Bonjour,
J'ai depuis quelques temps des soucis duent à la présence de virus sur mon pc. J'ai passé un coup de kaspersky et spybot mais les ralentissements et bugs inexpliqués percistent. J'ai fait un rapport hijackthis .
Merci d'avance de vos réponses.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:17, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox2\firefox.exe
C:\Utilitaires\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {1B01D706-B209-44D1-B357-2436A91D911E} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028} - C:\WINDOWS\system32\yayxxUKd.dll (file missing)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0EA280D-F29F-44F6-B39F-C83E4934A124} - C:\WINDOWS\system32\ljJcDsqq.dll (file missing)
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\cbXOeffG.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7870] command /c del "C:\WINDOWS\system32\yayxxUKd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1173] cmd /c del "C:\WINDOWS\system32\yayxxUKd.dll_old"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: cbXOeffG - C:\WINDOWS\SYSTEM32\cbXOeffG.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table M
Message édité par coco641 le 02-05-2008 à 19:59:59
Bonjour,
Analyse le fichier suivant sur VirusTotal puis poste le rapport :
C:\WINDOWS\SYSTEM32\cbXOeffG.dll
Répondre à Angeldark
Merci pour la rapidité de réponse !
Rapport d'après l'analyse sur VirusTotal :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 Win32:TratBHO
AVG 7.5.0.516 2008.04.19 Generic10.LBI
BitDefender 7.2 2008.04.20 Trojan.Vundo.EFK
CAT-QuickHeal 9.50 2008.04.19 AdWare.Virtumonde.oiu (Not a Virus)
ClamAV 0.92.1 2008.04.20 Trojan.Vundo-2378
DrWeb 4.44.0.09170 2008.04.20 Trojan.Virtumod.based
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.04.19 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26 2008.04.20 Trojan.Crypt.XPACK
Kaspersky 7.0.0.125 2008.04.20 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 Trojan:Win32/Vundo.gen!D
NOD32v2 3041 2008.04.19 Win32/Adware.Virtumonde
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 Spyware/Virtumonde
Prevx1 V2 2008.04.20 Downloader.Zlob
Rising 20.40.62.00 2008.04.20 Trojan.Win32.VUNDO.bcq
Sophos 4.28.0 2008.04.20 Troj/Virtum-Gen
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 Trojan.Vundo
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.18 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 38400 bytes
MD5...: d555120d2206c067b317a58961dbb4d5
SHA1..: 132946df6882d038485944b6b6854dc7f6472165
SHA256: 8667d198f7e6d00062a971164181044fa070c76e429e36266c7f47de9053a0f6
SHA512: 5995f02472bf29b7f27449e6b7b6702f13d0b74549df1b18f933763bbfd4edcc
33671f067aea61dc0d8300065c16bfb7cc130b51a41515a3ee3efb395b2bba2e
PEiD..: tElock 0.99 - 1.0 private -> tE!
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10005249
timedatestamp.....: 0x323169a6 (Sat Sep 07 12:25:10 1996)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4400 7.23 6e4416a6ac02e12e41f8df04f543ab96
.data 0x1f000 0x5000 0x4200 7.97 147b4bbce733063139bd465f8535365f
.rdata 0x24000 0x1000 0x400 5.82 b42f34dab801afc66c660019fe71b569
.idata 0x25000 0x1000 0x800 3.75 e4d97fa7cda380a04599debb1fcfba88
( 3 imports )
> user32.dll: ShowOwnedPopups, SetMenuInfo, OemToCharA, LoadMenuA, LoadAcceleratorsW, IsCharLowerA, GetDlgItem, FillRect, EqualRect, EnableScrollBar, EnableMenuItem, EmptyClipboard, DestroyMenu, CreateMDIWindowA, CreateIconFromResourceEx, CreateDialogIndirectParamA, CopyRect, CharUpperBuffA, CharToOemA, CharPrevA, ChangeMenuA, ActivateKeyboardLayout, wsprintfA
> kernel32.dll: CloseHandle, GetPrivateProfileStringA, GetStartupInfoA, GetVersionExA, LocalAlloc, MapViewOfFile, OpenFileMappingA, lstrlenA, lstrcpynA, lstrcpyA, VirtualFree, SetEndOfFile, SetCurrentDirectoryA, ReadFile, RaiseException, GetFileSize
> oleaut32.dll: SafeArrayAllocData, SafeArrayAllocDescriptor, SysFreeString, VarBstrCat, RevokeActiveObject, OleLoadPicturePath
( 0 exports )
packers: PE_Patch
Prevx info: http://info.prevx.com/aboutprogram [...] 00F4F057F7
C'est bien une infection.
