Virus ou spyware persistant "Virus Alert!"
Dernière réponse : dans Sécurité
Bonjour
J'ai eu un virus il y a 2,3 jours que j'ai réussi à maitriser.
Par contre il y a toujours quelque chose qui reste de son passage et ça me rassure pas.
![]()
Voila le message qui est juste après l'heure de tout les fenêtre ou il peut y avoir l'heure.
Donc j'ai déja fait:
-Antivir
-Smitfraudfix
-Combofix (je crois)
-Kaspersky
-Ccleaner
-Spybot S&D
-BitDefender IS 2008
Je crois que c'est tout et maintenant j'ai fait un scan avec hijackthis. Sauf que ça j'y comprend rien et c'est la que j'attend votre aide. Merci d'avance.
Rapport hijackthis:
J'ai eu un virus il y a 2,3 jours que j'ai réussi à maitriser.
Par contre il y a toujours quelque chose qui reste de son passage et ça me rassure pas.
Voila le message qui est juste après l'heure de tout les fenêtre ou il peut y avoir l'heure.
Donc j'ai déja fait:
-Antivir
-Smitfraudfix
-Combofix (je crois)
-Kaspersky
-Ccleaner
-Spybot S&D
-BitDefender IS 2008
Je crois que c'est tout et maintenant j'ai fait un scan avec hijackthis. Sauf que ça j'y comprend rien et c'est la que j'attend votre aide. Merci d'avance.
Rapport hijackthis:
Spoiler
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\Program Files\MagicKey\MagicKey.exe
c:\Program Files\MagicKey\OSD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0983040A-984F-4BEF-BEBE-D3D3342D3954} - (no file)
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O21 - SSODL: vltdfabw - {B278A950-63A7-4517-BCCE-FFBD3DCE8880} - (no file)
O21 - SSODL: vregfwlx - {06AB7C30-7109-4D4A-9AD9-02EDFED43033} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9339 bytes
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\Program Files\MagicKey\MagicKey.exe
c:\Program Files\MagicKey\OSD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0983040A-984F-4BEF-BEBE-D3D3342D3954} - (no file)
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O21 - SSODL: vltdfabw - {B278A950-63A7-4517-BCCE-FFBD3DCE8880} - (no file)
O21 - SSODL: vregfwlx - {06AB7C30-7109-4D4A-9AD9-02EDFED43033} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9339 bytes
Autres pages sur : virus spyware persistant virus alert
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
(même si tu l'as déjà fait, je veux le rapport)
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
(même si tu l'as déjà fait, je veux le rapport)
Voila le rapport de combofix
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.477 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\WINDOWS\LastGood
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 15:08 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 327,680 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-23 13:06 . 2008-05-23 04:25 94,208 --a------ C:\WINDOWS\epse.exe
2008-05-23 13:06 . 2008-05-23 04:25 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 15:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 13:56 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 13:09:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\LastGood\MKUninst.exe
+ 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdclass.sys
+ 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdhid.sys
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vregfwlx"= {06AB7C30-7109-4D4A-9AD9-02EDFED43033} - C:\WINDOWS\vregfwlx.dll [2008-05-25 15:15 327680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 13:16:37 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 16:55:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\SAMLIB.dll
-> ?:\WINDOWS\system32\SAMLIB.dll
.
Temps d'accomplissement: 2008-05-27 16:57:37
ComboFix-quarantined-files.txt 2008-05-27 14:56:55
ComboFix2.txt 2008-05-27 12:24:19
ComboFix3.txt 2008-05-27 06:55:37
Pre-Run: 39,116,513,280 octets libres
Post-Run: 39,122,604,032 octets libres
277 --- E O F --- 2008-05-19 08:41:23
Pour le problème de ltx, ça fait partie des dégat du virus.
Pour ton menu démarrer:
-Clic droit dans la barre des tache
-propriété
-menu démarrer
-personalisé
-avancé
Tu trouvera tout les options que tu veu la dedans.
Pour ton lecteur c:
-Démarrer
-Executer===> gpedit.msc ===> entré
-Configuration utilisateur
-Modele d'administration
-Composant windows
-Explorateur windows ===> double clic sur "dans poste de travail, masquer ces lecteur spécifié" ===> choisi "ne pas restreindre les lecteur" ===> coche activé ===> ok
C'est la seul façon que j'ai trouvé
Citation :
ComboFix 08-05-26.2 - TRIPOGNEY 2008-05-27 16:53:18.4 - NTFSx86Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.477 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\WINDOWS\LastGood
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 15:08 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 327,680 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-23 13:06 . 2008-05-23 04:25 94,208 --a------ C:\WINDOWS\epse.exe
2008-05-23 13:06 . 2008-05-23 04:25 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 15:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 13:56 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 13:09:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\LastGood\MKUninst.exe
+ 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdclass.sys
+ 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdhid.sys
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vregfwlx"= {06AB7C30-7109-4D4A-9AD9-02EDFED43033} - C:\WINDOWS\vregfwlx.dll [2008-05-25 15:15 327680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 13:16:37 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 16:55:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\SAMLIB.dll
-> ?:\WINDOWS\system32\SAMLIB.dll
.
Temps d'accomplissement: 2008-05-27 16:57:37
ComboFix-quarantined-files.txt 2008-05-27 14:56:55
ComboFix2.txt 2008-05-27 12:24:19
ComboFix3.txt 2008-05-27 06:55:37
Pre-Run: 39,116,513,280 octets libres
Post-Run: 39,122,604,032 octets libres
277 --- E O F --- 2008-05-19 08:41:23
Pour le problème de ltx, ça fait partie des dégat du virus.
