Bonjour à tous,
Voila j'ai fais une c...rie et j'ai eu droit a virtumonde et Malwarecore qui ont bien été detecté par Spybot.
J'ai fait un nettoyage, mais au boot du PC spybot s'affole.
J'ai donc lancé HijackThis dont voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:19, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\rundll32.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\rundll32.exe
C:\windows\explorer.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/u [...] atform=x86
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CCA2B40-4543-4038-BF9A-C8A8ED19789E} - C:\windows\system32\hgGvursQ.dll (file missing)
O2 - BHO: (no name) - {4EA844E3-F761-4B05-9FD2-ED8CCFB25C83} - C:\windows\system32\geBrrQih.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\windows\system32\hgGaXOGa.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3cb391f8] rundll32.exe "C:\windows\system32\sqrktonf.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1079] command /c del "C:\WINDOWS\system32\geBrrQih.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4097] cmd /c del "C:\WINDOWS\system32\geBrrQih.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6660] command /c del "C:\WINDOWS\system32\hgGvursQ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7367] cmd /c del "C:\WINDOWS\system32\hgGvursQ.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: hgGaXOGa - C:\windows\SYSTEM32\hgGaXOGa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
--
End of file - 24196 bytes
Merci de m'aider d'avance à finir de nettoyer mon PC
Message édité par FPSGAME le 20-05-2008 à 19:39:21
Salut,
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Répondre à XmichouX
Merci de m'aider
Voici le rapport de combo fix
ComboFix 08-05-15.3 - Fred 2008-05-17 13:09:11.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\pskt.ini
C:\windows\system32\cvshvven.ini
C:\WINDOWS\system32\IhggOXyb.ini
C:\WINDOWS\system32\IhggOXyb.ini2
C:\windows\system32\nopVCcdd.ini
C:\WINDOWS\system32\nopVCcdd.ini2
C:\windows\system32\slmuseke.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:03 . 2008-05-17 13:03 134,144 --a------ C:\WINDOWS\system32\iwlwmrns.dll
2008-05-17 13:00 . 2008-05-17 13:00 116,224 --a------ C:\WINDOWS\system32\ekesumls.dll
2008-05-17 12:55 . 2008-05-17 12:55 125,952 --a------ C:\WINDOWS\system32\ipejfejr.dll
2008-05-17 11:19 . 2008-05-17 11:19 134,144 --a------ C:\WINDOWS\system32\feubjauh.dll
2008-05-17 11:07 . 2008-05-17 11:07 125,952 --a------ C:\WINDOWS\system32\nicaikoc.dll
2008-05-17 10:12 . 2008-05-17 10:12 <REP> d-------- C:\VundoFix Backups
2008-05-17 10:02 . 2008-05-17 10:02 116,736 --a------ C:\WINDOWS\system32\tttwadlm.dll
2008-05-17 09:59 . 2008-05-17 09:59 135,680 --a------ C:\WINDOWS\system32\ehmclstl.dll
2008-05-17 09:57 . 2008-05-17 09:57 125,952 --a------ C:\WINDOWS\system32\uksaprdn.dll
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-17 08:48 . 2008-05-17 08:48 135,680 --a------ C:\WINDOWS\system32\qlebnpgw.dll
2008-05-17 08:45 . 2008-05-17 08:45 125,952 --a------ C:\WINDOWS\system32\pupheghq.dll
2008-05-17 08:12 . 2008-05-17 08:12 115,712 --a------ C:\WINDOWS\system32\gfedkauk.dll
2008-05-17 08:03 . 2008-05-17 08:03 133,632 --a------ C:\WINDOWS\system32\fupmbnxf.dll
2008-05-17 08:00 . 2008-05-17 08:00 125,440 --a------ C:\WINDOWS\system32\edbkpmij.dll
2008-05-17 08:00 . 2008-05-17 13:16 109,807 --a------ C:\WINDOWS\BM3f80a264.xml
2008-05-16 19:58 . 2008-05-16 19:58 115,712 --a------ C:\WINDOWS\system32\kncqgdlf.dll
2008-05-16 19:46 . 2008-05-16 19:46 93,696 --------- C:\WINDOWS\version.exe
2008-05-16 19:46 . 2008-05-16 19:46 58,880 --a------ C:\WINDOWS\system32\hgGaXOGa.dll
