[Résolu] Virus adware virtumonde 2008 - fenetre intempestive
Forum Sécurité - Virus : [Résolu] Virus adware virtumonde 2008 - fenetre intempestive
à l'aide svp!!!
depuis 2 semaines, mon ordi est super lent et il y a plein de fenetres intempestives qui apparaissent lorsque je suis sur internet.Nod32 me signal que j'ai ''Virus adware virtumonde 2008 '' mais il est incapable de le supprimer.J'ai aussi un bouclier rouge avec un X dessus dans ma barre de lancement.
Est ce que quelqu'un pourrais m'aider ? Je vous envois mon rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:42, on 2008-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa [...] x&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5894 bytes
Message édité par 666alex le 06-10-2008 à 23:04:16
bonsoir
Télécharge Toolbar S&D de la Team IDN sur ton bureau.
- Double-clique dessus pour lancer l'installation.
- Accepte le contrat de licence.
- Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
- Sélectionne la langue souhaitée et valide par la touche entrée.
- Choisis l'option 1 ( Recherche ).
- Patiente jusqu'à la fin du scan.
- Poste le rapport généré. ( C:\TB.txt )
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Merci de prendre de ton temps pour m'aider.
Voici le rapport:
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Vianney St. Pierre ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total : 27 Go Free : 4 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 2008-09-28|16:17 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings
C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1222038549&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\fMWFgfii.ini
C:\WINDOWS\system32\fMWFgfii.ini2
C:\WINDOWS\system32\IhjiQqss.ini2
==> VUNDO <==
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D Studio Max 9 + Tutorials and Keygen.daa
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.3712693.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\Autodesk_Maya_2008_Unlimited_(win32)keygen_included.3810396.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\Favorites\4Musics Multiformat Converter 1.4 + Crack (download torrent) - TPB.url
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3D Studio Max 9 + Tutorials and Keygen - The Pirate Bay.url
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3ds Max 9 Keygen Warez Download, 3ds Max 9 Keygen Torrent, 3ds Max 9 Keygen Full, 3ds Max 9 Keygen Crack, 3ds Max 9 Keygen Seri.url
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\The Pirate Bay - The worlds largest BitTorrent tracker.url
C:\DOCUME~1\VIANNE~1.PIE\My Documents\awkeygen.exe
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Alex\dowload\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\3D Studio Max 9 + Tutorials and Keygen.iso
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\Readme.txt
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\Autodesk Maya 2008 Unlimited.daa
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\lma01488
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\lma02904
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\readme.txt
1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]
-----------\\ Fin du rapport a 16:22:33.22
bonsoir
1
vire tous tes cracks pourris, à l'origine de ton infection...
2
Relance Toolbar S&D
- Choisis cette fois-ci l'option 2. ( Suppression )
Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré. ( C:\TB.txt )
3
ajoute un log hijackthis stp
Message édité par Sham_Rock le 29-09-2008 à 18:00:56
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Bonjour!
Voici le rapport de (C:\TB.txt):
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Vianney St. Pierre ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total : 27 Go Free : 5 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 2008-09-29|17:34 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1222038549&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\fMWFgfii.ini
C:\WINDOWS\system32\fMWFgfii.ini2
C:\WINDOWS\system32\IhjiQqss.ini2
==> VUNDO <==
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D Studio Max 9 + Tutorials and Keygen.daa
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.3712693.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3D Studio Max 9 + Tutorials and Keygen - The Pirate Bay.url
C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3ds Max 9 Keygen Warez Download, 3ds Max 9 Keygen Torrent, 3ds Max 9 Keygen Full, 3ds Max 9 Keygen Crack, 3ds Max 9 Keygen Seri.url
C:\DOCUME~1\VIANNE~1.PIE\My Documents\awkeygen.exe
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Alex\dowload\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\3D Studio Max 9 + Tutorials and Keygen.iso
C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\Readme.txt
1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-09-29|17:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 2008-09-29|17:31 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 2008-09-29|17:38 - Option : [2]
Et maintenant le rapport de hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:36, on 2008-09-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa [...] x&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [7c019a00] rundll32.exe "C:\WINDOWS\system32\phbmosnb.dll",b
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5783 bytes
bonsoir
je ne ferai rien tant que tu n'auras pas viré tes cracks 
ils sont l'origine de ton infection. Je ne vais pas perdre mon temps avec toi si tu souhaites n'en faire qu'à ta tête...
