infection vundo?
Forum Sécurité - Virus : infection vundo?
impossible de me debarasser de cette salete de virus, dites moi la marche a suivre svp
merci d avance
Un bonjour ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
bonjou bien evidemment, mes nerfs m ont fait perdre mon sens de la politesse, je m en excuse...
voici le rapport hijack this que je poste via un autre ordi, car le mien est vraiment en rade
voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2008-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B41CC7BD-5FA9-47AF-83EA-B076E833F47E} - C:\WINDOWS\system32\urqNEWOI.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/ [...] NPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
--
Apparemment ok.
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
voici le rapport combofix
ComboFix 08-05-26.2 - Rafael 2008-05-27 19:38:51.6 - [color=red]FAT32[/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 2:00]
Endroit: C:\Documents and Settings\Rafael\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d--hs---- C:\FOUND.005
2008-05-22 14:25 . 2008-05-22 14:25 <REP> d--hs---- C:\FOUND.004
2008-05-21 13:30 . 2008-05-21 13:30 <REP> d--hs---- C:\FOUND.003
2008-05-21 13:07 . 2008-05-21 13:07 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\libresystem
2008-05-17 19:36 . 2008-05-17 19:36 <REP> d-------- C:\Documents and Settings\Francoise\Application Data\libresystem
2008-05-17 17:38 . 2008-05-17 17:38 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\libresystem
2008-05-17 17:33 . 2008-05-17 17:33 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
2008-05-17 17:30 . 2008-05-17 17:30 263,192 --a------ C:\Documents and Settings\Bernard\Application Data\setup_fr[1].exe
2008-05-17 01:06 . 2008-05-17 01:06 <REP> d--hs---- C:\FOUND.002
2008-05-16 14:45 . 2008-05-16 14:45 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\Malwarebytes
2008-05-15 18:21 . 2008-05-15 18:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\Malwarebytes
2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 17:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 17:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-14 23:06 . 2008-05-14 23:06 <REP> d-------- C:\Program Files\Navilog1
2008-05-14 09:24 . 2008-05-14 09:25 0 --a------ C:\WINDOWS\system32\0
2008-05-14 01:20 . 2008-05-14 01:20 <REP> d-------- C:\Program Files\Trend Micro
2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\ubi.com
2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2008-04-29 19:23 . 2001-07-30 18:03 185,344 --a------ C:\WINDOWS\patchw32.dll
2008-04-29 19:19 . 2008-04-29 19:19 <REP> d-------- C:\Program Files\Destroyer Command
2008-04-29 19:19 . 2008-04-29 19:23 971,211 --a------ C:\WINDOWS\DESCMDUninst.isu
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 12:22 66,436 ----a-w C:\Program Files\jboubarne2932337638.xml
2008-05-26 11:38 404,442 ----a-w C:\Program Files\lindamoh3654875012.xml
2008-05-22 16:28 47,543 ----a-w C:\Program Files\yoyoyo1975281850942823.xml
2008-05-22 16:03 1,376,454 ----a-w C:\Program Files\beeboune95860580370.xml
2008-05-21 11:14 52,532 ----a-w C:\Program Files\natino_romeo1040865329.xml
2008-05-15 15:13 37,417 ----a-w C:\Program Files\patpongcrew2024556737.xml
2008-05-10 11:31 11,326 ----a-w C:\Program Files\ptititoy1688887506.xml
2008-05-09 17:42 37,631 ----a-w C:\Program Files\thansita_t125840022.xml
2008-05-07 12:39 88,811 ----a-w C:\Program Files\divadestruction271957962256.xml
2008-05-03 13:44 2,296 ----a-w C:\Program Files\rra_792791460023.xml
2008-04-30 16:26 647 ----a-w C:\Program Files\homlee-hom4118736078.xml
2008-04-29 15:43 24,411 ----a-w C:\Program Files\khondio1195525883.xml
2008-04-23 17:23 11,988 ----a-w C:\Program Files\damien.lamiche1568580867.xml
2008-04-22 15:27 28,032 ----a-w C:\Program Files\wolfgangbergmann12347937819.xml
2008-04-22 00:23 1,254 ----a-w C:\Program Files\brandseller51279643830.xml
2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-17 15:29 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-17 15:29 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-17 15:29 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-17 11:42 646 ----a-w C:\Program Files\katie_birch2596521732.xml
2008-04-17 10:32 14,615 ----a-w C:\Program Files\florent.sanchez13968981501.xml
2008-04-16 16:07 79,525 ----a-w C:\Program Files\qingyun1985093969166998.xml
2008-04-16 12:17 232,366 ----a-w C:\Program Files\shoeslife1694361641.xml
2008-04-13 21:54 53,934 ----a-w C:\Program Files\honike3046488981.xml
2008-04-13 20:53 402 ----a-w C:\Program Files\janetanakit3357631153.xml
2008-04-11 13:30 2,347 ----a-w C:\Program Files\linnz3062760955.xml
2008-04-02 17:15 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-28 11:29 --------- d-----w C:\Documents and Settings\Rafael\Application Data\gtk-2.0
2008-03-28 11:25 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-27 19:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\DAEMON Tools
2008-03-27 15:59 --------- d-----w C:\Program Files\Rowan Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 15:31 12,160 ----a-w C:\Program Files\MessageLog.xsl