2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 87,608 ----a-w C:\Documents and Settings\Fred\Application Data\inst.exe
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-17 11:13:55 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
2008-05-16 19:46 58880 --a------ C:\windows\system32\hgGaXOGa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
C:\windows\system32\ddcCVpon.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7671"="command /c del C:\WINDOWS\system32\ddcCVpon.dll_old" [ ]
"SpybotDeletingD1450"="cmd /c del C:\WINDOWS\system32\ddcCVpon.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-05 19:09 185896]
"3cb391f8"="C:\windows\system32\ekesumls.dll" [2008-05-17 13:00 116224]
"BM3f80a264"="C:\windows\system32\ipejfejr.dll" [2008-05-17 12:55 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\windows\system32\hgGaXOGa.dll [2008-05-16 19:46 58880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
hgGaXOGa.dll 2008-05-16 19:46 58880 C:\WINDOWS\system32\hgGaXOGa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-22 11:49]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 13:15:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\windows\system32\winlogon.exe
-> C:\windows\system32\hgGaXOGa.dll
PROCESS: C:\windows\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\windows\explorer.exe
-> C:\windows\system32\ekesumls.dll
-> C:\windows\system32\ipejfejr.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 13:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 11:22:10
ComboFix2.txt 2008-05-17 09:09:52
Pre-Run: 16,353,153,024 octets libres
Post-Run: 16,338,010,112 octets libres
302 --- E O F --- 2008-05-14 19:32:26
avant de le faire, j'ai laisser spybot travailler.
Il scanne bien detecte bien Virtumonde et virtumonde.dll, les detruit, mais cet enfoiré revient a chaque fois 
Merci de m'aider à l'eradiquer definitivement.
Oups je n'avais pas completement desactiver spybot et l'antivirus:
Voila le nouveau rapport:
ComboFix 08-05-15.3 - Fred 2008-05-17 13:38:14.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\pskt.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:22 . 2008-05-17 13:22 294 ---hs---- C:\WINDOWS\system32\slmuseke.ini
2008-05-17 13:03 . 2008-05-17 13:03 134,144 --a------ C:\WINDOWS\system32\iwlwmrns.dll
2008-05-17 13:00 . 2008-05-17 13:00 116,224 --a------ C:\WINDOWS\system32\ekesumls.dll
2008-05-17 12:55 . 2008-05-17 12:55 125,952 --a------ C:\WINDOWS\system32\ipejfejr.dll
2008-05-17 11:19 . 2008-05-17 11:19 134,144 --a------ C:\WINDOWS\system32\feubjauh.dll
2008-05-17 11:07 . 2008-05-17 11:07 125,952 --a------ C:\WINDOWS\system32\nicaikoc.dll
2008-05-17 10:12 . 2008-05-17 10:12 <REP> d-------- C:\VundoFix Backups
2008-05-17 10:02 . 2008-05-17 10:02 116,736 --a------ C:\WINDOWS\system32\tttwadlm.dll
2008-05-17 09:59 . 2008-05-17 09:59 135,680 --a------ C:\WINDOWS\system32\ehmclstl.dll
2008-05-17 09:57 . 2008-05-17 09:57 125,952 --a------ C:\WINDOWS\system32\uksaprdn.dll
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-17 08:48 . 2008-05-17 08:48 135,680 --a------ C:\WINDOWS\system32\qlebnpgw.dll
2008-05-17 08:45 . 2008-05-17 08:45 125,952 --a------ C:\WINDOWS\system32\pupheghq.dll
2008-05-17 08:12 . 2008-05-17 08:12 115,712 --a------ C:\WINDOWS\system32\gfedkauk.dll
2008-05-17 08:03 . 2008-05-17 08:03 133,632 --a------ C:\WINDOWS\system32\fupmbnxf.dll
2008-05-17 08:00 . 2008-05-17 08:00 125,440 --a------ C:\WINDOWS\system32\edbkpmij.dll
2008-05-17 08:00 . 2008-05-17 13:28 109,825 --a------ C:\WINDOWS\BM3f80a264.xml
2008-05-16 19:58 . 2008-05-16 19:58 115,712 --a------ C:\WINDOWS\system32\kncqgdlf.dll
2008-05-16 19:46 . 2008-05-16 19:46 93,696 --------- C:\WINDOWS\version.exe
2008-05-16 19:46 . 2008-05-16 19:46 58,880 --a------ C:\WINDOWS\system32\hgGaXOGa.dll
