probleme avec kesenjangansocial.exe

Bonsoir,

Voilà j'ai un souci avec kesenjangansocial. Au demarrage de mon ordinateur il me met un message comme quoi : " C:\WINDOWS\KesenjanganSocial.exe" est introuvable.

J'ai fais un scan avec bitdefender mais celui ci ne trouve aucun virus.
J'ai été voir sur des forums des solutions mais rien ne fonctionne.

A cause de ca des que je me connecte à internet, il affiche la page web mais il enleve la barre des taches et pour retrouver mon bureau et ma barre des taches il faut que je redemarre mon ordi.

Ca m'a causé aussi un autre probleme : j'avais 9500 fichiers pos au format TMP dans le lecteur C:\ et dans mes documents, mais ca j'ai reussi à les supprimer apres mon scan de bitdefender. Je le precise juste au cas ou.

Voila en attendant une reponse, je remercie ce qui lise et qui je le souhaite me repondront.

A bientot.

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Salut.

Poste un rapport Hijackthis comme expliqué sur ce lien :
http://www.infos-du-net.com/forum/ [...] hijackthis
Il est essentiel qu'Hijackthis ait été renommé en Hjt avant de lancer le scan et qu'il soit placé dans son propre dossier ailleurs que sur ton bureau ou dans un fichier temporaire .

++

Répondre à josh_94

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

&

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je t'en prie Angeldark, prend la suite.

Répondre à josh_94

Merci.

Message édité par Angeldark le 18-02-2008 à 21:30:20

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

voici le rapport combofix

ComboFix 08-02-18.1 - cindy 2008-02-18 21:53:06.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.43 [GMT 1:00]
Endroit: C:\Documents and Settings\cindy\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\cindy\Application Data\DOBE~1
C:\Documents and Settings\cindy\Local Settings\Application Data\rnjfjfbd.dat
C:\Documents and Settings\cindy\Local Settings\Application Data\rnjfjfbd.exe
C:\Documents and Settings\cindy\Local Settings\Application Data\rnjfjfbd_nav.dat
C:\Documents and Settings\cindy\Local Settings\Application Data\rnjfjfbd_navps.dat
C:\Documents and Settings\cindy\ResErrors.log
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\NetMon
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\WINDOWS\a3Vyb3dpYWs\
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGESV_0001_N122M2811NetInstaller.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\awtsqnk.dll
C:\WINDOWS\system32\caohhmyu.tmp
C:\WINDOWS\system32\cbcdd.ini
C:\WINDOWS\system32\cbcdd.ini2
C:\WINDOWS\system32\cyrdclvm.dll
C:\WINDOWS\system32\ddcbc.dll
C:\WINDOWS\system32\efcbaxy.dll
C:\WINDOWS\system32\eiruybbp.dll
C:\WINDOWS\system32\exmianlc.ini
C:\WINDOWS\system32\kquviprr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tpgsyfjx.ini
C:\WINDOWS\system32\uymhhoac.dll
C:\WINDOWS\system32\vgbxyowe.dllbox
C:\WINDOWS\system32\windows
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor

((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.

