probleme pub - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : probleme pub
 
Balkan
Profil : IDNaute
Plus d'informations
n°282554
18-02-2008 à 18:57:21

Bonjour, je suis envahi de pub d'antivirus gendre des scannerdefender ou adwaremover2007 (plein d'autre) j'ai lu qu'il faillais poster son log fais avec hijackthis le voila






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:48, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\SMP\SmpSys.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi- [...] ey=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O2 - BHO: SXG Advisor - {FDC5F6BF-F822-47EE-A03D-8158DF526AC9} - C:\WINDOWS\dmdqdrxnrp.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O21 - SSODL: admggxp - {83218316-6670-459C-8D32-9FCA7D299812} - C:\WINDOWS\admggxp.dll
O21 - SSODL: bdmnopx - {37275F07-2805-4663-B246-B9E9F641FC41} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9817 bytes



merci de m'aider au plus vite

Liens spon sorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark
Profil : Helper
Plus d'informations
n°282574
18-02-2008 à 19:35:31

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Balkan
Profil : IDNaute
Plus d'informations
n°282771
19-02-2008 à 16:33:02

ok merci voila raport





ComboFix 08-02-19.2 - N@rUtO 2008-02-19 16:27:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.501 [GMT 1:00]
Endroit: C:\Documents and Settings\N@rUtO\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\msnimport.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

----- BITS: Possible sites infectés -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 16:28 . 2008-02-19 16:28 <REP> d-------- C:\WINDOWS\LastGood
2008-02-18 16:59 . 2007-09-26 18:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-18 16:59 . 2008-02-18 16:59 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 18:55 . 2008-02-17 18:55 <REP> d-------- C:\Program Files\CCleaner
2008-02-15 20:26 . 2008-02-15 20:26 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-14 19:33 . 2008-02-14 19:45 <REP> d-------- C:\Program Files\Antipub
2008-02-13 20:42 . 2008-02-16 11:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 20:42 . 2008-02-15 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 20:29 . 2008-02-13 20:29 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 08:38 . 2008-02-13 08:38 <REP> d-------- C:\Program Files\Fichiers communs\Xuisoft
2008-02-13 08:35 . 2008-02-13 08:35 27,912 --a------ C:\DWNLOG.THN
2008-02-13 08:34 . 2008-02-13 08:34 245 --a------ C:\WINDOWS\GCSULT30.INI
2008-02-13 08:33 . 2008-02-13 08:33 <REP> d-------- C:\Program Files\Alchemy Mindworks
2008-02-13 08:33 . 1999-03-15 16:39 212,992 --a------ C:\WINDOWS\ALCHUNIN.EXE
2008-02-13 08:24 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
2008-02-13 08:24 . 2008-02-13 08:24 16 --a------ C:\WINDOWS\aninst00.whe
2008-02-13 08:22 . 2008-02-13 02:49 245,760 --a------ C:\WINDOWS\dmdqdrxnrp.dll
2008-02-13 08:22 . 2008-02-13 02:49 221,184 --a------ C:\WINDOWS\admggxp.dll
2008-02-13 08:22 . 2008-02-13 02:49 81,920 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-13 07:46 . 2008-02-13 07:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 07:38 . 2008-02-13 07:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-12 23:16 . 2008-02-12 23:16 <REP> d-------- C:\Program Files\vmntoolbar
2008-02-12 23:16 . 2008-02-18 22:26 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\vmntoolbar
2008-02-12 23:15 . 2008-02-13 17:53 <REP> d-------- C:\Program Files\Visicom Media
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Vbox
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\WINDOWS\Noslip
2008-02-12 20:47 . 2008-02-12 20:47 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Ulead Systems
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-02-12 20:47 . 2008-02-12 20:56 582 --ah----- C:\os357577.bin
2008-02-12 18:48 . 2008-02-12 18:48 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\Samsung
2008-02-12 18:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-02-12 18:46 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-02-12 18:46 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-02-12 18:46 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-02-12 18:46 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-02-12 18:46 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-02-12 18:44 . 2008-02-12 18:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-12 18:44 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-12 18:43 . 2008-02-12 18:43 <REP> d-------- C:\Program Files\Samsung
2008-02-12 18:43 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-02-07 16:34 . 2008-02-07 16:34 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-06 15:05 . 2008-02-06 15:14 <REP> d-------- C:\Program Files\DMW Scanner 3
2008-02-03 13:04 . 2008-02-03 13:06 <REP> d-------- C:\Program Files\Paintball2
2008-02-02 11:09 . 2008-02-02 11:09 <REP> d-------- C:\Program Files\Microsoft Games
2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\Program Files\TeamSpeak3
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-21 17:10 . 2008-01-21 17:10 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-01-21 08:07 . 2008-01-21 08:07 <REP> d-------- C:\Program Files\Switch Off
2008-01-21 08:00 . 2008-01-21 08:00 <REP> d-------- C:\Documents and Settings\N@rUtO\WINDOWS
2008-01-21 08:00 . 1998-02-06 22:39 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-01-20 15:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-19 16:35 . 2008-01-25 19:18 <REP> d-------- C:\Documents and Settings\N@rUtO\Application Data\DMCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 18:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\teamspeak2
2008-02-16 20:15 --------- d-----w C:\Program Files\Shareaza
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 20:24 --------- d-----w C:\Program Files\AV VCS 3.0
2008-02-13 06:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 21:44 --------- d-----w C:\Program Files\Ultime Pack Maps DMW
2008-02-12 20:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-12 19:47 --------- d-----w C:\Program Files\Ulead Systems
2008-02-10 09:34 --------- d-----w C:\Program Files\World of Warcraft
2008-02-03 16:17 --------- d-----w C:\Program Files\StuffPlug3
2008-02-03 09:51 --------- d-----w C:\Program Files\WoW2
2008-01-28 14:06 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\WinButler
2008-01-20 14:58 --------- d-----w C:\Program Files\Java
2008-01-19 14:36 --------- d-----w C:\Program Files\DivX
2008-01-17 16:44 --------- d-----w C:\Program Files\Counter-Strike Source
2008-01-16 16:47 --------- d-----w C:\Program Files\Activision
2008-01-14 07:16 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\ma-config.com
2008-01-13 11:38 --------- d-----w C:\Program Files\Warcraft III
2008-01-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-01-09 21:54 --------- d-----w C:\Program Files\ATI Technologies
2008-01-05 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-02 09:06 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-02 09:06 54,444 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-02 09:06 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-29 11:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-28 22:46 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\uTorrent
2007-12-27 22:53 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 11:32 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-12-26 20:47 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-26 01:49 --------- d-----w C:\Program Files\LucasArts
2007-12-25 19:56 --------- d-----w C:\Program Files\mohaa
2007-12-24 23:44 --------- d-----w C:\Program Files\Logitech
2007-12-24 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Printer Info Cache
2007-12-22 12:50 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Image Zone Express
2007-12-21 14:13 22,328 ----a-w C:\Documents and Settings\N@rUtO\Application Data\PnkBstrK.sys
2007-12-21 12:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 17:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-19 17:19 --------- d--h--r C:\Documents and Settings\N@rUtO\Application Data\SecuROM
2007-12-19 13:19 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-12-19 13:19 --------- d-----w C:\Program Files\AVSMedia
2007-12-19 13:09 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\DeepBurner
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Sonic
2007-12-19 12:56 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\Leadertech
2007-12-19 11:55 --------- d-----w C:\Documents and Settings\N@rUtO\Application Data\vlc
2007-12-19 11:51 --------- d-----w C:\Program Files\VideoLAN
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