2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 87,608 ----a-w C:\Documents and Settings\Fred\Application Data\inst.exe
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-17 11:35:11 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
2008-05-16 19:46 58880 --a------ C:\windows\system32\hgGaXOGa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
C:\windows\system32\ddcCVpon.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-05 19:09 185896]
"BM3f80a264"="C:\windows\system32\ipejfejr.dll" [2008-05-17 12:55 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\windows\system32\hgGaXOGa.dll [2008-05-16 19:46 58880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
hgGaXOGa.dll 2008-05-16 19:46 58880 C:\WINDOWS\system32\hgGaXOGa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"3cb391f8"=rundll32.exe "C:\windows\system32\ekesumls.dll",b
"BM3f80a264"=Rundll32.exe "C:\windows\system32\ipejfejr.dll",s
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-22 11:49]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 13:41:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\windows\system32\winlogon.exe
-> C:\windows\system32\hgGaXOGa.dll
PROCESS: C:\windows\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Temps d'accomplissement: 2008-05-17 13:44:27
ComboFix-quarantined-files.txt 2008-05-17 11:44:25
ComboFix2.txt 2008-05-17 11:22:25
ComboFix3.txt 2008-05-17 09:09:52
Pre-Run: 16,347,693,056 octets libres
Post-Run: 16,334,929,920 octets libres
277 --- E O F --- 2008-05-14 19:32:26
Re,
C'est toi qui a créé C:\Temp ?
*******
Sélectionne l'intégralité du cadre ci-dessous :
Driver::
|
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Répondre à XmichouX
Oui c'est moi qui ai créé ce c
Temp
Merci je fais la manoeuvre et te redonne le rapport
Voici le rapport de Combofix
ComboFix 08-05-15.3 - Fred 2008-05-17 14:21:30.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.589 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\BM3f80a264.xml
C:\windows\system32\ddcCVpon.dll
C:\WINDOWS\system32\edbkpmij.dll
C:\WINDOWS\system32\ehmclstl.dll
C:\windows\system32\ekesumls.dll
C:\WINDOWS\system32\ekesumls.dll
C:\WINDOWS\system32\feubjauh.dll
C:\WINDOWS\system32\fupmbnxf.dll
C:\WINDOWS\system32\gfedkauk.dll
C:\windows\system32\hgGaXOGa.dll
C:\windows\system32\ipejfejr.dll
C:\WINDOWS\system32\iwlwmrns.dll
C:\WINDOWS\system32\kncqgdlf.dll
C:\WINDOWS\system32\nicaikoc.dll
C:\WINDOWS\system32\pupheghq.dll
C:\WINDOWS\system32\qlebnpgw.dll
C:\WINDOWS\system32\slmuseke.ini
C:\WINDOWS\system32\tttwadlm.dll
C:\WINDOWS\system32\uksaprdn.dll
C:\WINDOWS\version.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Fred\Application Data\inst.exe
C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\BOONTYGames
C:\Program Files\BOONTYGames\Components\bureau.url
C:\Program Files\BOONTYGames\Components\Joystick.ico
C:\Program Files\BOONTYGames\Components\start.url
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\VundoFix Backups
C:\WINDOWS\BM3f80a264.xml
C:\windows\pskt.ini
C:\WINDOWS\system32\edbkpmij.dll
C:\WINDOWS\system32\ehmclstl.dll
C:\WINDOWS\system32\ekesumls.dll
C:\windows\system32\ekudxkmk.ini
C:\WINDOWS\system32\feubjauh.dll
C:\WINDOWS\system32\fupmbnxf.dll
C:\WINDOWS\system32\gfedkauk.dll
C:\windows\system32\hgGaXOGa.dll
C:\windows\system32\ipejfejr.dll
C:\WINDOWS\system32\iwlwmrns.dll
C:\WINDOWS\system32\kncqgdlf.dll
C:\WINDOWS\system32\nicaikoc.dll
C:\WINDOWS\system32\pupheghq.dll
C:\WINDOWS\system32\qlebnpgw.dll
C:\WINDOWS\system32\slmuseke.ini
C:\windows\system32\t.txt
C:\WINDOWS\system32\tttwadlm.dll
C:\WINDOWS\system32\uksaprdn.dll
C:\windows\system32\uvCKRXbc.ini
C:\WINDOWS\system32\uvCKRXbc.ini2