2008-02-18 20:34 . 2002-12-06 17:37 503,808 --a------ C:\WINDOWS\system32\xreglib.dll.tmppnd
2008-02-18 20:34 . 2008-02-18 20:34 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-18 15:01 . 2008-02-18 15:01 71,040 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys.avxpnd
2008-02-18 14:41 . 2008-02-18 14:41 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Bitdefender
2008-02-18 14:11 . 2008-02-18 15:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-02-18 14:10 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Softwin
2008-02-18 14:09 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-02-18 14:05 . 2008-02-18 14:05 268 --ah----- C:\sqmdata19.sqm
2008-02-18 14:05 . 2008-02-18 14:05 244 --ah----- C:\sqmnoopt19.sqm
2008-02-18 13:58 . 2008-02-18 13:58 268 --ah----- C:\sqmdata18.sqm
2008-02-18 13:58 . 2008-02-18 13:58 244 --ah----- C:\sqmnoopt18.sqm
2008-02-18 13:42 . 2008-02-18 13:42 2,676 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-18 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-18 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-18 13:41 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-18 13:41 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-18 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-18 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-18 13:39 . 2008-02-18 13:39 172 --ah----- C:\sqmnoopt17.sqm
2008-02-18 13:39 . 2008-02-18 13:39 172 --ah----- C:\sqmdata17.sqm
2008-02-18 13:35 . 2008-02-18 13:35 268 --ah----- C:\sqmdata16.sqm
2008-02-18 13:35 . 2008-02-18 13:35 244 --ah----- C:\sqmnoopt16.sqm
2008-02-18 13:29 . 2008-02-18 13:29 172 --ah----- C:\sqmnoopt15.sqm
2008-02-18 13:29 . 2008-02-18 13:29 172 --ah----- C:\sqmdata15.sqm
2008-02-18 13:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-18 12:26 . 2008-02-18 12:26 268 --ah----- C:\sqmdata14.sqm
2008-02-18 12:26 . 2008-02-18 12:26 244 --ah----- C:\sqmnoopt14.sqm
2008-02-18 12:06 . 2008-02-18 18:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-02-18 11:58 . 2008-02-18 11:58 268 --ah----- C:\sqmdata13.sqm
2008-02-18 11:58 . 2008-02-18 11:58 244 --ah----- C:\sqmnoopt13.sqm
2008-02-18 10:40 . 2008-02-18 10:40 268 --ah----- C:\sqmdata12.sqm
2008-02-18 10:40 . 2008-02-18 10:40 244 --ah----- C:\sqmnoopt12.sqm
2008-02-18 10:18 . 2008-02-18 10:18 268 --ah----- C:\sqmdata11.sqm
2008-02-18 10:18 . 2008-02-18 10:18 244 --ah----- C:\sqmnoopt11.sqm
2008-02-17 20:25 . 2008-02-17 20:25 268 --ah----- C:\sqmdata10.sqm
2008-02-17 20:25 . 2008-02-17 20:25 244 --ah----- C:\sqmnoopt10.sqm
2008-02-17 18:05 . 2008-02-17 18:05 268 --ah----- C:\sqmdata09.sqm
2008-02-17 18:05 . 2008-02-17 18:05 244 --ah----- C:\sqmnoopt09.sqm
2008-02-17 16:44 . 2008-02-17 16:44 <REP> d-------- C:\Program Files\Alwil Software
2008-02-17 15:41 . 2008-02-17 15:39 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 15:41 . 2008-02-17 15:41 3,465 --a------ C:\WINDOWS\unins000.dat
2008-02-17 15:34 . 2008-02-17 17:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-17 15:16 . 2008-02-17 20:26 <REP> d-------- C:\Documents and Settings\cindy\Contacts
2008-02-17 14:47 . 2008-02-17 14:47 <REP> d-------- C:\Documents and Settings\cindy\Application Data\AntivirusOrdi
2008-02-17 14:47 . 2008-02-17 14:47 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2008-02-17 14:46 . 2008-02-17 14:46 191,512 --a------ C:\Documents and Settings\cindy\Application Data\install_fr[1].exe
2008-02-17 14:46 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-17 14:46 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-17 13:20 . 2008-02-17 13:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-02-16 13:08 . 2008-02-17 17:24 <REP> d-------- C:\WINDOWS\system32\yw3
2008-02-16 13:08 . 2008-02-17 17:23 <REP> d-------- C:\WINDOWS\system32\rp1
2008-02-16 13:08 . 2008-02-16 13:08 <REP> d-------- C:\WINDOWS\system32\mq9
2008-02-11 20:55 . 2008-02-11 20:55 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Apple Computer
2008-02-11 20:54 . 2008-02-11 20:55 <REP> d-------- C:\Program Files\iTunes
2008-02-11 20:54 . 2008-02-11 20:54 <REP> d-------- C:\Program Files\iPod
2008-02-11 20:52 . 2008-02-11 20:53 <REP> d-------- C:\Program Files\QuickTime
2008-02-11 20:52 . 2008-02-11 20:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-11 20:51 . 2008-02-11 20:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-10 17:17 . 2008-02-10 17:18 <REP> d-------- C:\Documents and Settings\cindy\Application Data\MSN6
