"2008-02-20 07:18:02 C:\WINDOWS\Tasks\Lancez G-series Keyboard Profiler.job"
- C:\PROGRA~1\Logitech\G-SERI~1\LGDCore.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 08:32:18
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-20 8:32:44
ComboFix-quarantined-files.txt 2008-02-20 07:32:42
ComboFix2.txt 2008-02-19 18:05:43
ComboFix3.txt 2008-02-19 15:32:09
.
2008-02-19 17:40:21 --- E O F ---
et voila celui de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:34:19, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 6516 bytes
J'ai fait une erreur de balise dans le message précédent.
Tu peux recommencer ?
Répondre à Angeldark
Il y a 531 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