C:\WINDOWS\version.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 14:00 . 2008-05-17 14:00 134,144 --a------ C:\WINDOWS\system32\olxnshug.dll
2008-05-17 13:57 . 2008-05-17 13:57 116,224 --a------ C:\WINDOWS\system32\kmkxduke.dll
2008-05-17 13:52 . 2008-05-17 13:52 125,952 --a------ C:\WINDOWS\system32\hggqymhj.dll
2008-05-17 13:51 . 2008-05-17 13:51 371,712 --a------ C:\WINDOWS\system32\cbXRKCvu.dll
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-17 12:27:00 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4CFBF2-89B6-4579-8C21-096C9902E8A4}]
2008-05-17 13:51 371712 --a------ C:\windows\system32\cbXRKCvu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fecd6c14-d53f-4973-8dc5-77984c35d055}]
2008-05-17 14:00 134144 --a------ C:\windows\system32\olxnshug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 14:27:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\windows\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 14:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 12:32:28
ComboFix2.txt 2008-05-17 11:44:28
ComboFix3.txt 2008-05-17 11:22:25
ComboFix4.txt 2008-05-17 09:09:52
Pre-Run: 17,556,213,760 octets libres
Post-Run: 17,540,603,904 octets libres
322 --- E O F --- 2008-05-14 19:32:26
Re,
Je te conseille fortement de vider ce dossier C:\temp !
Sélectionne l'intégralité du cadre ci-dessous :
File::
|
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Répondre à XmichouX
J'ai supprimé le fichier Temp (il n'y avait pas grand chose d'important dedans)
Voici le nouveau rapport:
ComboFix 08-05-15.3 - Fred 2008-05-17 15:17:02.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.585 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\windows\system32\cbXRKCvu.dll
C:\WINDOWS\system32\hggqymhj.dll
C:\WINDOWS\system32\kmkxduke.dll
C:\windows\system32\olxnshug.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\pskt.ini
C:\windows\system32\cbXRKCvu.dll
C:\WINDOWS\system32\hggqymhj.dll
C:\WINDOWS\system32\kmkxduke.dll
C:\windows\system32\olxnshug.dll
C:\windows\system32\uvCKRXbc.ini
C:\WINDOWS\system32\uvCKRXbc.ini2
C:\windows\system32\xiiloqcr.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 15:02 . 2008-05-17 15:02 134,144 --a------ C:\WINDOWS\system32\uutpbtba.dll
2008-05-17 15:02 . 2008-05-17 15:02 116,224 --a------ C:\WINDOWS\system32\rcqoliix.dll
2008-05-17 14:57 . 2008-05-17 14:57 125,952 --a------ C:\WINDOWS\system32\bqwhffgn.dll
2008-05-17 14:57 . 2008-05-17 15:25 109,807 --a------ C:\WINDOWS\BM3f80a264.xml
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-17 13:22:23 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 13:23:46 16,384 --sha-w C:\windows\TEMP\Cookies\index.dat
+ 2008-05-17 13:23:46 32,768 --sha-w C:\windows\TEMP\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2008-05-17 13:23:46 16,384 --sha-w C:\windows\TEMP\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e57eff-1336-40b0-97c9-38b4371ca742}]
2008-05-17 15:02 134144 --a------ C:\windows\system32\uutpbtba.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"3cb391f8"="C:\windows\system32\rcqoliix.dll" [2008-05-17 15:02 116224]
"BM3f80a264"="C:\windows\system32\bqwhffgn.dll" [2008-05-17 14:57 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 15:23:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\windows\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 15:28:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 13:28:53
ComboFix2.txt 2008-05-17 12:32:33
ComboFix3.txt 2008-05-17 11:44:28
ComboFix4.txt 2008-05-17 11:22:25
ComboFix5.txt 2008-05-17 09:09:52
Pre-Run: 29,043,687,424 octets libres
Post-Run: 29,033,414,656 octets libres
275 --- E O F --- 2008-05-14 19:32:26
Up!!!!
C'est nettoyé maintenant ou non??