2008-02-10 17:17 . 2008-02-10 17:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-02-10 16:37 . 2008-02-10 16:37 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-10 15:11 . 2008-02-10 15:11 0 --a------ C:\WINDOWS\khooker.INI
2008-02-10 13:21 . 2008-02-10 20:57 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-09 17:27 . 2008-02-11 18:46 <REP> d-------- C:\WINDOWS\ShellNew
2008-02-09 13:15 . 2008-02-18 21:49 268 --ah----- C:\sqmdata05.sqm
2008-02-09 13:15 . 2008-02-18 21:49 244 --ah----- C:\sqmnoopt05.sqm
2008-02-09 13:15 . 2008-02-09 13:15 208 --ah----- C:\sqmdata07.sqm
2008-02-09 13:15 . 2008-02-09 13:15 172 --ah----- C:\sqmnoopt08.sqm
2008-02-09 13:15 . 2008-02-09 13:15 172 --ah----- C:\sqmnoopt07.sqm
2008-02-09 13:15 . 2008-02-09 13:15 172 --ah----- C:\sqmdata08.sqm
2008-02-09 13:15 . 2008-02-09 13:15 148 --ah----- C:\sqmdata06.sqm
2008-02-09 13:15 . 2008-02-09 13:15 136 --ah----- C:\sqmnoopt06.sqm
2008-02-08 19:05 . 2008-02-08 19:05 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Yahoo!
2008-02-08 19:04 . 2008-02-08 19:04 <REP> d-------- C:\Program Files\DivX
2008-02-08 09:17 . 2008-02-18 20:55 268 --ah----- C:\sqmdata04.sqm
2008-02-08 09:17 . 2008-02-18 20:55 244 --ah----- C:\sqmnoopt04.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmnoopt03.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmdata03.sqm
2008-02-06 12:37 . 2008-02-18 19:44 268 --ah----- C:\sqmdata02.sqm
2008-02-06 12:37 . 2008-02-18 19:44 244 --ah----- C:\sqmnoopt02.sqm
2008-02-04 22:15 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-04 22:15 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-04 22:15 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-04 14:53 . 2008-02-04 14:53 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Template
2008-02-03 14:45 . 2008-02-03 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-03 14:43 . 2008-02-18 18:58 <REP> d-------- C:\Program Files\Google
2008-02-03 14:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 14:41 . 2008-02-03 14:42 <REP> d-------- C:\Program Files\Java
2008-02-03 14:40 . 2008-02-03 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-03 13:52 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-03 13:52 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-03 13:52 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-03 13:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-03 13:52 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-03 13:52 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:01 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
2008-02-17 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-11 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-11 18:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 12:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-04 13:40 --------- d-----w C:\Program Files\Microsoft Works
2008-02-02 14:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-02 13:59 --------- d-----w C:\Program Files\SiSVGA
2008-02-01 17:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-02-01 14:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-01 13:52 --------- d-----w C:\Program Files\uTorrent
2008-01-10 19:32 --------- d-----w C:\Program Files\Macrogaming
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2003-07-22 16:44 1,388,544 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23C10E04-21BC-4E0E-C391-F71E77A9B5CD}]
C:\Program Files\Windows Media Player\qujaxiji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81BA243-8839-496E-A3E0-C17266E0AFE5}]
2008-02-08 02:07 217088 --a------ C:\Program Files\MSN\giquxaba89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-07-22 17:32 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 12:06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-06-26 11:35 303104]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2003-05-29 03:23 294912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2006-08-04 16:22 376832]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-06-20 14:35 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-18 19:00 1836544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-22 17:32 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-18 12:06:49 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vgbxyowe]
vgbxyowe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 18:48:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 14:00:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 21:56:26
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-18 21:59:19
ComboFix-quarantined-files.txt 2008-02-18 20:59:10

