Your privacy is in danger (window, trend-micro, firefox, soundmax)

Tony67

7 Septembre 2008 19:48:13

Hello!

Voila y a peu de temps j'ai telecharger un executable , je l'ai analyser anti virus , il n'a rien trouver , une fois lancer la fenetre cmd de windows c'est ouverte et a commencer a mettre le boxon dans mon PC ...

J'ai exactement le meme probleme que dans ce sujet >http://www.infos-du-net.com/forum/271656-11-your-privac...

J'ai commencer a faire ce qui etait demander de faire mais je n'arrive pas au meme resultats ...

Je n'ai toujours pas recuperer ce que j'avais avant , je ne peut pas allez dans le poste de travail etc , meme si j'ai supprimer le fond d'ecran Biohazard et les messages intepestive qui me dit que je suis infecter .

Merci d'avance de votre aide

Autres pages sur : your privacy danger

| Etre averti des réponses
| Alerter

Répondre à Tony67

Angeldark

8 Septembre 2008 15:05:34

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

| Alerter

Répondre à Angeldark

Tony67

8 Septembre 2008 15:29:26

Bonjour

Voila le rapport

SmitFraudFix v2.346

 
Rapport fait à 17:27:00,03, 08/09/2008

Executé à partir de C:\Documents and Settings\Tony67\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 
»»»»»»»»»»»»»»»»»»»»»»»» Process

 
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\cmd.exe

 
»»»»»»»»»»»»»»»»»»»»»»»» hosts

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tony67

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tony67\Application Data

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tony67\Favoris

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 
 
 
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 
 
 
»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 
 
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 
 
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 
 
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="vonhhn.dll"

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 
 
»»»»»»»»»»»»»»»»»»»»»»»» RK

 
 
 
»»»»»»»»»»»»»»»»»»»»»»»» DNS

 
Description: D-Link DWA-140 RangeBooster N USB Adapter - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E513B405-6CD0-4548-853B-973BCB7E723A}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E513B405-6CD0-4548-853B-973BCB7E723A}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E513B405-6CD0-4548-853B-973BCB7E723A}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 
 
»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à Tony67

Angeldark

8 Septembre 2008 16:37:54

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

| Alerter

Répondre à Angeldark

Tony67

8 Septembre 2008 17:52:19

Voila le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51: VIRUS ALERT!, on 08/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Tony67\Bureau\HiJackThis.exe

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O20 - AppInit_DLLs: vonhhn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 
--

End of file - 8804 bytes

| Alerter

Répondre à Tony67

Angeldark

8 Septembre 2008 18:02:51

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Angeldark

Tony67

8 Septembre 2008 21:43:55

Tous a l'air d'etre redevenue normalement

mes disques durs sont revenus , le virus alert en bas a droite a disparue et mes raccourcis sont tous revenus

Le rapport :

ComboFix 08-09-05.09 - Tony67 2008-09-08 23:21:47.1 - NTFSx86

Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.764 [GMT 2:00]

Endroit: C:\Documents and Settings\Tony67\Bureau\ComboFix.exe

 * Création d'un nouveau point de restauration

 * Resident AV is active

 
 
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

.

 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))

.

 
C:\WINDOWS\edfk.exe

C:\WINDOWS\system32\ddcBUnmJ.dll

C:\WINDOWS\system32\ffgttx.dll

C:\WINDOWS\system32\iSBbdJlm.ini

C:\WINDOWS\system32\iSBbdJlm.ini2

C:\WINDOWS\system32\jkkKebYP.dll

C:\WINDOWS\system32\mlJdbBSi.dll

C:\WINDOWS\system32\nghlrhrh.dll

C:\WINDOWS\system32\njqlvdty.dll

C:\WINDOWS\system32\novcmweq.dll

C:\WINDOWS\system32\oruoikne.dll

C:\WINDOWS\system32\qewmcvon.ini

C:\WINDOWS\system32\vonhhn.dll

C:\WINDOWS\system32\ytdvlqjn.ini

 
.

(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-08-08 to 2008-09-08  ))))))))))))))))))))))))))))))))))))

.