J'ai refait un combofix en mode sans echec et un passage de hijachthis en mode normal voila les resultats:
Combofix:
ComboFix 08-05-15.3 - Fred 2008-05-17 18:41:29.6 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.796 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\pskt.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 15:29 . 2008-05-17 18:21 414 ---hs---- C:\WINDOWS\system32\xiiloqcr.ini
2008-05-17 15:02 . 2008-05-17 15:02 134,144 --a------ C:\WINDOWS\system32\uutpbtba.dll
2008-05-17 15:02 . 2008-05-17 15:02 116,224 --a------ C:\WINDOWS\system32\rcqoliix.dll
2008-05-17 14:57 . 2008-05-17 14:57 125,952 --a------ C:\WINDOWS\system32\bqwhffgn.dll
2008-05-17 14:57 . 2008-05-17 17:20 109,836 --a------ C:\WINDOWS\BM3f80a264.xml
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 16:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-17 16:40:31 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\windows\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\windows\system32\MRT.exe
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e57eff-1336-40b0-97c9-38b4371ca742}]
2008-05-17 15:02 134144 --a------ C:\windows\system32\uutpbtba.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"BM3f80a264"="C:\windows\system32\bqwhffgn.dll" [2008-05-17 14:57 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 18:43:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 18:46:16
ComboFix-quarantined-files.txt 2008-05-17 16:46:15
ComboFix2.txt 2008-05-17 13:29:01
ComboFix3.txt 2008-05-17 12:32:33
ComboFix4.txt 2008-05-17 11:44:28
ComboFix5.txt 2008-05-17 11:22:25
Pre-Run: 33,674,719,232 octets libres
Post-Run: 33,662,332,928 octets libres
239 --- E O F --- 2008-05-17 13:59:10
-----------------------------------------------------------------------------------------------
Et Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:07, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\Rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/u [...] atform=x86
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {247ac173-4b83-9c79-0b04-6331ffe75e2d} - {d2e57eff-1336-40b0-97c9-38b4371ca742} - C:\windows\system32\uutpbtba.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM3f80a264] Rundll32.exe "C:\windows\system32\bqwhffgn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
--
End of file - 22286 bytes
C'est bon ou non????
Re,
L'infection se regénère 
1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm
2) Télécharge Dr.Web CureIt sur ton Bureau:
Rend toi sur cette page afin de télécharger le fichier CureIt.com > http://www.sendspace.com/file/9nnh7y
pour cela, clique sur le lien en bas de page > 
Download Link: CureIt.com
- Double clique sur le fichier drweb-cureit.com
Si le lien ne marche pas : ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
et ensuite clique sur commencer le scan.
- Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire ; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
**Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
- Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
- Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique sur "Ok"
- De retour à la fenêtre principale : clique sur le bouton radio "Analyse complète".
- Clique sur la[color=green] flèche verte[/color] sur la droite, et le scan débutera.
- Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique sur "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés :
- Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
- Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
- Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.
***********
TOUJOURS EN MODE SANS ECHEC
Sélectionne l'intégralité du cadre ci-dessous :
File:: Registry:: |
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Message édité par XmichouX le 17-05-2008 à 20:21:28
Répondre à XmichouX
Merci enormement pour le temps que tu passe à m'aider.
C'est super sympa.
Juste un question: aprés l'utilisation de Cureit sur le dernier redemarrage avant l'utilisation de combofix, ce dernier redemarrage doit se faire en mode sans echec ou en mode normal??
Merci
l'acces internet est tellement bloqué que je ne peux voir ton lien:
http://www.sendspace.com/file/9nnh7y
Par contre si c'est une image merci de me donner le lien direct car le telechargement fonctionne encore lui
Re,
Redémarre normalement.
Puis retourne en mode sans échec pour ComboFix 
Le premier lien est en effet invalide, va sur le deuxième 
Répondre à XmichouX
Mouarfff c'est moi qui bug cette fois ci :-))
Je parlais de ce lien http://cybersecurite.xooit.com/t88 [...] -echec.htm
Je n'arrive pas à l'afficher
Et celui-là ?