Répondre à swarely

et voici le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:01:16, on 18/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cindy\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {23C10E04-21BC-4E0E-C391-F71E77A9B5CD} - C:\Program Files\Windows Media Player\qujaxiji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D81BA243-8839-496E-A3E0-C17266E0AFE5} - C:\Program Files\MSN\giquxaba89104.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2043048486
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {B164C1FC-1BEE-A33B-E3B6-67C8F421E94B} - http://performanceoptimizer.com/fi [...] taller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: vgbxyowe - vgbxyowe.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci!!!!

Répondre à swarely

Re,

Télécharge DelDomains.inf (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**

Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

voila c'est fait il me donne ca :

; DelDomains.inf © 11-28-04 | Revised 01-15-06
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
; http://mvps.org/winhelp2002/restricted.htm
;
; Revised to include the EscDomains key
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
; Note: you will not see any onscreen action.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

Répondre à swarely

**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
-> Tu as bien fait ça ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

J'utilise pas firefox, donc j'ai cliqué dessus je l'ai enregistré sous mon bureau...et quand je l'ai ouvert il m'a donné ca.

Répondre à swarely

**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
-> fais-le, même avec Internet Explorer alors

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voila j'ai installer deldomains en suivant les étapes que tu m'as enoncé.

Répondre à swarely

Reposte un rapport Hijackthis

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour, Voila le nouveau rapport

Logfile of HijackThis v1.99.1
Scan saved at 10:58:47, on 20/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\cindy\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D81BA243-8839-496E-A3E0-C17266E0AFE5} - C:\Program Files\MSN\giquxaba89104.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2043048486
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {B164C1FC-1BEE-A33B-E3B6-67C8F421E94B} - http://performanceoptimizer.com/fi [...] taller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: vgbxyowe - vgbxyowe.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Répondre à swarely

Refais un scan Combofix

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

voila, apres mon scan combofix :