------- Sigcheck -------

"C:\WINDOWS\explorer.exe"
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-10 13:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 15:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDC5F6BF-F822-47EE-A03D-8158DF526AC9}]
2008-02-13 02:49 245760 --a------ C:\WINDOWS\dmdqdrxnrp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263}
{A057A204-BACC-4D26-8287-79A187E26987}

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 15:27 1918936]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 07:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 07:15 81920]
"EULA"="C:\APPS\PB_TB\EULALauncher.exe" [2006-09-29 13:14 18944]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Diamondback"="C:\Program Files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 14:07 147456]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 16126464 C:\WINDOWS\RTHDCPL.EXE]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TrayMin300.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2007-12-15 19:42:12 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"admggxp"= {83218316-6670-459C-8D32-9FCA7D299812} - C:\WINDOWS\admggxp.dll [2008-02-13 02:49 221184]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]


R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\WINDOWS\system32\Drivers\DB3G.sys [2005-04-24 22:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 17:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 16:31:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-19 16:32:08
ComboFix-quarantined-files.txt 2008-02-19 15:32:06
.
2008-02-13 19:29:38 --- E O F ---

Angeldark
Profil : Helper
Plus d'informations
n°282782
19-02-2008 à 16:58:58

Re,

Télécharge le fichier suivant :
http://dcangeldark.googlepages.com/KillD.zip
Dézippe le sur ton bureau. Lance Kill.cmd puis poste le rapport.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Balkan
Profil : IDNaute
Plus d'informations
n°282789
19-02-2008 à 18:06:06

voila

C:\WINDOWS\admggxp.dll - Erreur de Suppression !
----------
C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------

Angeldark
Profil : Helper
Plus d'informations
n°282791
19-02-2008 à 18:08:17

Tu peux relancer la suppression en sans échec ?


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Balkan
Profil : IDNaute
Plus d'informations
n°282796
19-02-2008 à 18:16:11

non dsl je sais le faire mais ya t'il besoin de se logiciel ??

Angeldark
Profil : Helper
Plus d'informations
n°282798
19-02-2008 à 18:18:35

Tu lances Kill.cmd en sans échec :)


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Balkan
Profil : IDNaute
Plus d'informations
n°282800
19-02-2008 à 18:25:43

enfaite je redemarre mon pc en mode sans echec c'est sa ???

Angeldark
Profil : Helper
Plus d'informations
n°282801
19-02-2008 à 18:26:23
Balkan
Profil : IDNaute
Plus d'informations
n°282802
19-02-2008 à 18:30:26

toujours la meme chose

ppression ![/b]
----------
C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------


Angeldark
Profil : Helper
Plus d'informations
n°282805
19-02-2008 à 18:35:19

J'ai changé le contenu du zip.
Retélécharge-le puis recommence.
http://dcangeldark.googlepages.com/KillD.zip


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Balkan
Profil : IDNaute
Plus d'informations
n°282806
19-02-2008 à 18:37:25

meme chose C:\Documents and Settings\N@rUtO\Application Data\WinButler - Erreur de Suppression !
----------

Angeldark
Profil : Helper
Plus d'informations