-> http://www.infos-du-net.com/forum/ [...] ]Redémarre en mode sans échec
Répondre à XmichouX
Bonjour,
Bon cureit a tourné toute la nuit voici le rapport:
RegUBP2b-Fred.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
VipNOCD.EXE;C:\Jeux\Lemmings Revolution;Tool.GameCrack;Irréparable.Quarantaine.;
3LSEESCA.NQF;C:\Program Files\ESET\infected;Trojan.LowZones.882;Supprimé.;
5QA35KAA.NQF;C:\Program Files\ESET\infected;Trojan.StartPage.21155;Supprimé.;
AZ5T01AA.NQF;C:\Program Files\ESET\infected;Trojan.PWS.Egspy;Supprimé.;
COVR0YCA.NQF;C:\Program Files\ESET\infected;BackDoor.Bulknet.108;Supprimé.;
F1ONNKBA.NQF;C:\Program Files\ESET\infected;Trojan.Packed.149;Irréparable.Quarantaine.;
W43QSCBA.NQF;C:\Program Files\ESET\infected;Trojan.Click.17167;Supprimé.;
WVED3ADA.NQF;C:\Program Files\ESET\infected;BackDoor.Bifrost.79;Supprimé.;
A0128310.EXE;C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP663;Program.PsExec.170;Irréparable.Quarantaine.;
A0128422.reg;C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP664;Trojan.StartPage.1505;Supprimé.;
et voici le rapport de combofix
ComboFix 08-05-15.3 - Fred 2008-05-18 7:49:01.7 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.784 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\BM3f80a264.xml
C:\windows\system32\bqwhffgn.dll
C:\WINDOWS\system32\rcqoliix.dll
C:\windows\system32\uutpbtba.dll
C:\WINDOWS\system32\xiiloqcr.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM3f80a264.xml
C:\windows\pskt.ini
C:\windows\system32\bqwhffgn.dll
C:\WINDOWS\system32\rcqoliix.dll
C:\windows\system32\uutpbtba.dll
C:\WINDOWS\system32\xiiloqcr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 16:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-18 05:47:38 2,048 --s-a-w C:\windows\bootstat.dat
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\windows\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\windows\system32\MRT.exe
- 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
+ 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
- 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
+ 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
- 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
+ 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
- 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
+ 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 07:51:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 7:54:33
ComboFix-quarantined-files.txt 2008-05-18 05:54:32
ComboFix2.txt 2008-05-17 16:46:17
ComboFix3.txt 2008-05-17 13:29:01
ComboFix4.txt 2008-05-17 12:32:33
ComboFix5.txt 2008-05-17 11:44:28
Pre-Run: 33,600,544,768 octets libres
Post-Run: 33,588,015,104 octets libres
248 --- E O F --- 2008-05-17 13:59:10
J'espere que cette fois ça a marché
Tant que j'y suis j'ai repassé un petit coup de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:06, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\CTHELPER.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wscntfy.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/u [...] atform=x86
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
--
End of file - 21880 bytes
Il me semble que c'est bel et bien fini les soucis avec ce trojan, non??
Cette fois, ça a l'air bon oui?
Nod32 marche correctement ?
Et ZoneAlarm? <- apparemment non.
Répondre à XmichouX
Cette fois, ça a l'air bon oui?
Nod32 marche correctement ?
Et ZoneAlarm? <- apparemment non.
Répondre à XmichouX
Cette fois ça a l'air effectivement bon.
Sybot me redemandait encore de faire des corrections, donc je ne me suis pas pris la tete, je l'ai completement desinstallé et réinstallé.
Aprés un scan en effet virtumonde n'est plus detecté, donc il ne doit plus etre la.
Concernant NOD32, je viens de faire un scan complet et aucun soucis.
Pour Zone alarm, c'est un relicat de quand je l'avait installé. En effet à l'epoque je n'avait pas de modem/routeur et donc avait besoin d'un firewall.
Maintenant j'ai un firewall avec mon routeur.
Encore une fois un enorme merci pour ton aide.
Re,
Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 |
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !
Relance HijackThis
- Clique sur Open the Misc Tools Section.
- Choisis Delete an NT Service .
- Tape TUWinStylerThemeSvc et valide.
Fais la même chose avec vsmon
Message édité par XmichouX le 18-05-2008 à 13:29:26
Répondre à XmichouX
Ok
C'est quoi TUWinStylerThemeSvc ???
Je viens de faire ton nettoyage et aprés un reboot voici le nouveau rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:43, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\system32\nvsvc32.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {984F2F13-D8B7-4A73-99AA-DA5BB0B443D7} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - Winlogon Notify: hgGaXOGa - C:\windows\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
--
End of file - 9669 bytes
Malheureusement WinStylerThemeSvc et vsmon ne veulent pas disparaitre.