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Voivi le rapport combofix :
ComboFix 08-04-20.5 - Arnaud 2008-04-21 21:32:43.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1560 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbLRCJlm.ini
C:\WINDOWS\system32\cbLRCJlm.ini2
C:\WINDOWS\system32\cbXOeffG.dll
C:\WINDOWS\system32\dfeegfii.ini
C:\WINDOWS\system32\dfeegfii.ini2
C:\WINDOWS\system32\dKUxxyay.ini
C:\WINDOWS\system32\dKUxxyay.ini2
C:\WINDOWS\system32\hllwhcnt.ini
C:\WINDOWS\system32\huxgwceh.dll
C:\WINDOWS\system32\iifgeefd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qqsDcJjl.ini
C:\WINDOWS\system32\qqsDcJjl.ini2
C:\WINDOWS\system32\swamyoam.dll
C:\WINDOWS\system32\tnchwllh.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Service_6to4
((((((((((((((((((((((((((((( Fichiers créés 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.
2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-21 10:30 . 2008-04-21 18:14 466 ---hs---- C:\WINDOWS\system32\oxbdvslc.ini
2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-20 22:16 . 2008-04-21 21:41 10,051,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-20 22:16 . 2008-04-21 21:41 43,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-20 22:16 . 2008-04-21 21:41 13,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-20 22:16 . 2008-04-21 21:41 2,204 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-20 22:15 . 2008-04-21 21:43 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-20 20:28 . 2008-04-20 22:05 1,066 ---hs---- C:\WINDOWS\system32\nqwnvtoe.ini
2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
2008-04-19 20:27 . 2008-04-20 20:27 1,006 ---hs---- C:\WINDOWS\system32\ulltowkr.ini
2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
2008-04-18 12:49 . 2008-04-18 12:49 <REP> d-------- C:\Program Files\Runtime Software
2008-04-18 12:09 . 2008-04-18 12:09 <REP> d-------- C:\Program Files\PC Inspector File Recovery
2008-04-18 12:09 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
2008-04-18 11:57 . 2008-04-20 14:34 <REP> d-------- C:\Program Files\Seagate
2008-04-18 11:51 . 2008-04-20 10:45 <REP> d-------- C:\Program Files\Ontrack
2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-04-15 17:05 . 2008-04-21 17:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 17:05 . 2008-04-15 17:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim
2008-03-30 14:40 . 2008-03-30 14:40 <REP> d-------- C:\Program Files\Mindjet
2008-03-30 14:40 . 2008-03-30 14:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
2008-03-30 14:40 . 2002-12-28 10:26 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll
2008-03-28 01:22 . 2008-03-28 01:22 385 --a------ C:\WINDOWS\ODBC.INI
2008-03-26 22:08 . 2008-03-26 22:09 <REP> d-------- C:\Program Files\SopCast
2008-03-26 21:07 . 2008-03-26 21:07 <REP> d-------- C:\Program Files\Vstplugins
2008-03-26 21:05 . 2008-03-26 21:05 <REP> d-------- C:\Program Files\MSBuild
2008-03-26 21:03 . 2008-03-26 21:03 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-26 21:03 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Reference Assemblies
2008-03-26 21:02 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-24 23:27 . 2008-03-24 23:27 <REP> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 19:00 --------- d-----w C:\Program Files\Mozilla Firefox2
2008-04-21 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
2008-04-21 16:42 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-04-20 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
2008-04-19 11:47 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-18 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
2008-02-28 19:51 --------- d-----w C:\Program Files\Classic Menu for Office
2008-02-26 19:59 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\mIRC
2008-02-26 17:46 --------- d-----w C:\Program Files\mIRC
2008-02-26 14:29 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-26 14:25 --------- d-----w C:\Program Files\Stardock Games
2008-02-25 22:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsLiveInstaller
2008-02-25 08:02 --------- d-----w C:\Program Files\WiPen
2008-02-24 16:01 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-24 16:00 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-21 17:53 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028}]
C:\WINDOWS\system32\yayxxUKd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EA280D-F29F-44F6-B39F-C83E4934A124}]
C:\WINDOWS\system32\ljJcDsqq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOeffG]
cbXOeffG.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm
"MIDI2"= myokent.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
--a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
"WiPen"=C:\Program Files\WiPen\wpmanage.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"BMbf9979e9"=Rundll32.exe "C:\WINDOWS\system32\cvnnnfym.dll",s
"bcaa4a75"=rundll32.exe "C:\WINDOWS\system32\clsvdbxo.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
"C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule4
"4672:UDP"= 4672:UDP:emule
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
\Shell\AutoRun\command - E:\autorun_PES2008.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-21 19:42:47 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 21:43:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 642
