[Résolu] Infecté par plusieurs virus, voici mon scan Hijackthis
Forum Sécurité - Virus : [Résolu] Infecté par plusieurs virus, voici mon scan Hijackthis
J'ai été infecté par plusieurs vuris, parmis eux MS AV, j'ai utiliser spyHunter pour l'enlever mais sa n'a pas tout supprimer et j'ai beaucoup d'autre virus, iml y a toujours icone MSAV dans le panneau de configuration. De plus mon ordinateur est hyper lent , je ne peux plus ouvrir internet a cause de tout les spyware, j'ai a tout prix besoinde vous
Merci d'avance, voici mon rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43: VIRUS ALERT!, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.p [...] Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: gksraemq - {F71B2A6B-F337-4737-B282-F7F721E527AC} - C:\WINDOWS\gksraemq.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKLM\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKLM\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKLM\..\Run: [\YUR11.exe] C:\Windows\system32\YUR11.exe
O4 - HKLM\..\Run: [\YUR16.exe] C:\Windows\system32\YUR16.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
O4 - HKLM\..\Run: [a8b42c2e] rundll32.exe "C:\WINDOWS\system32\ojitulot.dll",b
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKCU\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKCU\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKCU\..\Run: [\YUR11.exe] C:\Windows\system32\YUR11.exe
O4 - HKCU\..\Run: [\YUR16.exe] C:\Windows\system32\YUR16.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-U [...] uncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll ddyxjh.dll
O21 - SSODL: dgksvbpn - {FC8FFD41-AEAF-49AB-BF34-5110DF520ADE} - C:\WINDOWS\dgksvbpn.dll
O21 - SSODL: xrdwbfgn - {B9BBE9C0-57A3-419C-A97E-3C15D71C5B38} - C:\WINDOWS\xrdwbfgn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - Unknown owner - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 12790 bytes
Message édité par kissbinbin le 09-09-2008 à 22:18:26
Un bonjour ?
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Voici le rapport:
ComboFix 08-09-05.09 - Administrateur 2008-09-08 20:06:45.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.390 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Bureau\Error Cleaner.url
C:\Documents and Settings\Administrateur\Bureau\Privacy Protector.url
C:\Documents and Settings\Administrateur\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\Administrateur\Favoris\Error Cleaner.url
C:\Documents and Settings\Administrateur\Favoris\Privacy Protector.url
C:\Documents and Settings\Administrateur\Favoris\Spyware&Malware Protection.url
C:\WINDOWS\dgksvbpn.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\eqen.exe
C:\WINDOWS\gksraemq.dll
C:\WINDOWS\system32\cheipftj.ini
C:\WINDOWS\system32\ddyxjh.dll
C:\WINDOWS\system32\geBspppn.dll
C:\WINDOWS\system32\jgepqiji.dll
C:\WINDOWS\system32\jtfpiehc.dll
C:\WINDOWS\system32\jthbnrfo.dll
C:\WINDOWS\system32\kdtsoatj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nnnOeBTk.dll
C:\WINDOWS\system32\npppsBeg.ini
C:\WINDOWS\system32\npppsBeg.ini2
C:\WINDOWS\system32\ogqwctet.ini
C:\WINDOWS\system32\ojitulot.dll
C:\WINDOWS\system32\rafwtk.dll
C:\WINDOWS\system32\rqRIbcAt.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\system32.exe
C:\WINDOWS\system32\tolutijo.ini
C:\WINDOWS\vanwxemgato.dll
C:\WINDOWS\xrdwbfgn.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-08 to 2008-09-08 ))))))))))))))))))))))))))))))))))))
.