ComboFix 08-02-18.1 - cindy 2008-02-20 18:49:14.3 - NTFSx86
Endroit: C:\Documents and Settings\cindy\Bureau\ComboFix.exe
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 10:28 . 2008-02-18 15:01 913,408 --a------ C:\WINDOWS\system32\xreglib.dll
2008-02-18 22:31 . 2008-02-19 13:15 1,432 --a------ C:\DelDomains.inf
2008-02-18 20:34 . 2008-02-20 18:54 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-18 14:41 . 2008-02-18 14:41 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Bitdefender
2008-02-18 14:11 . 2008-02-18 15:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-02-18 14:10 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Softwin
2008-02-18 14:09 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-02-18 14:05 . 2008-02-18 14:05 268 --ah----- C:\sqmdata19.sqm
2008-02-18 14:05 . 2008-02-18 14:05 244 --ah----- C:\sqmnoopt19.sqm
2008-02-18 13:58 . 2008-02-18 13:58 268 --ah----- C:\sqmdata18.sqm
2008-02-18 13:58 . 2008-02-18 13:58 244 --ah----- C:\sqmnoopt18.sqm
2008-02-18 13:42 . 2008-02-18 13:42 2,676 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-18 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-18 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-18 13:41 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-18 13:41 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-18 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-18 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-18 13:39 . 2008-02-18 13:39 172 --ah----- C:\sqmnoopt17.sqm
2008-02-18 13:39 . 2008-02-18 13:39 172 --ah----- C:\sqmdata17.sqm
2008-02-18 13:35 . 2008-02-18 13:35 268 --ah----- C:\sqmdata16.sqm
2008-02-18 13:35 . 2008-02-18 13:35 244 --ah----- C:\sqmnoopt16.sqm
2008-02-18 13:29 . 2008-02-18 13:29 172 --ah----- C:\sqmnoopt15.sqm
2008-02-18 13:29 . 2008-02-18 13:29 172 --ah----- C:\sqmdata15.sqm
2008-02-18 13:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-18 12:26 . 2008-02-20 18:16 304 --ah----- C:\sqmdata14.sqm
2008-02-18 12:26 . 2008-02-20 18:16 244 --ah----- C:\sqmnoopt14.sqm
2008-02-18 12:06 . 2008-02-20 11:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-02-18 11:58 . 2008-02-20 16:38 268 --ah----- C:\sqmdata13.sqm
2008-02-18 11:58 . 2008-02-20 16:38 244 --ah----- C:\sqmnoopt13.sqm
2008-02-18 10:40 . 2008-02-20 16:09 172 --ah----- C:\sqmnoopt12.sqm
2008-02-18 10:40 . 2008-02-20 16:10 172 --ah----- C:\sqmdata12.sqm
2008-02-18 10:18 . 2008-02-20 15:56 268 --ah----- C:\sqmdata11.sqm
2008-02-18 10:18 . 2008-02-20 15:56 244 --ah----- C:\sqmnoopt11.sqm
2008-02-17 20:25 . 2008-02-20 10:40 268 --ah----- C:\sqmdata10.sqm
2008-02-17 20:25 . 2008-02-20 10:40 244 --ah----- C:\sqmnoopt10.sqm
2008-02-17 18:05 . 2008-02-19 19:08 268 --ah----- C:\sqmdata09.sqm
2008-02-17 18:05 . 2008-02-19 19:08 244 --ah----- C:\sqmnoopt09.sqm
2008-02-17 16:44 . 2008-02-17 16:44 <REP> d-------- C:\Program Files\Alwil Software
2008-02-17 15:41 . 2008-02-17 15:39 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 15:41 . 2008-02-17 15:41 3,465 --a------ C:\WINDOWS\unins000.dat
2008-02-17 15:34 . 2008-02-17 17:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-17 15:16 . 2008-02-20 18:07 <REP> d-------- C:\Documents and Settings\cindy\Contacts
2008-02-17 14:47 . 2008-02-17 14:47 <REP> d-------- C:\Documents and Settings\cindy\Application Data\AntivirusOrdi
2008-02-17 14:47 . 2008-02-17 14:47 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2008-02-17 14:46 . 2008-02-17 14:46 191,512 --a------ C:\Documents and Settings\cindy\Application Data\install_fr[1].exe
2008-02-17 14:46 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-17 14:46 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-17 13:20 . 2008-02-17 13:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-02-16 13:08 . 2008-02-17 17:24 <REP> d-------- C:\WINDOWS\system32\yw3
2008-02-16 13:08 . 2008-02-17 17:23 <REP> d-------- C:\WINDOWS\system32\rp1
2008-02-16 13:08 . 2008-02-16 13:08 <REP> d-------- C:\WINDOWS\system32\mq9
2008-02-11 20:55 . 2008-02-11 20:55 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Apple Computer
2008-02-11 20:54 . 2008-02-11 20:55 <REP> d-------- C:\Program Files\iTunes
2008-02-11 20:54 . 2008-02-11 20:54 <REP> d-------- C:\Program Files\iPod
2008-02-11 20:52 . 2008-02-11 20:53 <REP> d-------- C:\Program Files\QuickTime
2008-02-11 20:52 . 2008-02-11 20:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-11 20:51 . 2008-02-11 20:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-10 17:17 . 2008-02-10 17:18 <REP> d-------- C:\Documents and Settings\cindy\Application Data\MSN6