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-21 21:52:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 19:52:11
ComboFix2.txt 2007-11-01 13:18:30
Pre-Run: 59,114,692,608 octets libres
Post-Run: 59,337,883,648 octets libres
299 --- E O F --- 2008-04-14 20:40:53
On va faire un petit ménage.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonjour,
Voici le rapport de MalwareByte's :
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 700
Type de recherche: Examen complet (C:\|)
Eléments examinés: 324948
Temps écoulé: 2 hour(s), 2 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\qoobox\Quarantine\C\WINDOWS\system32\cbXOeffG.dll.vir (Trojan.Vundo) -> No action taken.
C:\qoobox\Quarantine\C\WINDOWS\system32\huxgwceh.dll.vir (Trojan.Vundo) -> No action taken.
C:\qoobox\Quarantine\C\WINDOWS\system32\iifgeefd.dll.vir (Trojan.Vundo) -> No action taken.
C:\qoobox\Quarantine\C\WINDOWS\system32\swamyoam.dll.vir (Trojan.Vundo) -> No action taken.
Tu as bien supprimé les infections ?
Répondre à Angeldark
Reposte un rapport Hijackthis.
Répondre à Angeldark
ok en revoila un nouveau :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:02:48, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Utilitaires\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028} - C:\WINDOWS\system32\yayxxUKd.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0EA280D-F29F-44F6-B39F-C83E4934A124} - C:\WINDOWS\system32\ljJcDsqq.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: cbXOeffG - cbXOeffG.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10313 bytes
Scan Combofix et on termine 
Répondre à Angeldark
Voici voila le comboifix :
ComboFix 08-04-20.5 - Arnaud 2008-05-01 18:13:00.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1420 [GMT 2:00]
Endroit: C:\Utilitaires\Nouveau dossier\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 15:23 . 2008-05-01 15:23 <REP> d-------- C:\WINDOWS\LastGood
2008-04-30 13:00 . 2008-04-30 13:00 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia Multimedia Player
2008-04-29 20:36 . 2008-04-30 12:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\DIFX
2008-04-29 20:33 . 2008-04-29 20:36 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia
2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-29 20:32 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Nokia
2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PC Suite
2008-04-29 20:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-29 20:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-29 20:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-29 20:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-29 20:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-29 20:31 . 2008-04-29 20:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-24 14:02 . 2008-04-24 14:02 <REP> d-------- C:\Program Files\Runtime Software
2008-04-23 17:47 . 2008-04-26 09:04 <REP> d-------- C:\Program Files\FILERECOVERY PRO DEMO
2008-04-22 14:02 . 2008-04-22 14:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Malwarebytes
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-21 10:30 . 2008-04-21 18:14 466 ---hs---- C:\WINDOWS\system32\oxbdvslc.ini
2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-20 22:16 . 2008-05-01 18:15 13,474,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-20 22:16 . 2008-05-01 15:09 185,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-20 22:16 . 2008-05-01 18:16 154,656 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-20 22:16 . 2008-05-01 15:09 18,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-20 22:15 . 2008-05-01 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-20 20:28 . 2008-04-20 22:05 1,066 ---hs---- C:\WINDOWS\system32\nqwnvtoe.ini
2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
2008-04-19 20:27 . 2008-04-20 20:27 1,006 ---hs---- C:\WINDOWS\system32\ulltowkr.ini
2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
2008-04-18 11:57 . 2008-04-26 09:09 <REP> d-------- C:\Program Files\Seagate
2008-04-18 11:51 . 2008-04-26 09:07 <REP> d-------- C:\Program Files\Ontrack
2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 16:09 --------- d-----w C:\Program Files\Mozilla Firefox2
2008-05-01 15:31 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
2008-05-01 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-26 17:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-26 07:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-23 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
2008-03-30 12:40 --------- d-----w C:\Program Files\Mindjet
2008-03-30 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
2008-03-26 20:09 --------- d-----w C:\Program Files\SopCast
2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2008-03-26 19:07 --------- d-----w C:\Program Files\Vstplugins
2008-03-26 19:05 --------- d-----w C:\Program Files\MSBuild
2008-03-26 19:03 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
2008-03-24 21:27 --------- d-----w C:\Program Files\iPod
2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