2008-09-08 20:14 . 2008-09-08 20:14 <REP> d-------- C:\WINDOWS\system32\oobe
2008-09-08 19:40 . 2008-09-08 19:40 268 --ah----- C:\sqmdata05.sqm
2008-09-08 19:40 . 2008-09-08 19:40 244 --ah----- C:\sqmnoopt05.sqm
2008-09-07 21:55 . 2008-06-17 01:02 23,251,741 --a------ C:\Xara 3D v6.0 Full KeyGen.rar
2008-09-06 17:57 . 2008-09-05 17:07 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-06 17:53 . 2008-09-08 18:30 <REP> d-------- C:\Program Files\MSA
2008-09-06 17:53 . 2008-09-04 15:47 167,936 --a------ C:\WINDOWS\system32\MSa.cpl
2008-09-06 17:53 . 2008-09-06 16:09 94,208 --a------ C:\WINDOWS\sxmaokgf.exe
2008-09-06 17:53 . 2008-09-05 17:07 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Program Files\DVD Shrink
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-08-24 17:24 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-24 17:24 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-24 17:24 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Program Files\ma-config.com
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 18:16 24,213,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-08 18:15 678,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-08 18:13 66,716 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-08 18:13 327,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-08 16:37 --------- d-----w C:\Program Files\Micro Application
2008-09-07 17:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-07 17:07 --------- d-----w C:\Program Files\CVitae
2008-09-01 17:33 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VoipStunt
2008-07-31 09:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-07-26 09:53 --------- d-----w C:\Program Files\Lavalys
2008-07-25 22:06 --------- d-----w C:\Program Files\Ontrack
2008-07-23 13:51 --------- d-----w C:\Program Files\SopCast
2008-07-22 20:23 --------- d-----w C:\Program Files\Personal Voice Changer Driver
2008-07-22 20:20 --------- d-----w C:\Program Files\Fake Voice
2008-07-16 22:19 --------- d-----w C:\Program Files\ManHunt
2008-07-16 17:33 --------- d-----w C:\Program Files\Java
2008-07-15 12:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-15 12:38 --------- d-----w C:\Program Files\Convar
2008-07-11 11:57 --------- d-----w C:\Program Files\Google
2008-07-09 11:50 --------- d-----w C:\Program Files\Traction Software
2008-06-16 20:25 44,544 ------w C:\WINDOWS\AWuninstall.exe
.
------- Sigcheck -------
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ntoskrnl.exe
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-18 25088]
"MediaDico"="C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe" [2002-12-24 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QT Lite\qttask.exe" [2008-03-28 413696]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-18 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 8523776]
"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-03-06 252704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 181752]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2007-12-18 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2007-12-18 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 3739672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2007-12-07 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-06-03 19:25 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Ubisoft register.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^NETGEAR WG311T Smart Wizard.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311T Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 13:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-12-02 17:42 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2007-01-10 22:59 1235456 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2004-08-28 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [ ]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 43520]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
*Newly Created Service* - HELPSVC
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\WINDOWS\system32\nnnOeBTk.dll
BHO-{80E7C6DF-52AF-43C5-A70A-CE99C52AEF67} - C:\WINDOWS\vanwxemgato.dll
BHO-{8EED55FB-E8D9-40AF-AF64-05C9444E4318} - C:\WINDOWS\system32\geBspppn.dll
BHO-{d28ab967-60d8-4740-9ca0-5293cbe7e231} - C:\WINDOWS\system32\rafwtk.dll
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-{F71B2A6B-F337-4737-B282-F7F721E527AC} - C:\WINDOWS\gksraemq.dll
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKCU-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKCU-Run-\YURF.exe - C:\Windows\system32\YURF.exe
HKCU-Run-\YUR10.exe - C:\Windows\system32\YUR10.exe
HKCU-Run-\YUR11.exe - C:\Windows\system32\YUR11.exe
HKCU-Run-\YUR16.exe - C:\Windows\system32\YUR16.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKCU-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKCU-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKCU-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKCU-Run-\YUR5.exe - C:\Windows\system32\YUR5.exe
HKLM-Run-Antivirus - C:\Program Files\MSA\MSA.exe
HKLM-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKLM-Run-\YURF.exe - C:\Windows\system32\YURF.exe
HKLM-Run-\YUR10.exe - C:\Windows\system32\YUR10.exe
HKLM-Run-\YUR11.exe - C:\Windows\system32\YUR11.exe
HKLM-Run-\YUR16.exe - C:\Windows\system32\YUR16.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YUR2.exe - C:\Windows\system32\YUR2.exe
HKLM-Run-\YUR3.exe - C:\Windows\system32\YUR3.exe
HKLM-Run-\YUR4.exe - C:\Windows\system32\YUR4.exe
HKLM-Run-\YUR5.exe - C:\Windows\system32\YUR5.exe
HKLM-Run-a8b42c2e - C:\WINDOWS\system32\jtfpiehc.dll
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
ShellExecuteHooks-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\WINDOWS\system32\nnnOeBTk.dll
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.fr/keyword/%s
R0 -: HKLM-Main,Start Page = hxxp://www.google.fr
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 20:15:12
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-08 20:27:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-08 18:26:07
Pre-Run: 36,147,843,072 octets libres
Post-Run: 36,070,146,048 octets libres
266 --- E O F --- 2008-03-06 20:56:59
Répondre à kissbinbin
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Mon ordinateur ne veut pas démmarer en mode sans échec je tape F8 puis je clique sur mode sans echec il ya ensuite un chargement, il y a écrit Press ESC to cancel loading PSTD.sys ensuite l'écran reste noir avec la tiret qui clignote ... Que dois-je faire?
