TR/Crypt.FKM.Gen - Trojan
Dernière réponse : dans Sécurité
Bonjour à tous !!!
Je pense que vous avez dejà été sollicité par ce sujet ,mais voilà antivir me signale toujours ce trojan :TR/Crypt.FKM.Gen ,quoi que je fasse il est toujours présent quand j'ouvre mon poste de travail par exemple.
Quand je navigue avec mozilla j ai une fentre internet explorer qui s ouvre furtivement en haut a gauche de mon ecran ,et je perd le control de ma fenetre mozilla trés souvent.
1) Ma premiere question est :a quoi sert ce trojan ?
2) Ma seconde : comment s'en debarrasser?
JE VOUS REMERCIS D AVANCE !!!!!
Je pense que vous avez dejà été sollicité par ce sujet ,mais voilà antivir me signale toujours ce trojan :TR/Crypt.FKM.Gen ,quoi que je fasse il est toujours présent quand j'ouvre mon poste de travail par exemple.
Quand je navigue avec mozilla j ai une fentre internet explorer qui s ouvre furtivement en haut a gauche de mon ecran ,et je perd le control de ma fenetre mozilla trés souvent.
1) Ma premiere question est :a quoi sert ce trojan ?
2) Ma seconde : comment s'en debarrasser?
JE VOUS REMERCIS D AVANCE !!!!!
Autres pages sur : crypt fkm gen trojan
Lassé par la pub ? Créez un compte
voilà ce que dis hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:08, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: rightonadz browser enhancer - {794bc104-eedb-e30c-53b4-c056ec8162b3} - C:\WINDOWS\system32\dvjuocllkzdy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsk1550.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nsg1F.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [upaufpvdzoiibty] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dvjuocllkzdy.dll" EntryPoint
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 6837 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:08, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: rightonadz browser enhancer - {794bc104-eedb-e30c-53b4-c056ec8162b3} - C:\WINDOWS\system32\dvjuocllkzdy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsk1550.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nsg1F.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [upaufpvdzoiibty] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dvjuocllkzdy.dll" EntryPoint
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 6837 bytes
Bonjour,
A quoi sert-il ? A te faire chier tout simplement en te balançant de la pub.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
A quoi sert-il ? A te faire chier tout simplement en te balançant de la pub.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Merci DARKANGEL !!!!
J'ai démaré en mode sans echec et j ai fais le scan avec MBAM ,j ai suprimer les sélectionés...Mais j ai toujours ce trojan ...
Voici le rapport de mdam :
Malwarebytes' Anti-Malware 1.28
Database version: 1201
Windows 5.1.2600 Service Pack 2
24/09/2008 18:12:51
mbam-log-2008-09-24 (18-12-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 87083
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b4094603-dda9-4caf-9b13-0ad1034c9c53} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48dc6ffb-64d7-42e8-949d-8ef2641eb73a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ProtectionComplete (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart(1) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upaufpvdzoiibty (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsk1550.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0026936.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027361.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027399.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027407.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027408.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027409.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027410.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027645.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027646.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP163\A0028334.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030982.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030983.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030984.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvjuocllkzdy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nss8C.dll (Adware.BHO) -> Quarantined and deleted successfully.
J'ai démaré en mode sans echec et j ai fais le scan avec MBAM ,j ai suprimer les sélectionés...Mais j ai toujours ce trojan ...
Voici le rapport de mdam :
Malwarebytes' Anti-Malware 1.28
Database version: 1201
Windows 5.1.2600 Service Pack 2
24/09/2008 18:12:51
mbam-log-2008-09-24 (18-12-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 87083
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b4094603-dda9-4caf-9b13-0ad1034c9c53} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48dc6ffb-64d7-42e8-949d-8ef2641eb73a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ProtectionComplete (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart(1) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upaufpvdzoiibty (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsk1550.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0026936.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027361.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027399.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027407.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027408.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027409.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027410.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027645.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027646.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP163\A0028334.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030982.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030983.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030984.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvjuocllkzdy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nss8C.dll (Adware.BHO) -> Quarantined and deleted successfully.
MERCI DARK !!