2008-02-10 17:17 . 2008-02-10 17:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-02-10 16:37 . 2008-02-10 16:37 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-10 15:11 . 2008-02-10 15:11 0 --a------ C:\WINDOWS\khooker.INI
2008-02-10 13:21 . 2008-02-10 20:57 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-09 17:27 . 2008-02-11 18:46 <REP> d-------- C:\WINDOWS\ShellNew
2008-02-09 13:15 . 2008-02-19 17:23 268 --ah----- C:\sqmdata08.sqm
2008-02-09 13:15 . 2008-02-19 11:50 268 --ah----- C:\sqmdata07.sqm
2008-02-09 13:15 . 2008-02-18 21:49 268 --ah----- C:\sqmdata05.sqm
2008-02-09 13:15 . 2008-02-19 17:23 244 --ah----- C:\sqmnoopt08.sqm
2008-02-09 13:15 . 2008-02-19 11:50 244 --ah----- C:\sqmnoopt07.sqm
2008-02-09 13:15 . 2008-02-18 21:49 244 --ah----- C:\sqmnoopt05.sqm
2008-02-09 13:15 . 2008-02-18 23:16 172 --ah----- C:\sqmnoopt06.sqm
2008-02-09 13:15 . 2008-02-18 23:16 172 --ah----- C:\sqmdata06.sqm
2008-02-08 19:05 . 2008-02-08 19:05 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Yahoo!
2008-02-08 19:04 . 2008-02-08 19:04 <REP> d-------- C:\Program Files\DivX
2008-02-08 09:17 . 2008-02-18 20:55 268 --ah----- C:\sqmdata04.sqm
2008-02-08 09:17 . 2008-02-18 20:55 244 --ah----- C:\sqmnoopt04.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmnoopt03.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmdata03.sqm
2008-02-06 12:37 . 2008-02-18 19:44 268 --ah----- C:\sqmdata02.sqm
2008-02-06 12:37 . 2008-02-18 19:44 244 --ah----- C:\sqmnoopt02.sqm
2008-02-04 22:15 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-04 22:15 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-04 22:15 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-04 14:53 . 2008-02-04 14:53 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Template
2008-02-03 14:45 . 2008-02-03 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-03 14:43 . 2008-02-19 11:03 <REP> d-------- C:\Program Files\Google
2008-02-03 14:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 14:41 . 2008-02-03 14:42 <REP> d-------- C:\Program Files\Java
2008-02-03 14:40 . 2008-02-03 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-03 13:52 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-03 13:52 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-03 13:52 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-03 13:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-03 13:52 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-03 13:52 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:01 71,040 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-17 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-11 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-11 18:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 12:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-04 13:40 --------- d-----w C:\Program Files\Microsoft Works
2008-02-02 14:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-02 13:59 --------- d-----w C:\Program Files\SiSVGA
2008-02-01 17:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-02-01 14:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-01 13:52 --------- d-----w C:\Program Files\uTorrent
2008-01-10 19:32 --------- d-----w C:\Program Files\Macrogaming
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2003-07-22 16:44 1,388,544 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81BA243-8839-496E-A3E0-C17266E0AFE5}]
2008-02-08 02:07 217088 --a------ C:\Program Files\MSN\giquxaba89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-07-22 17:32 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 12:06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-06-26 11:35 303104]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2003-05-29 03:23 294912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-02-18 15:00 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-02-18 15:00 69632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-18 19:00 1836544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-22 17:32 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-18 12:06:49 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vgbxyowe]
vgbxyowe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys [2008-02-18 14:59]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\System32\DRIVERS\bdfndisf.sys [2008-02-18 15:01]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\sis163u.sys [2006-03-01 19:37]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 18:48:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 14:00:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 18:57:52
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-20 19:03:12
ComboFix-quarantined-files.txt 2008-02-20 18:03:02
ComboFix2.txt 2008-02-18 20:59:20