Message édité par Sham_Rock le 30-09-2008 à 20:58:16
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
salut, je suis désoler.
voici le rapport:
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Vianney St. Pierre ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total : 27 Go Free : 6 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 2008-09-30|20:54 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1222038549&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\fMWFgfii.ini
C:\WINDOWS\system32\fMWFgfii.ini2
C:\WINDOWS\system32\IhjiQqss.ini2
==> VUNDO <==
1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-09-29|17:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 2008-09-29|17:31 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 2008-09-29|17:38 - Option : [2]
5 - "C:\ToolBar SD\TB_5.txt" - 2008-09-30|17:45 - Option : [1]
6 - "C:\ToolBar SD\TB_6.txt" - 2008-09-30|18:05 - Option : [1]
7 - "C:\ToolBar SD\TB_7.txt" - 2008-09-30|18:21 - Option : [1]
8 - "C:\ToolBar SD\TB_8.txt" - 2008-09-30|18:26 - Option : [1]
9 - "C:\ToolBar SD\TB_9.txt" - 2008-09-30|20:55 - Option : [1]
-----------\\ Fin du rapport a 20:55:03.78
Rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:39, on 2008-09-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa [...] x&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {bfa4fc78-ea31-b3fa-b964-f9758675b750} - {057b5768-579f-469b-af3b-13ae87cf4afb} - C:\WINDOWS\system32\titiuh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4FBEE7B7-DC1B-4F77-AF6E-7992BDFE1056} - C:\WINDOWS\system32\iifgFWMf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9303f0d2-f3a8-40d1-9365-f7d14560dfa7} - C:\WINDOWS\system32\kwaagl.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [7c019a00] rundll32.exe "C:\WINDOWS\system32\phbmosnb.dll",b
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6500 bytes
bonjour
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
voici le rapport avant la suppression:
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 3
2008-10-01 18:16:25
mbam-log-2008-10-01 (18-16-12).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 99809
Temps écoulé: 1 hour(s), 9 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c019a00 (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\titiuh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\hyfvcace.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\ecacvfyh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\qhnlscmv.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vmcslnhq.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\IINE58CF\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\RRQGLNWP\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0050795.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0051795.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0052795.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0052847.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052867.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052868.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052870.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0052981.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053008.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053010.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\gcnwxwth.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\igelol.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\ihhlkp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\lwvwgaxh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\qggugs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\uankdksk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\vstrpc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wbtgdekp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\wpsctolc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
Et le rapport apres :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 3
2008-10-01 18:16:38
mbam-log-2008-10-01 (18-16-38).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 99809
Temps écoulé: 1 hour(s), 9 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c019a00 (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\titiuh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hyfvcace.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ecacvfyh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qhnlscmv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vmcslnhq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\IINE58CF\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\RRQGLNWP\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0050795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0051795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0052795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0052847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052867.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052868.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0052981.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gcnwxwth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\igelol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ihhlkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lwvwgaxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qggugs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uankdksk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vstrpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wbtgdekp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wpsctolc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport
\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Bonjour !