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-17 15:42 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
2008-02-16 16:41 667 ----a-w C:\Documents and Settings\Rafael\Application Data\waver_2.95.dat
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2005-12-04 20:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B41CC7BD-5FA9-47AF-83EA-B076E833F47E}]
C:\WINDOWS\system32\urqNEWOI.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10 4662776]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-26 11:53 160832]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10 335872]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:48 57344]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-04 00:51 155648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"InstantAccess"="C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe" [1998-07-07 16:04 37376]
"RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
"Creative Mouse Software"="C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2004-09-23 14:13 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
C:\Documents and Settings\Bernard\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]
PowerReg Scheduler.exe [2008-02-14 19:53:54 256000]
C:\Documents and Settings\Francoise\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]
C:\Documents and Settings\Rafael\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2004-09-02 03:35:20 687616]
reminder-Enregistrement du produit ScanSoft.lnk - C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE [2006-07-11 14:06:34 67584]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2006-07-11 14:06:06 57344]
CallCenter Printer Interface.lnk - C:\Program Files\V3CallCenter\V3faxecp.exe [2007-01-08 15:40:50 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"msacm.l3acm"= L3codecp.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\WINDOWS\\System32\\LEXPPS.EXE"=
"C:\\Program Files\\Alibaba\\TradeManager\\TradeManager.exe"=
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
"C:\\Program Files\\A4Proxy\\A4Proxy.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Codemasters\\Heroes of the Pacific\\Heroes.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11506:TCP"= 11506:TCP:BitComet 11506 TCP
"11506:UDP"= 11506:UDP:BitComet 11506 UDP
"12267:TCP"= 12267:TCP:BitComet 12267 TCP
"12267:UDP"= 12267:UDP:BitComet 12267 UDP
"21349:TCP"= 21349:TCP:BitComet 21349 TCP
"21349:UDP"= 21349:UDP:BitComet 21349 UDP
"15740:TCP"= 15740:TCP:BitComet 15740 TCP
"15740:UDP"= 15740:UDP:BitComet 15740 UDP
"21123:TCP"= 21123:TCP:BitComet 21123 TCP
"21123:UDP"= 21123:UDP:BitComet 21123 UDP
"8041:TCP"= 8041:TCP:BitComet 8041 TCP
"8041:UDP"= 8041:UDP:BitComet 8041 UDP
"14608:TCP"= 14608:TCP:BitComet 14608 TCP
"14608:UDP"= 14608:UDP:BitComet 14608 UDP
"13612:TCP"= 13612:TCP:BitComet 13612 TCP
"13612:UDP"= 13612:UDP:BitComet 13612 UDP
"13034:TCP"= 13034:TCP:BitComet 13034 TCP
"13034:UDP"= 13034:UDP:BitComet 13034 UDP
"7729:TCP"= 7729:TCP:BitComet 7729 TCP
"7729:UDP"= 7729:UDP:BitComet 7729 UDP
"12468:TCP"= 12468:TCP:BitComet 12468 TCP
"12468:UDP"= 12468:UDP:BitComet 12468 UDP
"11952:TCP"= 11952:TCP:BitComet 11952 TCP
"11952:UDP"= 11952:UDP:BitComet 11952 UDP
"15055:TCP"= 15055:TCP:BitComet 15055 TCP
"15055:UDP"= 15055:UDP:BitComet 15055 UDP
"10216:TCP"= 10216:TCP:BitComet 10216 TCP
"10216:UDP"= 10216:UDP:BitComet 10216 UDP
"12956:TCP"= 12956:TCP:BitComet 12956 TCP
"12956:UDP"= 12956:UDP:BitComet 12956 UDP
"25252:TCP"= 25252:TCP:BitComet 25252 TCP
"25252:UDP"= 25252:UDP:BitComet 25252 UDP
"11176:TCP"= 11176:TCP:BitComet 11176 TCP
"11176:UDP"= 11176:UDP:BitComet 11176 UDP
"13924:TCP"= 13924:TCP:BitComet 13924 TCP
"13924:UDP"= 13924:UDP:BitComet 13924 UDP
"10296:TCP"= 10296:TCP:BitComet 10296 TCP
"10296:UDP"= 10296:UDP:BitComet 10296 UDP
"12124:TCP"= 12124:TCP:BitComet 12124 TCP
"12124:UDP"= 12124:UDP:BitComet 12124 UDP
"20486:TCP"= 20486:TCP:BitComet 20486 TCP
"20486:UDP"= 20486:UDP:BitComet 20486 UDP
"16358:TCP"= 16358:TCP:BitComet 16358 TCP
"16358:UDP"= 16358:UDP:BitComet 16358 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
S3 btwavdt;Bluetooth AVDT;C:\WINDOWS\system32\DRIVERS\btwavdt.sys [2007-07-12 06:01]
S3 btwrchid;btwrchid;C:\WINDOWS\system32\DRIVERS\btwrchid.sys [2007-07-12 06:03]
S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-17 17:29]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys []
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 16:41:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 19:40:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_9028.dll
.
Temps d'accomplissement: 2008-05-27 19:40:42
ComboFix-quarantined-files.txt 2008-05-27 17:40:40
Pre-Run: 9,906,814,976 octets libres
Post-Run: 10,494,869,504 octets libres
248 --- E O F --- 2008-05-21 11:15:39
Pourquoi penses-tu à Vundo ?
Répondre à Angeldark
je sais pas c est ce qu on m a fait comprendre, moi j y connais pas grand chose, je sais que mon pc est tres tres lent, enfin je suis sur qu il y a quelque chose, n aurai tu pas un moyen de decouvrir quoi?
Il te l'a fait comprendre ? Ô_o
Répondre à Angeldark
Il y a 1297 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