Merci encore

Répondre à swarely

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\Program Files\MSN\giquxaba89104.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81BA243-8839-496E-A3E0-C17266E0AFE5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vgbxyowe]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

voila j'ai fait ce que tu m'a demandé

rapport combofix :

ComboFix 08-02-18.1 - cindy 2008-02-20 21:31:25.5 - NTFSx86
Endroit: C:\Documents and Settings\cindy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\cindy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\MSN\giquxaba89104.dll
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 10:28 . 2008-02-18 15:01 913,408 --a------ C:\WINDOWS\system32\xreglib.dll
2008-02-18 22:31 . 2008-02-19 13:15 1,432 --a------ C:\DelDomains.inf
2008-02-18 20:34 . 2008-02-20 21:38 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-18 14:41 . 2008-02-18 14:41 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Bitdefender
2008-02-18 14:11 . 2008-02-18 15:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-02-18 14:10 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Softwin
2008-02-18 14:09 . 2008-02-18 14:10 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-02-18 14:05 . 2008-02-18 14:05 268 --ah----- C:\sqmdata19.sqm
2008-02-18 14:05 . 2008-02-20 21:20 244 --ah----- C:\sqmnoopt19.sqm
2008-02-18 13:58 . 2008-02-20 21:20 268 --ah----- C:\sqmdata18.sqm
2008-02-18 13:58 . 2008-02-20 21:19 244 --ah----- C:\sqmnoopt18.sqm
2008-02-18 13:42 . 2008-02-18 13:42 2,676 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-18 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-18 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-18 13:41 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-18 13:41 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-18 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-18 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-18 13:39 . 2008-02-20 20:59 268 --ah----- C:\sqmdata17.sqm
2008-02-18 13:39 . 2008-02-20 20:59 244 --ah----- C:\sqmnoopt17.sqm
2008-02-18 13:35 . 2008-02-20 20:11 172 --ah----- C:\sqmnoopt16.sqm
2008-02-18 13:35 . 2008-02-20 20:11 172 --ah----- C:\sqmdata16.sqm
2008-02-18 13:29 . 2008-02-20 20:11 268 --ah----- C:\sqmdata15.sqm
2008-02-18 13:29 . 2008-02-20 20:11 244 --ah----- C:\sqmnoopt15.sqm
2008-02-18 13:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-18 12:26 . 2008-02-20 18:16 304 --ah----- C:\sqmdata14.sqm
2008-02-18 12:26 . 2008-02-20 18:16 244 --ah----- C:\sqmnoopt14.sqm
2008-02-18 12:06 . 2008-02-20 11:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-02-18 11:58 . 2008-02-20 16:38 268 --ah----- C:\sqmdata13.sqm
2008-02-18 11:58 . 2008-02-20 16:38 244 --ah----- C:\sqmnoopt13.sqm
2008-02-18 10:40 . 2008-02-20 16:09 172 --ah----- C:\sqmnoopt12.sqm
2008-02-18 10:40 . 2008-02-20 16:10 172 --ah----- C:\sqmdata12.sqm
2008-02-18 10:18 . 2008-02-20 15:56 268 --ah----- C:\sqmdata11.sqm
2008-02-18 10:18 . 2008-02-20 15:56 244 --ah----- C:\sqmnoopt11.sqm
2008-02-17 20:25 . 2008-02-20 10:40 268 --ah----- C:\sqmdata10.sqm
2008-02-17 20:25 . 2008-02-20 10:40 244 --ah----- C:\sqmnoopt10.sqm
2008-02-17 18:05 . 2008-02-19 19:08 268 --ah----- C:\sqmdata09.sqm
2008-02-17 18:05 . 2008-02-19 19:08 244 --ah----- C:\sqmnoopt09.sqm
2008-02-17 16:44 . 2008-02-17 16:44 <REP> d-------- C:\Program Files\Alwil Software
2008-02-17 15:41 . 2008-02-17 15:39 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 15:41 . 2008-02-17 15:41 3,465 --a------ C:\WINDOWS\unins000.dat
2008-02-17 15:34 . 2008-02-17 17:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-17 15:16 . 2008-02-20 18:07 <REP> d-------- C:\Documents and Settings\cindy\Contacts
2008-02-17 14:47 . 2008-02-17 14:47 <REP> d-------- C:\Documents and Settings\cindy\Application Data\AntivirusOrdi
2008-02-17 14:47 . 2008-02-17 14:47 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SalesMon
2008-02-17 14:46 . 2008-02-17 14:46 191,512 --a------ C:\Documents and Settings\cindy\Application Data\install_fr[1].exe
2008-02-17 14:46 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-17 14:46 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-17 13:20 . 2008-02-17 13:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-02-16 13:08 . 2008-02-17 17:24 <REP> d-------- C:\WINDOWS\system32\yw3
2008-02-16 13:08 . 2008-02-17 17:23 <REP> d-------- C:\WINDOWS\system32\rp1
2008-02-16 13:08 . 2008-02-16 13:08 <REP> d-------- C:\WINDOWS\system32\mq9
2008-02-11 20:55 . 2008-02-11 20:55 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Apple Computer
2008-02-11 20:54 . 2008-02-11 20:55 <REP> d-------- C:\Program Files\iTunes
2008-02-11 20:54 . 2008-02-11 20:54 <REP> d-------- C:\Program Files\iPod
2008-02-11 20:52 . 2008-02-11 20:53 <REP> d-------- C:\Program Files\QuickTime
2008-02-11 20:52 . 2008-02-11 20:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-11 20:51 . 2008-02-11 20:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-10 17:17 . 2008-02-10 17:18 <REP> d-------- C:\Documents and Settings\cindy\Application Data\MSN6