2008-03-10 22:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 14:59 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-06 21:20 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-21_21.51.27.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 19:42:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 13:10:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 18:32:22 3,262 ----a-r C:\WINDOWS\Installer\{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}\ARPPRODUCTICON.exe
+ 2008-04-29 18:33:20 15,086 ----a-r C:\WINDOWS\Installer\{29466F9C-7C6A-419C-B301-F440FAF78760}\ARPPRODUCTICON.exe
+ 2008-04-29 18:32:54 10,134 ----a-r C:\WINDOWS\Installer\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}\ARPPRODUCTICON.exe
+ 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\Rtenicxp.sys
- 2007-03-01 08:05:14 90,240 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
+ 2008-01-03 20:10:12 103,680 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
- 2007-03-01 08:06:02 135,680 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenic64.sys
+ 2008-01-03 20:10:18 125,440 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenic64.sys
- 2007-03-01 08:05:38 90,496 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenicxp.sys
+ 2008-01-03 20:10:16 105,856 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenicxp.sys
+ 2007-03-29 20:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
- 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
+ 2008-01-03 20:10:16 105,856 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
+ 2007-11-06 07:26:20 535,040 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2006-09-28 16:55:50 77,568 ----a-w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-15 20:29:52 76,544 ----a-w C:\WINDOWS\system32\drivers\WudfPf.sys
- 2006-09-28 17:00:34 82,944 ----a-w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-09-15 20:30:10 82,688 ----a-w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2007-02-22 08:15:56 137,216 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcd.sys
+ 2007-02-22 08:15:12 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcls.dll
+ 2007-02-22 08:15:12 65,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcocls.dll
+ 2007-02-22 08:15:14 8,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdc_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdc.sys
+ 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdcj_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcj.sys
+ 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdm2k_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcm.sys
+ 2007-11-06 07:26:20 535,040 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\PCCSWpdDriver.dll
+ 2007-11-06 07:20:02 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\WudfUpdate_01005.dll
+ 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\system32\ReinstallBackups\0027\DriverFiles\Rtenicxp.sys
+ 2001-08-23 15:45:10 26,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EP24RES.DLL
- 2006-09-28 18:13:26 95,344 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-15 21:30:16 87,040 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
- 2006-09-28 16:56:38 146,432 ----a-w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-15 21:30:06 142,848 ----a-w C:\WINDOWS\system32\WudfHost.exe
- 2006-09-28 16:56:16 165,376 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-15 20:29:54 163,840 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
- 2006-09-28 16:56:14 55,808 ----a-w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-15 21:30:16 55,296 ----a-w C:\WINDOWS\system32\WudfSvc.dll
+ 2007-11-06 07:20:02 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
- 2006-09-28 16:56:38 316,416 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-15 21:30:16 308,224 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2008-05-01 13:11:05 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7d0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028}]
C:\WINDOWS\system32\yayxxUKd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EA280D-F29F-44F6-B39F-C83E4934A124}]
C:\WINDOWS\system32\ljJcDsqq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOeffG]
cbXOeffG.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm
"MIDI2"= myokent.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
--a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
"WiPen"=C:\Program Files\WiPen\wpmanage.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
"BMbf9979e9"=Rundll32.exe "C:\WINDOWS\system32\cvnnnfym.dll",s
"bcaa4a75"=rundll32.exe "C:\WINDOWS\system32\clsvdbxo.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
"C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule4
"4672:UDP"= 4672:UDP:emule
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
\Shell\AutoRun\command - E:\autorun_PES2008.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 13:10:58 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:16:53
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 844
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 18:20:53
ComboFix-quarantined-files.txt 2008-05-01 16:20:29
ComboFix2.txt 2008-04-21 19:52:14
ComboFix3.txt 2007-11-01 13:18:30
Pre-Run: 45,765,754,880 octets libres
Post-Run: 45,922,099,200 octets libres
319 --- E O F --- 2008-04-22 06:09:54
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
re,
Voici le Combofix après la manip :
(par contre je n'ai pas eu à taper sur 1 le programme s'est exécuter après le glissage ?)