Voici le rapport ComboFix
ComboFix 08-09-20.02 - Vianney St. Pierre 2008-10-02 16:49:14.4 - NTFSx86
Running from: C:\Documents and Settings\Vianney St. Pierre\Desktop\ComboFix.exe
* Resident AV is active
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2019-10-27 16:51 . 2019-10-27 16:49 512,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amon.sys
2019-10-27 16:51 . 2019-10-27 16:49 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
2019-10-27 16:51 . 2019-10-27 16:49 15,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nod32drv.sys
2019-09-26 18:50 . 2000-11-07 18:09 2,803,200 --a------ C:\WINDOWS\SYSTEM32\mmtoolsx.OCX
2019-09-26 18:50 . 2000-02-24 23:31 411,136 --a------ C:\WINDOWS\SYSTEM32\MMTYPESX.OCX
2019-09-26 18:50 . 2008-04-06 18:26 21,840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
2019-09-26 18:50 . 2008-04-06 18:26 17,212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
2019-09-26 18:50 . 2008-04-06 18:26 12,067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
2019-09-26 18:47 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\Profiles
2019-09-26 18:46 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\speech
2019-09-26 18:46 . 2007-12-29 17:39 <DIR> d-------- C:\ViaVoice
2019-09-26 18:46 . 2000-03-13 13:44 200,704 --a------ C:\WINDOWS\SLSUNINST.EXE
2019-09-26 18:46 . 1999-05-07 12:24 198,640 --a------ C:\WINDOWS\SYSTEM32\mci32.ocx
2019-09-26 18:46 . 1999-05-07 12:24 140,288 --a------ C:\WINDOWS\SYSTEM32\COMDLG32.OCX
2019-09-26 18:46 . 1999-05-07 12:24 82,960 --a------ C:\WINDOWS\SYSTEM32\PICCLP32.OCX
2019-09-26 18:46 . 1999-03-11 09:47 32,768 --a------ C:\WINDOWS\SYSTEM32\SLSLic32.dll
2019-09-26 18:46 . 2000-01-11 09:40 24,576 --a------ C:\WINDOWS\SYSTEM32\GUITOOLS.DLL
2019-09-26 18:46 . 1999-12-21 12:00 18,944 --a------ C:\WINDOWS\SYSTEM32\VVRtkReg.dll
2019-09-26 18:45 . 2019-09-26 18:45 <DIR> d-------- C:\OLDDRIVR
2019-09-26 18:40 . 2019-09-26 18:40 <DIR> d-------- C:\Temp
2019-09-26 18:40 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2019-09-16 22:16 . 2019-09-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2019-09-16 21:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2019-09-16 21:42 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2019-09-15 15:32 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2019-09-15 15:32 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2019-09-15 14:25 . 2008-09-20 22:47 <DIR> d-------- C:\Program Files\ESET
2008-10-01 16:58 . 2008-10-01 16:58 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Malwarebytes
2008-10-01 16:57 . 2008-10-01 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 16:57 . 2008-10-01 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-01 16:57 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-01 16:57 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-29 17:38 . 2008-09-29 17:39 968,196 --ahs---- C:\WINDOWS\SYSTEM32\bnsombhp.ini
2008-09-28 17:57 . 2008-09-28 17:57 964,083 --ahs---- C:\WINDOWS\SYSTEM32\jpieggps.ini
2008-09-28 16:19 . 2008-09-30 20:54 2,438 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 16:16 . 2008-09-30 20:55 <DIR> d-------- C:\ToolBar SD
2008-09-28 12:33 . 2008-09-28 12:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 17:34 . 2008-09-26 17:35 953,268 --ahs---- C:\WINDOWS\SYSTEM32\kghguewa.ini
2008-09-24 17:36 . 2008-09-25 16:40 875,070 --ahs---- C:\WINDOWS\SYSTEM32\wrtqcdby.ini
2008-09-23 17:35 . 2008-09-24 17:36 896,090 --ahs---- C:\WINDOWS\SYSTEM32\vvxcjjjk.ini
2008-09-23 16:14 . 2008-09-23 17:30 874,710 --ahs---- C:\WINDOWS\SYSTEM32\wjpmbfpm.ini
2008-09-22 19:20 . 2008-09-30 16:51 582,825 --ahs---- C:\WINDOWS\SYSTEM32\fMWFgfii.ini
2008-09-22 19:14 . 2008-09-23 16:08 534 --ahs---- C:\WINDOWS\SYSTEM32\renrnqnj.ini
2008-09-21 12:45 . 2008-09-21 12:46 <DIR> d-------- C:\Program Files\CCleaner
2008-09-21 11:52 . 2008-09-21 12:20 474 --ahs---- C:\WINDOWS\SYSTEM32\wkqbpkkw.ini
2008-09-21 10:29 . 2008-09-21 10:29 578,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-21 10:14 . 2008-09-21 17:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Grisoft
2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-20 17:50 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-09-19 18:51 . 2008-09-30 16:49 582,642 --ahs---- C:\WINDOWS\SYSTEM32\fMWFgfii.ini2