Voila le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:48, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nstC.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 5790 bytes
Voila le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:48, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nstC.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 5790 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Merci DARK !!!!
voici le rapport :
ComboFix 08-09-24.07 - Propri‚taire 2008-09-25 1:21:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\Uninstall.lnk
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-19 03:30 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
2008-09-04 14:05 . 2008-09-04 14:05 350,208 --a------ C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 23:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
2008-09-04 14:05 350208 --a------ C:\WINDOWS\system32\nstC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
"Debugger"=ntsd -d
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
MSConfigStartUp-ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-Autoconfigurateur WiFi Neuf - C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 01:25:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-25 1:28:36 - La machine a redémarré [Propri‚taire]
ComboFix-quarantined-files.txt 2008-09-24 23:28:33
Avant-CF: 104ÿ567ÿ533ÿ568 octets libres
Après-CF: 104,502,018,048 octets libres
215 --- E O F --- 2008-09-20 17:10:46
voici le rapport :
ComboFix 08-09-24.07 - Propri‚taire 2008-09-25 1:21:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\Uninstall.lnk
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-19 03:30 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
2008-09-04 14:05 . 2008-09-04 14:05 350,208 --a------ C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 23:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
2008-09-04 14:05 350208 --a------ C:\WINDOWS\system32\nstC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
"Debugger"=ntsd -d
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
MSConfigStartUp-ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-Autoconfigurateur WiFi Neuf - C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 01:25:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-25 1:28:36 - La machine a redémarré [Propri‚taire]
ComboFix-quarantined-files.txt 2008-09-24 23:28:33
Avant-CF: 104ÿ567ÿ533ÿ568 octets libres
Après-CF: 104,502,018,048 octets libres
215 --- E O F --- 2008-09-20 17:10:46
Ce n'est pas terminé.
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\nstC.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
C:\WINDOWS\system32\nstC.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
Re... DARK !!!
En effet ce n était pas terminé ,aprés avoir fais glissé le fichier comme ci dessus ,voici le rapport de combo :
ComboFix 08-09-26.06 - Propri‚taire 2008-09-27 17:00:50.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.283 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\Application Data\urlredir.cfg
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-27 00:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 10:02 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
C:\WINDOWS\system32\adsldpv.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 17:02:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
Heure de fin: 2008-09-27 17:03:15
ComboFix-quarantined-files.txt 2008-09-27 15:03:13
ComboFix2.txt 2008-09-27 14:50:23
ComboFix3.txt 2008-09-26 23:37:00
ComboFix4.txt 2008-09-24 23:28:37
Avant-CF: 104ÿ483ÿ024ÿ896 octets libres
Après-CF: 104,471,142,400 octets libres
178 --- E O F --- 2008-09-26 22:27:03
En effet ce n était pas terminé ,aprés avoir fais glissé le fichier comme ci dessus ,voici le rapport de combo :
ComboFix 08-09-26.06 - Propri‚taire 2008-09-27 17:00:50.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.283 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\Application Data\urlredir.cfg
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-27 00:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 10:02 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
C:\WINDOWS\system32\adsldpv.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 17:02:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
Heure de fin: 2008-09-27 17:03:15
ComboFix-quarantined-files.txt 2008-09-27 15:03:13
ComboFix2.txt 2008-09-27 14:50:23
ComboFix3.txt 2008-09-26 23:37:00
ComboFix4.txt 2008-09-24 23:28:37
Avant-CF: 104ÿ483ÿ024ÿ896 octets libres
Après-CF: 104,471,142,400 octets libres
178 --- E O F --- 2008-09-26 22:27:03
Voici le rapport hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:49, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 5200 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:49, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...
--
End of file - 5200 bytes
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
syxceudk
File::
C:\WINDOWS\system32\bwojvglimty.exe
C:\WINDOWS\system32\drivers\monnvpxa.dat
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
syxceudk
File::
C:\WINDOWS\system32\bwojvglimty.exe
C:\WINDOWS\system32\drivers\monnvpxa.dat
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan "TR/Crypt.ZPACK.Gen" détecté par Avira
- ForumTrojan TR/Crypt.ZPACK.gen
- ForumTROJAN crypt.XPACK.gen
- ForumTR/Crypt.XPACK.Gen Trojan (comment supprimé) svp
- ForumInfection Trojan (TR/Crypt.XPACK.Gen)
- ForumTR/crypt.xpack.gen + TR/vundo.gen= SOS trojan
- ForumAide pour Trojan TR/Crypt.XPACK.Gen : ssqNFUOi.dll
- Forum(Résolu) Cheval de 3 TR/Crypt.FKM.Gen
- ForumHelp! infecté par TR/Crypt.XPACK.Gen
- Voir plus