2008-02-10 17:17 . 2008-02-10 17:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-02-10 16:37 . 2008-02-10 16:37 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-10 15:11 . 2008-02-10 15:11 0 --a------ C:\WINDOWS\khooker.INI
2008-02-10 13:21 . 2008-02-10 20:57 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-09 17:27 . 2008-02-11 18:46 <REP> d-------- C:\WINDOWS\ShellNew
2008-02-09 13:15 . 2008-02-19 17:23 268 --ah----- C:\sqmdata08.sqm
2008-02-09 13:15 . 2008-02-19 11:50 268 --ah----- C:\sqmdata07.sqm
2008-02-09 13:15 . 2008-02-18 21:49 268 --ah----- C:\sqmdata05.sqm
2008-02-09 13:15 . 2008-02-19 17:23 244 --ah----- C:\sqmnoopt08.sqm
2008-02-09 13:15 . 2008-02-19 11:50 244 --ah----- C:\sqmnoopt07.sqm
2008-02-09 13:15 . 2008-02-18 21:49 244 --ah----- C:\sqmnoopt05.sqm
2008-02-09 13:15 . 2008-02-18 23:16 172 --ah----- C:\sqmnoopt06.sqm
2008-02-09 13:15 . 2008-02-18 23:16 172 --ah----- C:\sqmdata06.sqm
2008-02-08 19:05 . 2008-02-08 19:05 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Yahoo!
2008-02-08 19:04 . 2008-02-08 19:04 <REP> d-------- C:\Program Files\DivX
2008-02-08 09:17 . 2008-02-18 20:55 268 --ah----- C:\sqmdata04.sqm
2008-02-08 09:17 . 2008-02-18 20:55 244 --ah----- C:\sqmnoopt04.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmnoopt03.sqm
2008-02-07 11:11 . 2008-02-18 20:36 172 --ah----- C:\sqmdata03.sqm
2008-02-06 12:37 . 2008-02-18 19:44 268 --ah----- C:\sqmdata02.sqm
2008-02-06 12:37 . 2008-02-18 19:44 244 --ah----- C:\sqmnoopt02.sqm
2008-02-04 22:15 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-04 22:15 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-04 22:15 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-02-04 22:15 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-04 14:53 . 2008-02-04 14:53 <REP> d-------- C:\Documents and Settings\cindy\Application Data\Template
2008-02-03 14:45 . 2008-02-03 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-03 14:43 . 2008-02-19 11:03 <REP> d-------- C:\Program Files\Google
2008-02-03 14:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 14:41 . 2008-02-03 14:42 <REP> d-------- C:\Program Files\Java
2008-02-03 14:40 . 2008-02-03 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-03 13:52 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-03 13:52 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-03 13:52 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-03 13:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-03 13:52 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-03 13:52 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 14:01 71,040 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-17 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-11 19:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-11 18:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-10 12:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-04 13:40 --------- d-----w C:\Program Files\Microsoft Works
2008-02-02 14:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-02 13:59 --------- d-----w C:\Program Files\SiSVGA
2008-02-01 17:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-02-01 14:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-01 13:52 --------- d-----w C:\Program Files\uTorrent
2008-01-10 19:32 --------- d-----w C:\Program Files\Macrogaming
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2003-07-22 16:44 1,388,544 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-07-22 17:32 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 12:06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-06-26 11:35 303104]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2003-05-29 03:23 294912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-02-18 15:00 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-02-18 15:00 69632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-18 19:00 1836544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-22 17:32 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-18 12:06:49 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 18:48:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 14:00:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 21:39:28
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-20 21:44:14
ComboFix-quarantined-files.txt 2008-02-20 20:44:05
ComboFix2.txt 2008-02-20 19:27:26
ComboFix3.txt 2008-02-20 18:03:14
ComboFix4.txt 2008-02-18 20:59:20

Répondre à swarely

et voila l'autre rapport :

Logfile of HijackThis v1.99.1
Scan saved at 21:47:44, on 20/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\cindy\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2043048486
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {B164C1FC-1BEE-A33B-E3B6-67C8F421E94B} - http://performanceoptimizer.com/fi [...] taller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

mon ordi n'a pas redemarré au fait...en tout cas merci encore

Répondre à swarely

C'est mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

oui largement, j'ai plus le message au demarreg, j'ai plus les nombreuses pubs qui venaient et mon ordi va plus vite.

C'est bon?!

Répondre à swarely

probleme avec kesenjangansocial.exe

Forum Sécurité - Virus : probleme avec kesenjangansocial.exe

Attention