ComboFix 08-04-20.5 - Arnaud 2008-05-01 22:35:29.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1508 [GMT 2:00]
Endroit: C:\Utilitaires\Nouveau dossier\ComboFix.exe
Command switches used :: C:\Utilitaires\Nouveau dossier\CFScript.txt.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\clsvdbxo.dll
C:\WINDOWS\system32\cvnnnfym.dll
C:\WINDOWS\system32\nqwnvtoe.ini
C:\WINDOWS\system32\oxbdvslc.ini
C:\WINDOWS\system32\ulltowkr.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nqwnvtoe.ini
C:\WINDOWS\system32\oxbdvslc.ini
C:\WINDOWS\system32\ulltowkr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 22:21 . 2008-05-01 22:21 <REP> d-------- C:\Program Files\Monte Cristo
2008-05-01 15:23 . 2008-05-01 15:23 <REP> d-------- C:\WINDOWS\LastGood
2008-04-30 13:00 . 2008-04-30 13:00 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia Multimedia Player
2008-04-29 20:36 . 2008-04-30 12:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\DIFX
2008-04-29 20:33 . 2008-04-29 20:36 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia
2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-29 20:32 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Nokia
2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PC Suite
2008-04-29 20:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-29 20:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-29 20:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-29 20:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-29 20:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-29 20:31 . 2008-04-29 20:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-24 14:02 . 2008-04-24 14:02 <REP> d-------- C:\Program Files\Runtime Software
2008-04-23 17:47 . 2008-04-26 09:04 <REP> d-------- C:\Program Files\FILERECOVERY PRO DEMO
2008-04-22 14:02 . 2008-04-22 14:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Malwarebytes
2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-20 22:16 . 2008-05-01 22:39 13,588,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-20 22:16 . 2008-05-01 15:09 185,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-20 22:16 . 2008-05-01 22:39 166,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-20 22:16 . 2008-05-01 15:09 18,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-20 22:15 . 2008-05-01 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
2008-04-18 11:57 . 2008-04-26 09:09 <REP> d-------- C:\Program Files\Seagate
2008-04-18 11:51 . 2008-04-26 09:07 <REP> d-------- C:\Program Files\Ontrack
2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 20:21 --------- d-----w C:\Program Files\Mozilla Firefox2
2008-05-01 15:31 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
2008-05-01 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-26 17:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-26 07:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-23 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
2008-03-30 12:40 --------- d-----w C:\Program Files\Mindjet
2008-03-30 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
2008-03-26 20:09 --------- d-----w C:\Program Files\SopCast
2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2008-03-26 19:07 --------- d-----w C:\Program Files\Vstplugins
2008-03-26 19:05 --------- d-----w C:\Program Files\MSBuild
2008-03-26 19:03 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
2008-03-24 21:27 --------- d-----w C:\Program Files\iPod
2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
2008-03-10 22:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 14:59 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-06 21:20 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm
"MIDI2"= myokent.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
--a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
"WiPen"=C:\Program Files\WiPen\wpmanage.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
"C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule4
"4672:UDP"= 4672:UDP:emule
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555f8ed-1780-11dd-8425-004f4e09fba3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
\Shell\AutoRun\command - E:\autorun_PES2008.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-01 13:10:58 C:\WINDOWS\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:39:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 844
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 22:44:19
ComboFix-quarantined-files.txt 2008-05-01 20:44:03
ComboFix2.txt 2008-05-01 16:20:54
ComboFix3.txt 2008-04-21 19:52:14
ComboFix4.txt 2007-11-01 13:18:30
Pre-Run: 41,623,183,360 octets libres
Post-Run: 41,607,696,384 octets libres
279 --- E O F --- 2008-04-22 06:09:54
Et le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46, on 2008-05-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox2\firefox.exe
C:\WINDOWS\explorer.exe
C:\Utilitaires\Nouveau dossier\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9896 bytes
Encore des soucis ?