Re,
Sélectionne l’intégralité du cadre ci-dessous :
@echo off & cls
|
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
L'infection est revenue ..
Répondre à XmichouX
L'infection est revenue???
Je ne vois rien d'anormal sur le comportement de la machine !!
voici le rapport de ton fichier bat:
Rapport commencé sur l'ordinateur de Fred le 18/05/2008 @ 15:43:55,12
****** Désactivation des services ******
Le service TUWinStylerThemeSvc a bien été désactivé.
Le service vsmon a bien été désactivé.
****** Suppression des services ******
Le service TUWinStylerThemeSvc a bien été supprimé.
Le service vsmon a bien été supprimé.
Rapport terminé à 15:43:55,73
et voici le rapport hijackthis fait juste aprés:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:12, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\system32\nvsvc32.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\WinHTTrack\WinHTTrack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {984F2F13-D8B7-4A73-99AA-DA5BB0B443D7} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - Winlogon Notify: hgGaXOGa - C:\windows\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
--
End of file - 9472 bytes
Re,
On recommence ..
Repasse ComboFix, poste son rapport.
Répondre à XmichouX
Voila le nouveau rapport de combofix (mode ss echec avec prise en charge reseau)
ComboFix 08-05-15.3 - Fred 2008-05-18 17:31:29.8 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.785 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 11:01 . 2008-05-18 11:01 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 07:58 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 17:34:12
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 17:36:51
ComboFix-quarantined-files.txt 2008-05-18 15:36:49
ComboFix2.txt 2008-05-18 05:54:34
ComboFix3.txt 2008-05-17 16:46:17
ComboFix4.txt 2008-05-17 13:29:01
ComboFix5.txt 2008-05-17 12:32:33
Pre-Run: 37,097,115,648 octets libres
Post-Run: 37,087,371,264 octets libres
216 --- E O F --- 2008-05-17 13:59:10
Re,
Sélectionne l'intégralité du cadre ci-dessous :
DirLook::
|
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Répondre à XmichouX
Voila le nouveau rapport:
ComboFix 08-05-15.3 - Fred 2008-05-18 18:06:11.9 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.784 [GMT 2:00]
Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 11:01 . 2008-05-18 11:01 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 07:58 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\Club PoM ----
2008-05-08 18:01 652 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Utilisateurs\Xx.UTL
2008-05-08 18:01 300 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Préférences.PRF
1999-04-15 17:43 26817 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX004.KR2
1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX003.KR2
1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX002.KR2
1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX001.KR2
1999-04-15 17:42 37033 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX005.KR2
1999-04-15 17:42 20432 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX006.KR2
((((((((((((((((((((((((((((( snapshot@2008-05-18_17.36.44,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 15:30:21 2,048 --s-a-w C:\windows\bootstat.dat
+ 2008-05-18 16:04:48 2,048 --s-a-w C:\windows\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
"ctfmon.exe"=C:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Jeux\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Jeux\\DriftCity\\DriftCity.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"C:\\Jeux\\TmUnitedForever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8352:TCP"= 8352:TCP:BitComet 8352 TCP
"8352:UDP"= 8352:UDP:BitComet 8352 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 18:08:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 18:11:06
ComboFix-quarantined-files.txt 2008-05-18 16:11:04
ComboFix2.txt 2008-05-18 15:36:51
ComboFix3.txt 2008-05-18 05:54:34
ComboFix4.txt 2008-05-17 16:46:17
ComboFix5.txt 2008-05-17 13:29:01
Pre-Run: 37,067,100,160 octets libres
Post-Run: 37,057,712,128 octets libres
229 --- E O F --- 2008-05-17 13:59:10
ça semble Ok,
reposte un Hijack'
Répondre à XmichouX
Voila le Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:25, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
--
End of file - 9175 bytes
Re,
Télécharge Clean (de Malekal) sur ton Bureau.
- Dézippe le sur ton bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
- Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
- Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
- Poste le rapport qui se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
Répondre à XmichouX
Voila je suis en train d'envoyer le fichier C:\upload_moi_MINUS.tar.gz de 17 mo sur le site que tu m'a indiqué.
Voila le rapport clean:
18/05/2008 a 21:31:48,10
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\windows\
*** Recherche des fichiers dans C:\windows\system32
C:\windows\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
- Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide : Comment utiliser MBAM.