 
2008-09-07 21:43 . 2008-09-08 17:27	4,776	--a------	C:\WINDOWS\system32\tmp.reg

2008-09-07 20:39 . 2008-09-07 20:43	<REP>	d--------	C:\WINDOWS\privacy_danger(2)

2008-09-07 20:12 . 2008-09-07 16:12	139,264	--a------	C:\WINDOWS\mqgldfvo.exe

2008-09-07 03:50 . 2008-09-07 03:51	<REP>	d--------	C:\Program Files\PMFC

2008-09-07 03:50 . 2008-09-07 03:50	<REP>	d--------	C:\Documents and Settings\Tony67\Application Data\Mc & RENOX

2008-09-04 19:48 . 2008-09-04 20:04	<REP>	d--------	C:\WINDOWS\system32\CatRoot_bak

2008-08-31 15:28 . 2008-08-31 15:28	268	--ah-----	C:\sqmdata02.sqm

2008-08-31 15:28 . 2008-08-31 15:28	244	--ah-----	C:\sqmnoopt02.sqm

2008-08-20 14:42 . 2008-08-20 14:42	<REP>	d--------	C:\WINDOWS\system32\URTTEMP

2008-08-20 14:40 . 2008-08-20 14:40	669,184	--a------	C:\WINDOWS\system32\pbsvc.exe

2008-08-20 14:02 . 2008-08-20 14:04	<REP>	d--------	C:\Program Files\DAEMON Tools Lite

2008-08-20 13:56 . 2008-08-20 13:56	<REP>	d--------	C:\Documents and Settings\Tony67\Application Data\DAEMON Tools

2008-08-20 12:22 . 2008-08-20 14:13	<REP>	d--------	C:\Program Files\Alcohol Soft

2008-08-20 12:16 . 2008-08-20 13:56	717,296	--a------	C:\WINDOWS\system32\drivers\sptd.sys

2008-08-16 14:27 . 2008-08-16 14:27	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Trymedia

2008-08-16 13:38 . 2007-10-12 15:14	3,734,536	--a------	C:\WINDOWS\system32\d3dx9_36.dll

2008-08-16 13:38 . 2007-07-19 18:14	3,727,720	--a------	C:\WINDOWS\system32\d3dx9_35.dll

2008-08-16 13:38 . 2007-10-12 15:14	1,374,232	--a------	C:\WINDOWS\system32\D3DCompiler_36.dll

2008-08-16 13:38 . 2007-07-19 18:14	1,358,192	--a------	C:\WINDOWS\system32\D3DCompiler_35.dll

2008-08-16 13:38 . 2007-10-02 09:56	444,776	--a------	C:\WINDOWS\system32\d3dx10_36.dll

2008-08-16 13:38 . 2007-07-19 18:14	444,776	--a------	C:\WINDOWS\system32\d3dx10_35.dll

2008-08-16 13:38 . 2007-10-22 03:39	267,272	--a------	C:\WINDOWS\system32\xactengine2_10.dll

2008-08-16 13:38 . 2007-07-20 00:57	267,112	--a------	C:\WINDOWS\system32\xactengine2_9.dll

2008-08-16 13:30 . 2008-08-16 13:30	<REP>	d--------	C:\Program Files\Ubisoft

2008-08-16 01:08 . 2008-08-16 01:08	<REP>	d--------	C:\Program Files\BestGameEver

2008-08-15 20:09 . 2008-08-31 02:05	<REP>	d--------	C:\Documents and Settings\Tony67\Application Data\Azureus

2008-08-15 20:09 . 2008-08-15 20:09	<REP>	d--------	C:\Documents and Settings\All Users\Application Data\Azureus

2008-08-15 20:07 . 2008-08-15 20:08	<REP>	d--------	C:\Program Files\Vuze

2008-08-08 01:18 . 2008-08-08 01:18	<REP>	d--------	C:\Documents and Settings\Tony67\data

 
.