Répondre à Angeldark
Non plus aucun problème apparemment.
Bon surf
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
ok c'est fait. Je tiens à te remercier pour ta rapidité et la clarté de tes réponses. Merci encore et bonne continuation à toi.
Rapport :
-->- Recherche:
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Utilitaires\Nouveau dossier\fsbl.exe: trouvé !
C:\Utilitaires\Nouveau dossier\ComboFix.exe: trouvé !
C:\Utilitaires\Nouveau dossier\HijackThis.exe: trouvé !
C:\Utilitaires\Nouveau dossier\SmitFraudFix.exe: trouvé !
C:\Utilitaires\Nouveau dossier\SmitFraudfix: trouvé !
C:\Utilitaires\Nouveau dossier\clean\tar.exe: trouvé !
C:\Utilitaires\Nouveau dossier\clean\remove.reg: trouvé !
C:\Utilitaires\Nouveau dossier\clean\pskill.exe: trouvé !
C:\Utilitaires\Nouveau dossier\clean\LFiles.exe: trouvé !
C:\Utilitaires\Nouveau dossier\clean\gzip.exe: trouvé !
C:\Utilitaires\Nouveau dossier\clean\delsiri.cmd: trouvé !
C:\Utilitaires\Nouveau dossier\clean\delr.cmd: trouvé !
C:\Utilitaires\Nouveau dossier\clean\del3.cmd: trouvé !
C:\Utilitaires\Nouveau dossier\clean\del2.cmd: trouvé !
C:\Utilitaires\Nouveau dossier\clean\clean.cmd: trouvé !
C:\Utilitaires\Nouveau dossier\clean\cherche.cmd: trouvé !
---------------------------------
-->- Suppression:
C:\Utilitaires\Nouveau dossier\fsbl.exe: supprimé !
C:\Utilitaires\Nouveau dossier\ComboFix.exe: supprimé !
C:\Utilitaires\Nouveau dossier\HijackThis.exe: supprimé !
C:\Utilitaires\Nouveau dossier\SmitFraudFix.exe: supprimé !
C:\Utilitaires\Nouveau dossier\clean\tar.exe: supprimé !
C:\Utilitaires\Nouveau dossier\clean\remove.reg: supprimé !
C:\Utilitaires\Nouveau dossier\clean\pskill.exe: supprimé !
C:\Utilitaires\Nouveau dossier\clean\LFiles.exe: supprimé !
C:\Utilitaires\Nouveau dossier\clean\gzip.exe: supprimé !
C:\Utilitaires\Nouveau dossier\clean\delsiri.cmd: supprimé !
C:\Utilitaires\Nouveau dossier\clean\delr.cmd: supprimé !
C:\Utilitaires\Nouveau dossier\clean\del3.cmd: supprimé !
C:\Utilitaires\Nouveau dossier\clean\del2.cmd: supprimé !
C:\Utilitaires\Nouveau dossier\clean\clean.cmd: supprimé !
C:\Utilitaires\Nouveau dossier\clean\cherche.cmd: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Utilitaires\Nouveau dossier\SmitFraudfix: supprimé !
Il y a 2252 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