2008-09-18 17:43 . 2008-09-19 19:56 2,684 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-09-17 18:26 . 2008-09-19 18:07 582,447 --ahs---- C:\WINDOWS\SYSTEM32\IhjiQqss.ini2
2008-09-16 21:01 . 2008-09-16 21:01 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-15 20:58 . 2008-10-01 18:24 <DIR> d-------- C:\Program Files\World of Warcraft
2008-09-15 20:58 . 2008-09-15 21:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-11 20:18 . 2008-09-11 20:18 <DIR> d-------- C:\Logs
2008-09-05 18:21 . 2008-09-05 18:21 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-09-05 18:19 . 2008-09-23 17:04 <DIR> d-------- C:\ProgramData
2008-09-05 18:19 . 2008-09-05 18:22 2,004 --a------ C:\WINDOWS\SYSTEM32\ealregsnapshot1.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-10-27 20:31 --------- d-----w C:\Program Files\Symantec
2019-10-27 20:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2019-09-26 22:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-30 22:14 --------- d-----w C:\Documents and Settings\Vianney St. Pierre\Application Data\Azureus
2008-09-23 20:33 --------- d-----w C:\Program Files\Autodesk
2008-09-13 12:34 --------- d-----w C:\Program Files\PowerISO
2008-09-11 00:01 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-11 00:01 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 22:06 --------- d-----w C:\Program Files\Common Files\Real
2008-09-10 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-09-05 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 01:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-26 19:35 --------- d-----w C:\Program Files\Azureus
2008-08-26 17:25 --------- d-----w C:\Program Files\MSN Messenger
2008-08-03 15:45 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2008-08-03 15:45 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-17 16:55 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-03-31 03:27 6,327,225 ----a-w C:\Program Files\ir2007.qtd
2008-03-30 17:55 510,243 ----a-w C:\Program Files\pa2007.bmd
2008-03-30 17:55 339,649 ----a-w C:\Program Files\ir2007.sro
2008-03-30 17:54 270,336 ----a-w C:\Program Files\ir2007at.dll
2008-03-30 17:54 1,028,096 ----a-w C:\Program Files\ir2007ir.dll
2008-02-06 22:32 2,982,966 ----a-w C:\Program Files\ir2007.chm
2008-01-06 16:25 491,520 ----a-w C:\Program Files\TlTran32.dll
2008-01-06 16:25 20,489 ----a-w C:\Program Files\qttxl.chm
2008-01-06 16:25 1,024,000 ----a-w C:\Program Files\qttxl32.dll
2008-01-03 20:34 69,632 ----a-w C:\Program Files\pa233597.dll
2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa895078.dll
2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa346689.dll
2008-01-03 19:31 1,892,352 ----a-w C:\Program Files\ic2007xe.dll
2008-01-03 19:30 26,624 ----a-w C:\Program Files\ic2007xam.dll
2008-01-03 19:29 69,632 ----a-w C:\Program Files\ic2007pp.dll
2008-01-03 19:29 688,128 ----a-w C:\Program Files\python21.dll
2008-01-03 19:29 643,072 ----a-w C:\Program Files\ECLActiveX.ocx
2008-01-03 19:29 401,408 ----a-w C:\Program Files\MRQ_R4S001D07.dll
2008-01-03 19:29 31,232 ----a-w C:\Program Files\ic2007ac.dll
2008-01-03 19:29 200,704 ----a-w C:\Program Files\ic2007ne.dll
2008-01-03 19:29 163,840 ----a-w C:\Program Files\IDAutomationDMATRIX6.DLL
2008-01-03 19:29 1,867,776 ----a-w C:\Program Files\ic2007xa.dll
2008-01-03 19:27 114,688 ----a-w C:\Program Files\IDAutomationPDF417e.dll
2008-01-03 19:15 2,003,644 ----a-w C:\Program Files\ir2007.lif
2008-01-03 17:18 101 ----a-w C:\Program Files\aw.awa
2007-12-18 00:09 5,940,520 ----a-w C:\Program Files\impotnet.chm
2005-05-13 19:44 149 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 147456]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2019-10-27 949376]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ZipGenius Clean"="C:\WINDOWS\zg.exe" [2002-09-04 180736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-15 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kwaagl.dll titiuh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifgFWMf
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 HPSPAR01;HPSPAR01;C:\WINDOWS\system32\drivers\HPSPAR01.SYS [1999-06-02 36128]
.