((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-08 21:36	---------	d-----w	C:\Program Files\Steam

2008-09-07 22:24	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\LimeWire

2008-09-07 20:20	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\teamspeak2

2008-09-04 20:32	---------	d-----w	C:\Program Files\Messenger Plus! Live

2008-08-31 22:08	---------	d-----w	C:\Program Files\DkZ Studio

2008-08-30 12:31	---------	d-----w	C:\Program Files\Warcraft III

2008-08-29 11:15	---------	d-----w	C:\Program Files\World of Warcraft

2008-08-22 14:34	2,829	----a-w	C:\WINDOWS\War3Unin.pif

2008-08-22 14:34	139,264	----a-w	C:\WINDOWS\War3Unin.exe

2008-08-20 12:55	---------	d-----w	C:\Program Files\eMule

2008-08-20 12:41	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-20 12:41	22,328	----a-w	C:\Documents and Settings\Tony67\Application Data\PnkBstrK.sys

2008-08-20 12:40	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe

2008-08-20 12:40	103,736	----a-w	C:\WINDOWS\system32\PnkBstrB.exe

2008-08-20 12:32	---------	d-----w	C:\Program Files\Electronic Arts

2008-08-17 11:17	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-08-14 12:15	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-08-14 12:14	---------	d-----w	C:\Program Files\Sony Ericsson

2008-08-06 17:10	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\SEGA

2008-08-06 17:00	---------	d-----w	C:\Program Files\SEGA

2008-08-06 11:40	271,360	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys

2008-08-06 11:40	18,048	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys

2008-08-06 11:27	---------	d-----w	C:\Program Files\PENDULO Studios

2008-08-05 22:02	---------	d-----w	C:\Program Files\PokerStars

2008-08-05 20:00	---------	d-----w	C:\Program Files\Echovoice

2008-08-04 23:40	---------	d-----w	C:\Program Files\WowCartographe

2008-08-02 23:57	---------	d-----w	C:\Program Files\SopCast

2008-08-02 20:12	---------	d-----w	C:\Program Files\Sun

2008-08-02 20:12	---------	d-----w	C:\Program Files\Java

2008-07-18 21:40	---------	d-----w	C:\Program Files\Avanquest update

2008-07-18 21:40	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\Sony

2008-07-18 21:40	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Sony

2008-07-18 21:22	---------	d-----w	C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll

2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07	270,880	----a-w	C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll

2008-07-18 14:49	---------	d-----w	C:\Program Files\Fichiers communs\Adobe

2008-07-18 14:49	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\InterTrust

2008-07-18 14:48	---------	d-----w	C:\Program Files\Fichiers communs\LightScribe

2008-07-18 14:47	---------	d-----w	C:\Program Files\Ahead

2008-07-18 14:46	---------	d-----w	C:\Program Files\Fichiers communs\Ahead

2008-07-18 14:45	---------	d-----w	C:\Program Files\CyberLink DVD Solution

2008-07-17 23:47	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\Command & Conquer 3 Les guerres du Tiberium

2008-07-17 07:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-07-17 07:12	---------	d-----w	C:\Program Files\ma-config.com

2008-07-17 07:12	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ma-config.com

2008-07-16 01:07	---------	d-----w	C:\Program Files\Peter

2008-07-15 23:17	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll

2008-07-15 20:54	---------	d--h--r	C:\Documents and Settings\Tony67\Application Data\SecuROM

2008-07-15 12:28	---------	d-----w	C:\Program Files\VirtualDJ

2008-07-14 12:49	---------	d-----w	C:\Program Files\SystemRequirementsLab

2008-07-14 12:49	---------	d-----w	C:\Documents and Settings\Tony67\Application Data\SystemRequirementsLab

2008-07-14 10:21	---------	d-----w	C:\Program Files\Activision

2008-07-14 00:39	---------	d-----w	C:\Program Files\Sleepy

2008-07-10 00:26	---------	d-----w	C:\Program Files\Realtek

2008-07-10 00:19	---------	d-----w	C:\Program Files\Intel

2008-07-08 18:12	---------	d-----w	C:\Program Files\Fichiers communs\logishrd

2008-07-08 11:53	---------	d-----w	C:\Program Files\Trend Micro

2008-07-07 20:31	253,952	----a-w	C:\WINDOWS\system32\es.dll

2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40	663,552	----a-w	C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41	247,808	----a-w	C:\WINDOWS\system32\mswsock.dll

2008-06-18 15:52	354,560	----a-w	C:\WINDOWS\system32\TuneUpDefragService.exe

2004-10-01 13:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe

.