Répondre à kissbinbin
Fais le scan en mode normal.
Répondre à Angeldark
Voila le rapport :
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 2
08/09/2008 23:18:45
mbam-log-2008-09-08 (23-18-45).txt
Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 155481
Temps écoulé: 1 hour(s), 27 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\dgksvbpn.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\eqen.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnOeBTk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddyxjh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBspppn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jgepqiji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jtfpiehc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jthbnrfo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kdtsoatj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ojitulot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rafwtk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRIbcAt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057074.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B74260FE-6BB4-4D27-928D-EA98208530D9}\RP505\A0057092.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Répondre à kissbinbin
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-U [...] uncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - Unknown owner - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10621 bytes
Répondre à kissbinbin
Refais un scan Combofix 
Répondre à Angeldark
ComboFix 08-09-05.12 - Administrateur 2008-09-09 19:41:48.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.670 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))))))))
.
2008-09-08 21:41 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-09-08 21:40 . 2006-11-08 12:59 379,008 -ra------ C:\WINDOWS\system32\drivers\emBDA.sys
2008-09-08 21:40 . 2005-03-25 23:43 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2008-09-08 21:40 . 2006-05-31 12:24 61,440 -ra------ C:\WINDOWS\emMON.exe
2008-09-08 21:40 . 2004-08-04 00:55 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
2008-09-08 21:40 . 2004-08-04 00:55 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
2008-09-08 21:40 . 2006-08-17 13:10 32,768 -ra------ C:\WINDOWS\system32\emPRP.ax
2008-09-08 21:40 . 2006-11-08 12:58 27,904 -ra------ C:\WINDOWS\system32\drivers\emOEM.sys
2008-09-08 21:40 . 2005-11-01 17:33 20,736 -ra------ C:\WINDOWS\system32\drivers\emAudio.sys
2008-09-08 21:40 . 2004-08-04 00:55 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
2008-09-08 21:40 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Program Files\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Program Files\Fichiers communs\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TerraTec
2008-09-08 21:36 . 2006-10-09 09:47 44,544 -ra------ C:\WINDOWS\system32\msxml4a.dll
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-08 20:58 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 20:58 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 20:27 . 2008-09-08 20:27 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-09-08 20:14 . 2008-09-08 20:14 <REP> d-------- C:\WINDOWS\system32\oobe
2008-09-08 19:40 . 2008-09-08 19:40 268 --ah----- C:\sqmdata05.sqm
2008-09-08 19:40 . 2008-09-08 19:40 244 --ah----- C:\sqmnoopt05.sqm
2008-09-07 21:55 . 2008-06-17 01:02 23,251,741 --a------ C:\Xara 3D v6.0 Full KeyGen.rar
2008-09-06 17:57 . 2008-09-05 17:07 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-06 17:53 . 2008-09-05 17:07 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Program Files\DVD Shrink
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-08-24 17:24 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-24 17:24 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-24 17:24 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Program Files\ma-config.com
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 17:47 690,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-09 17:47 24,514,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-09 17:26 67,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-09 17:26 331,004 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-09 05:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VoipStunt
2008-09-08 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 16:37 --------- d-----w C:\Program Files\Micro Application
2008-09-07 17:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-07 17:07 --------- d-----w C:\Program Files\CVitae
2008-07-31 09:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-07-26 09:53 --------- d-----w C:\Program Files\Lavalys
2008-07-25 22:06 --------- d-----w C:\Program Files\Ontrack
2008-07-23 13:51 --------- d-----w C:\Program Files\SopCast
2008-07-22 20:23 --------- d-----w C:\Program Files\Personal Voice Changer Driver
2008-07-22 20:20 --------- d-----w C:\Program Files\Fake Voice
2008-07-16 22:19 --------- d-----w C:\Program Files\ManHunt
2008-07-16 17:33 --------- d-----w C:\Program Files\Java
2008-07-15 12:38 --------- d-----w C:\Program Files\Convar
2008-07-11 11:57 --------- d-----w C:\Program Files\Google
2008-07-09 11:50 --------- d-----w C:\Program Files\Traction Software
2008-06-23 19:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 19:27 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-23 19:27 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-16 20:25 44,544 ------w C:\WINDOWS\AWuninstall.exe
.