**********
Toujours en mode sans échec :
- Relance Clean
- Fais l’option 2 cette fois-ci et poste le rapport.
- Le rapport se trouve ici : C:\rapport_clean.txt
Aide : Comment utiliser Clean.
Répondre à XmichouX
Ok merci
Je fais cela des ce soir et te donne les resultats
Voila donc les deux rapport que tu m'a demandé:
Malwarebytes's:
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762
Type de recherche: Examen complet (C:\|)
Eléments examinés: 192819
Temps écoulé: 58 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Clean:
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 19/05/2008 a 18:57:11,21
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\windows\
*** Suppression des fichiers dans C:\windows\system32
tentative de suppression de C:\windows\system32\SpoonUninstall.exe
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
bonsoir
XmichouX est absent pour quelques jours, on reprends ses sujets
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/
~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.
~Sélectionne le poste de travail comme analyse.
~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Tuto du scan en ligne
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Merci.
Je lance le scan et envoi le rapport des qu'il est disponible.
pas de souci
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Le scan a tourné toute la nuit, il a trouvé des trucs, mais impossible d'accéder a l'enregistrement du rapport !!!!!!
Question:
Ne veut il pas mieux que j'installe une version d'evaluation de Kapersky (je desactive temporairement Nod32) et que je lance un scan et un nettoyage???
bonjour
comme tu veux, je veux surtout voir un rapport de scan
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Ouf j'ai lancé le scan on line a midi et j'ai pu avoir le rapport:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 20, 2008 6:26:44 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 20/05/2008
Enregistrements dans la base antivirus Kaspersky : 702681
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Statistiques de l'analyse:
Total d'objets analysés: 391700
Nombre de virus trouvés: 5
Nombre d'objets infectés: 26 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 05:26:15
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Creative\CADI\Preset\PCI_BUS1102-5-211102-DC00.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da73b6f24562fbf94438ac5748f1ff59_268f2781-b19d-405b-a42e-332a5fb82615 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4df0c777cfadc01c593d8ae76a75681_268f2781-b19d-405b-a42e-332a5fb82615 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\UserData\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\DoctorWeb\Quarantine\F1ONNKBA.NQF Infecté : Trojan.Win32.Obfuscated.en ignoré
C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Historique\History.IE5\MSHist012008052020080521\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Temp\WCESLog.log L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Fred\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\itouch_crash_info.txt L'objet est verrouillé ignoré
C:\Program Files\Creative\ShareDLL\CADI\CTPLang.dat L'objet est verrouillé ignoré
C:\Program Files\ESET\cache\CACHE.NDB L'objet est verrouillé ignoré
C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe/data0008 Infecté : Trojan-Downloader.Win32.Agent.jsc ignoré
C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe/data0012 Infecté : Trojan-Downloader.Win32.PurityScan.fy ignoré
C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe Infecté : Trojan-Downloader.Win32.PurityScan.fy ignoré
C:\Program Files\ESET\infected\TYRLOMDA.NQF RAR: infecté - 3 ignoré
C:\Program Files\ESET\infected\TYRLOMDA.NQF PE-Crypt.XorPE: infecté - 3 ignoré
C:\Program Files\ESET\logs\virlog.dat L'objet est verrouillé ignoré
C:\Program Files\ESET\logs\warnlog.dat L'objet est verrouillé ignoré
C:\Program Files\Microsoft Office\Modèles\Normal.dot L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\ehmclstl.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\feubjauh.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\iwlwmrns.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\olxnshug.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\qlebnpgw.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\uutpbtba.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP663\A0128291.dll Infecté : Trojan.Win32.Monder.gen ignoré
C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP664\A0128449.dll Infecté : Trojan.Win32.Monder.gen ignoré
C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP666\change.log L'objet est verrouillé ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ehmclstl.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/feubjauh.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/iwlwmrns.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/olxnshug.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qlebnpgw.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/uutpbtba.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz/upload_moi.tar Infecté : Trojan.Win32.Monder.gen ignoré
C:\upload_moi_MINUS.tar.gz GZIP: infecté - 7 ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.
re
c'est ok
d'autres soucis?
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Non c'est bon
Je supprime le repertoire C:\QooBox\ ou d'autres fichiers pour nettoyer tout cela???
Il y a 2341 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