 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]

"Steam"="c:\program files\steam\steam.exe" [2008-07-02 1271032]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]

"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]

"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"AVKTray"="C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe" [2008-02-21 607816]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 53248]

"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=vonhhn.dll

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\World of Warcraft\\Repair.exe"=

"C:\\Program Files\\Steam\\SteamApps\\uboys9\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=

"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"C:\\Program Files\\Steam\\Steam.exe"=

"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Program Files\\Vuze\\Azureus.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

 
R2 AVKProxy;G DATA AntiVirus Proxy;C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 718408]

R2 AVKService;AVK Service;C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe [2008-02-07 427592]

R2 AVKWCtl;Gardien d'AntiVirus;C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe [2008-02-05 1127816]

R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-06-18 41928]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]

R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-18 46536]

R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-06-18 32200]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 476416]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-18 354560]

 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

.

- - - - ORPHANS REMOVED - - - -

 
BHO-{84e55885-5a76-4aa0-b170-8548e355ee4e} - C:\WINDOWS\system32\vonhhn.dll

BHO-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\jkkKebYP.dll

BHO-{E99B22C0-B10E-4F7D-B844-49A69E98CB33} - C:\WINDOWS\system32\mlJdbBSi.dll

HKLM-Run-88a7e1c5 - C:\WINDOWS\system32\novcmweq.dll

ShellExecuteHooks-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\jkkKebYP.dll

 
 
.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Tony67\Application Data\Mozilla\Firefox\Profiles\cx1i09jy.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://<a href="http://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official" target="_blank">www.google.fr/firefox?client=firefox-a&rls=org.mozilla:...</a>

FF -: plugin - C:\Documents and Settings\Tony67\Application Data\Mozilla\Firefox\Profiles\cx1i09jy.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

.

 
**************************************************************************

 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>

Rootkit scan 2008-09-08 23:35:55

Windows 5.1.2600 Service Pack 2 NTFS

 
Balayage processus cach‚s ...

 
Balayage cach‚ autostart entries ...

 
Balayage des fichiers cach‚s ...

 
Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 
**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-08 23:41:28 - machine was rebooted

ComboFix-quarantined-files.txt  2008-09-08 21:41:20

 
Pre-Run: 7,599,235,072 octets libres

Post-Run: 7,603,224,576 octets libres

 
253	--- E O F ---	2008-08-22 01:01:58

| Alerter

Répondre à Tony67

Angeldark

9 Septembre 2008 10:56:41

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

| Alerter

Répondre à Angeldark

Tony67

9 Septembre 2008 21:11:37

Hello,

desoler du retard , voila le rapport

Malwarebytes' Anti-Malware 1.27

Version de la base de données: 1127

Windows 5.1.2600 Service Pack 2

 
09/09/2008 23:05:25

mbam-log-2008-09-09 (23-05-25).txt

 
Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 195715

Temps écoulé: 4 hour(s), 3 minute(s), 15 second(s)

 
Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 23

 
Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 
Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 
Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 
Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 
Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 
Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 
Fichier(s) infecté(s):

C:\Documents and Settings\Tony67\Mes documents\emule\Incoming\Win RAR 3.2 + Crack\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBUnmJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ffgttx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkKebYP.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\mlJdbBSi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\nghlrhrh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\njqlvdty.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\novcmweq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\oruoikne.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\vonhhn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP102\A0023090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP102\A0023092.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP102\A0023093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{CF12ECA1-43FF-438A-BF08-CC29C2D6FCF7}\RP104\A0023193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

| Alerter

Répondre à Tony67

Angeldark

10 Septembre 2008 10:30:41

Un nouveau rapport Hijackthis stp

| Alerter

Répondre à Angeldark

Tony67

10 Septembre 2008 16:38:32

Voilou

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:38, on 10/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O20 - AppInit_DLLs: vonhhn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 
--

End of file - 8953 bytes