------- Sigcheck -------
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ntoskrnl.exe
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-08_20.25.17.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2005-12-29 01:29:30 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2005-12-29 00:29:30 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2005-11-05 01:55:10 48,768 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2005-11-05 00:55:10 48,768 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2004-08-03 23:54:30 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-03 22:54:30 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
- 2004-08-03 23:55:04 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-03 22:55:04 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2004-08-03 23:54:36 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-03 22:54:36 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
- 2001-08-23 16:47:20 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-23 15:47:20 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
- 2004-08-03 23:54:44 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2004-08-03 22:54:44 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2005-09-22 21:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-22 23:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-22 23:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 23:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-22 23:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 22:58:06 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 22:58:06 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 22:58:06 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 22:58:06 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-22 23:35:10 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-18 25088]
"MediaDico"="C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe" [2002-12-24 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QT Lite\qttask.exe" [2008-03-28 413696]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-18 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 8523776]
"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-03-06 252704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 181752]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe" [2006-10-09 1032192]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2007-12-18 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2007-12-18 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 3739672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2007-12-07 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-06-03 19:25 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Ubisoft register.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^NETGEAR WG311T Smart Wizard.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311T Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 13:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-12-02 17:42 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2007-01-10 22:59 1235456 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2004-08-28 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 USB28xxBGA;Cinergy EM28xx Capture;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-11-08 379008]
R3 USB28xxOEM;Cinergy EM28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-11-08 27904]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [ ]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 43520]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.fr/keyword/%s
R0 -: HKLM-Main,Start Page = hxxp://www.google.fr
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s
O8 -: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 19:47:27
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-09-09 19:50:40
ComboFix-quarantined-files.txt 2008-09-09 17:49:37
ComboFix2.txt 2008-09-08 18:27:12
Pre-Run: 36,046,049,280 octets libres
Post-Run: 36,027,641,856 octets libres
244 --- E O F --- 2008-03-06 20:56:59
Répondre à kissbinbin
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
DirLook::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
ComboFix 08-09-05.12 - Administrateur 2008-09-09 20:37:29.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Xara 3D v6.0 Full KeyGen.rar
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))))))))
.
2008-09-08 21:41 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-09-08 21:40 . 2006-11-08 12:59 379,008 -ra------ C:\WINDOWS\system32\drivers\emBDA.sys
2008-09-08 21:40 . 2005-03-25 23:43 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2008-09-08 21:40 . 2006-05-31 12:24 61,440 -ra------ C:\WINDOWS\emMON.exe
2008-09-08 21:40 . 2004-08-04 00:55 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
2008-09-08 21:40 . 2004-08-04 00:55 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
2008-09-08 21:40 . 2006-08-17 13:10 32,768 -ra------ C:\WINDOWS\system32\emPRP.ax
2008-09-08 21:40 . 2006-11-08 12:58 27,904 -ra------ C:\WINDOWS\system32\drivers\emOEM.sys
2008-09-08 21:40 . 2005-11-01 17:33 20,736 -ra------ C:\WINDOWS\system32\drivers\emAudio.sys
2008-09-08 21:40 . 2004-08-04 00:55 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
2008-09-08 21:40 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Program Files\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Program Files\Fichiers communs\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TerraTec
2008-09-08 21:36 . 2008-09-08 21:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TerraTec
2008-09-08 21:36 . 2006-10-09 09:47 44,544 -ra------ C:\WINDOWS\system32\msxml4a.dll
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-08 20:58 . 2008-09-08 20:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-08 20:58 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 20:58 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 20:27 . 2008-09-08 20:27 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-09-08 20:14 . 2008-09-08 20:14 <REP> d-------- C:\WINDOWS\system32\oobe