- - - - ORPHANS REMOVED - - - -
BHO-{4FBEE7B7-DC1B-4F77-AF6E-7992BDFE1056} - C:\WINDOWS\system32\iifgFWMf.dll
BHO-{9303f0d2-f3a8-40d1-9365-f7d14560dfa7} - C:\WINDOWS\system32\kwaagl.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1222038549&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O17 -: HKLM\CCS\Interface\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 16:50:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-10-02 16:54:21
ComboFix-quarantined-files.txt 2008-10-02 20:54:10
Pre-Run: 7,044,476,928 bytes free
Post-Run: 7,057,108,992 bytes free
222 --- E O F --- 2008-09-11 00:12:02
Le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:56, on 2008-10-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa [...] x&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6059 bytes
bonsoir
Copie (Ctrl+C) le texte ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
++++++++++++++++++
C:\WINDOWS\system32\drivers\HPSPAR01.SYS
Note :
| Citation : Pour afficher les dossiers et fichiers cachés du système:
|
Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.
Virusscan
Analyse ce fichier :
C:\WINDOWS\system32\drivers\HPSPAR01.SYS
Sur le site de virusscan
http://virusscan.jotti.org/
poste-nous le rapport.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Salut
Lorsque j'ai glisser le fichier CFScript.txt dans combofix il ne mon pas demander de choisir une option. Seule un fenetre c'est ouverte inscrivant qu'il y avait une update de combofix. Apres l'avoir fait un scan a été effectué et un rapport a été généré. J'ai refait l'étape et il m'inscrivait encore qu'il avait une update j'ai donc dis non et partis une analyse apres un nouveau rapport c'est ouvert et le voici:
ComboFix 08-10-04.05 - Vianney St. Pierre 2008-10-04 21:40:47.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.180 [GMT -4:00]
Running from: C:\Documents and Settings\Vianney St. Pierre\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vianney St. Pierre\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
FILE ::
C:\WINDOWS\SYSTEM32\bnsombhp.ini
C:\WINDOWS\SYSTEM32\fMWFgfii.ini
C:\WINDOWS\SYSTEM32\fMWFgfii.ini2
C:\WINDOWS\SYSTEM32\IhjiQqss.ini2
C:\WINDOWS\SYSTEM32\jpieggps.ini
C:\WINDOWS\SYSTEM32\kghguewa.ini
C:\WINDOWS\SYSTEM32\renrnqnj.ini
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\vvxcjjjk.ini
C:\WINDOWS\SYSTEM32\wjpmbfpm.ini
C:\WINDOWS\SYSTEM32\wkqbpkkw.ini
C:\WINDOWS\SYSTEM32\wrtqcdby.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2019-10-27 16:51 . 2019-10-27 16:49 512,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amon.sys
2019-10-27 16:51 . 2019-10-27 16:49 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
2019-10-27 16:51 . 2019-10-27 16:49 15,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nod32drv.sys
2019-09-26 18:50 . 2000-11-07 18:09 2,803,200 --a------ C:\WINDOWS\SYSTEM32\mmtoolsx.OCX
2019-09-26 18:50 . 2000-02-24 23:31 411,136 --a------ C:\WINDOWS\SYSTEM32\MMTYPESX.OCX
2019-09-26 18:50 . 2008-04-06 18:26 21,840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
2019-09-26 18:50 . 2008-04-06 18:26 17,212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
2019-09-26 18:50 . 2008-04-06 18:26 12,067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
2019-09-26 18:47 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\Profiles
2019-09-26 18:46 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\speech
2019-09-26 18:46 . 2007-12-29 17:39 <DIR> d-------- C:\ViaVoice
2019-09-26 18:46 . 2000-03-13 13:44 200,704 --a------ C:\WINDOWS\SLSUNINST.EXE