Pour ton menu démarrer:
-Clic droit dans la barre des tache
-propriété
-menu démarrer
-personalisé
-avancé
Tu trouvera tout les options que tu veu la dedans.
Pour ton lecteur c:
-Démarrer
-Executer===> gpedit.msc ===> entré
-Configuration utilisateur
-Modele d'administration
-Composant windows
-Explorateur windows ===> double clic sur "dans poste de travail, masquer ces lecteur spécifié" ===> choisi "ne pas restreindre les lecteur" ===> coche activé ===> ok
C'est la seul façon que j'ai trouvé
Upload moi le fichier suivant :
C:\WINDOWS\vregfwlx.dll
AIDE : http://www.infos-du-net.com/forum/278508-11-uploader-do...
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
C:\WINDOWS\vregfwlx.dll
AIDE : http://www.infos-du-net.com/forum/278508-11-uploader-do...
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
voila le fichier
http://www.laule-team.com/upload/Team/MONTITI/vregfwlx.dll
je fais le scan et je reviens
http://www.laule-team.com/upload/Team/MONTITI/vregfwlx.dll
je fais le scan et je reviens
Donc j'ai fait un quick scan (j'en referai complet cette nuit car c'est trop long)
Rapport Malwarebytes:
www.laule-team.com/upload/Team/MONTITI/mbam-log-5-27-2008 (18-49-44).txt
Rapport Malwarebytes:
www.laule-team.com/upload/Team/MONTITI/mbam-log-5-27-2008 (18-49-44).txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8572 bytes
Scan saved at 19:18: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8572 bytes
Alors après scan complet avec les 3 logiciel = toujours le meme message "virus alert!". par contre pendant le scan de combofix le message disparait et reviens dès le scan terminé (un rapport avec combofix qui modifie les parametrage de l'horloge je pense).
Les 3 scan on été réalisé comme conseillé.
voila les 3 rapport
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791
Type de recherche: Examen complet (C:\|)
Eléments examinés: 113103
Temps écoulé: 1 hour(s), 54 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025367.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ComboFix 08-05-26.2 - TRIPOGNEY 2008-05-28 7:52:00.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.573 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-27 18:35 . 2008-05-27 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 18:30 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 23:55 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 18:54 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 05:43 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 05:42:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 19:51:01 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 07:53:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 7:54:55
ComboFix-quarantined-files.txt 2008-05-28 05:54:47
ComboFix2.txt 2008-05-28 05:50:55
ComboFix3.txt 2008-05-27 22:04:54
ComboFix4.txt 2008-05-27 14:57:38
ComboFix5.txt 2008-05-27 12:24:19
Pre-Run: 39,132,827,648 octets libres
Post-Run: 39,124,037,632 octets libres
272 --- E O F --- 2008-05-19 08:41:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15: VIRUS ALERT!, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8322 bytes
Les 3 scan on été réalisé comme conseillé.
voila les 3 rapport
Citation :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791
Type de recherche: Examen complet (C:\|)
Eléments examinés: 113103
Temps écoulé: 1 hour(s), 54 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025367.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Citation :
ComboFix 08-05-26.2 - TRIPOGNEY 2008-05-28 7:52:00.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.573 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-27 18:35 . 2008-05-27 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 18:30 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 23:55 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 18:54 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 05:43 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 05:42:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 19:51:01 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 07:53:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 7:54:55
ComboFix-quarantined-files.txt 2008-05-28 05:54:47
ComboFix2.txt 2008-05-28 05:50:55
ComboFix3.txt 2008-05-27 22:04:54
ComboFix4.txt 2008-05-27 14:57:38
ComboFix5.txt 2008-05-27 12:24:19
Pre-Run: 39,132,827,648 octets libres
Post-Run: 39,124,037,632 octets libres
272 --- E O F --- 2008-05-19 08:41:23
Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15: VIRUS ALERT!, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebsc...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_30...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8322 bytes
SmitFraudFix v2.323
Rapport fait à 20:20:41,39, 28/05/2008
Executé à partir de C:\Documents and Settings\TRIPOGNEY\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Safety Center\wlscUploader.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TRIPOGNEY
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TRIPOGNEY\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TRIPOG~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 20:20:41,39, 28/05/2008
Executé à partir de C:\Documents and Settings\TRIPOGNEY\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Safety Center\wlscUploader.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TRIPOGNEY
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TRIPOGNEY\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TRIPOG~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{84547DFA-FF2A-4D0A-9CFB-E7929155E1D8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ohhhhhhhhhh ça y est! il est partit... j'ai fait un nettoyage puisque smitmachin etai ouvert. pis pouf.
Mais je suis pas très rassuré quand meme car ce matin j'ai eu l'impression qu'il etait plus la non plus (mal réveillé?) pis en fait il etait toujours la. On verra.
Sinon merci beacoup pour votre aide en particulier toi Angeldark, merci a tout qui comme vous, qui perdent un peu de leur temps pour trouver des solution a nos problème.
Mais je suis pas très rassuré quand meme car ce matin j'ai eu l'impression qu'il etait plus la non plus (mal réveillé?) pis en fait il etait toujours la. On verra.
Sinon merci beacoup pour votre aide en particulier toi Angeldark, merci a tout qui comme vous, qui perdent un peu de leur temps pour trouver des solution a nos problème.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus virus alert ultimate clean
- ForumVirus virus alert
- ForumVirus infecte par divers virus et spyware
- ForumSupprimer le virus alert lahuidi.exe
- ForumMessage virus alert
- ForumZango, alerte badware virus spyware
- ForumAlerte virus spyware
- ForumVirus ou spyware
- ForumVirus alert
- ForumVirus-spyware -pc infecte virus et spyware
- Voir plus