2008-09-08 19:40 . 2008-09-08 19:40 268 --ah----- C:\sqmdata05.sqm
2008-09-08 19:40 . 2008-09-08 19:40 244 --ah----- C:\sqmnoopt05.sqm
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Program Files\DVD Shrink
2008-08-31 15:05 . 2008-08-31 15:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-08-24 17:24 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-24 17:24 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-24 17:24 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Program Files\ma-config.com
2008-08-24 17:21 . 2008-08-24 17:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 18:41 693,536 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-09 18:41 24,589,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-09 17:26 67,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-09 17:26 331,004 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-09 05:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VoipStunt
2008-09-08 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 16:37 --------- d-----w C:\Program Files\Micro Application
2008-09-07 17:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-07 17:07 --------- d-----w C:\Program Files\CVitae
2008-07-31 09:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-07-26 09:53 --------- d-----w C:\Program Files\Lavalys
2008-07-25 22:06 --------- d-----w C:\Program Files\Ontrack
2008-07-23 13:51 --------- d-----w C:\Program Files\SopCast
2008-07-22 20:23 --------- d-----w C:\Program Files\Personal Voice Changer Driver
2008-07-22 20:20 --------- d-----w C:\Program Files\Fake Voice
2008-07-16 22:19 --------- d-----w C:\Program Files\ManHunt
2008-07-16 17:33 --------- d-----w C:\Program Files\Java
2008-07-15 12:38 --------- d-----w C:\Program Files\Convar
2008-07-11 11:57 --------- d-----w C:\Program Files\Google
2008-07-09 11:50 --------- d-----w C:\Program Files\Traction Software
2008-06-23 19:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 19:27 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-23 19:27 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-16 20:25 44,544 ------w C:\WINDOWS\AWuninstall.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\oobe ----
------- Sigcheck -------
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ntoskrnl.exe
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-18 25088]
"MediaDico"="C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe" [2002-12-24 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QT Lite\qttask.exe" [2008-03-28 413696]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-18 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 8523776]
"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-03-06 252704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 181752]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe" [2006-10-09 1032192]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2007-12-18 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2007-12-18 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 3739672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2007-12-07 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-06-03 19:25 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Ubisoft register.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^NETGEAR WG311T Smart Wizard.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311T Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 13:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-12-02 17:42 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2007-01-10 22:59 1235456 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2004-08-28 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 USB28xxBGA;Cinergy EM28xx Capture;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-11-08 379008]
R3 USB28xxOEM;Cinergy EM28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-11-08 27904]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [ ]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 43520]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 20:41:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-09-09 20:44:48
ComboFix-quarantined-files.txt 2008-09-09 18:43:45
ComboFix2.txt 2008-09-09 17:50:41
ComboFix3.txt 2008-09-08 18:27:12
Pre-Run: 35,949,027,328 octets libres
Post-Run: 35,971,629,056 octets libres
198 --- E O F --- 2008-03-06 20:56:59
Répondre à kissbinbin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-U [...] uncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - Unknown owner - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10421 bytes
Répondre à kissbinbin
Re,
Supprime ce dossier :
C:\WINDOWS\system32\oobe
Répondre à Angeldark
Impossible de le supprimer car il est peut etre en cours d'utilisation ...
=/
Répondre à kissbinbin
Même en mode sans échec ?
Répondre à Angeldark
J'arrive pas a demarer en mode sans echec comme je t'ai expliqué plus haut
Répondre à kissbinbin
Tu as retenté depuis la dernière fois ?
Répondre à Angeldark
Sa y est sa remarche =)
J'ai supprimer le dossier
Répondre à kissbinbin
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-U [...] uncher.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - Unknown owner - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10503 bytes
Répondre à kissbinbin
Tu as d'autres soucis ?
Répondre à Angeldark
Non, je ne suis plus infecter du tout?
Répondre à kissbinbin
C'est apparemment ok
Répondre à Angeldark
Je te remercie beaucoup, heureusement qu'il y a des personne comme toi pour aider, encor merci si j'ai un soucis jte demanderais =)
Bonne soirée..
Répondre à kissbinbin
De rien. Bon surf 
Répondre à Angeldark
Il y a 1238 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