2019-09-26 18:46 . 1999-05-07 12:24 198,640 --a------ C:\WINDOWS\SYSTEM32\mci32.ocx
2019-09-26 18:46 . 1999-05-07 12:24 140,288 --a------ C:\WINDOWS\SYSTEM32\COMDLG32.OCX
2019-09-26 18:46 . 1999-05-07 12:24 82,960 --a------ C:\WINDOWS\SYSTEM32\PICCLP32.OCX
2019-09-26 18:46 . 1999-03-11 09:47 32,768 --a------ C:\WINDOWS\SYSTEM32\SLSLic32.dll
2019-09-26 18:46 . 2000-01-11 09:40 24,576 --a------ C:\WINDOWS\SYSTEM32\GUITOOLS.DLL
2019-09-26 18:46 . 1999-12-21 12:00 18,944 --a------ C:\WINDOWS\SYSTEM32\VVRtkReg.dll
2019-09-26 18:45 . 2019-09-26 18:45 <DIR> d-------- C:\OLDDRIVR
2019-09-26 18:40 . 2019-09-26 18:40 <DIR> d-------- C:\Temp
2019-09-26 18:40 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2019-09-16 22:16 . 2019-09-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2019-09-16 21:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2019-09-16 21:42 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2019-09-15 15:32 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2019-09-15 15:32 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2019-09-15 14:25 . 2008-09-20 22:47 <DIR> d-------- C:\Program Files\ESET
2008-10-01 16:58 . 2008-10-01 16:58 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Malwarebytes
2008-10-01 16:57 . 2008-10-01 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 16:57 . 2008-10-01 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-01 16:57 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-01 16:57 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-28 16:19 . 2008-09-30 20:54 2,438 --a------ C:\Documents and Settings\Orph.egd
2008-09-28 16:16 . 2008-09-30 20:55 <DIR> d-------- C:\ToolBar SD
2008-09-28 12:33 . 2008-09-28 12:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 12:45 . 2008-09-21 12:46 <DIR> d-------- C:\Program Files\CCleaner
2008-09-21 10:29 . 2008-09-21 10:29 578,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-09-21 10:14 . 2008-09-21 17:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Grisoft
2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-20 17:50 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-09-16 21:01 . 2008-09-16 21:01 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-15 20:58 . 2008-10-03 20:58 <DIR> d-------- C:\Program Files\World of Warcraft
2008-09-15 20:58 . 2008-09-15 21:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-11 20:18 . 2008-09-11 20:18 <DIR> d-------- C:\Logs
2008-09-05 18:21 . 2008-09-05 18:21 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-09-05 18:19 . 2008-09-23 17:04 <DIR> d-------- C:\ProgramData
2008-09-05 18:19 . 2008-09-05 18:22 2,004 --a------ C:\WINDOWS\SYSTEM32\ealregsnapshot1.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-10-27 20:31 --------- d-----w C:\Program Files\Symantec
2019-10-27 20:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2019-09-26 22:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-30 22:14 --------- d-----w C:\Documents and Settings\Vianney St. Pierre\Application Data\Azureus
2008-09-23 20:33 --------- d-----w C:\Program Files\Autodesk
2008-09-13 12:34 --------- d-----w C:\Program Files\PowerISO
2008-09-11 00:01 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-11 00:01 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 22:06 --------- d-----w C:\Program Files\Common Files\Real
2008-09-10 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-09-05 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 01:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-26 19:35 --------- d-----w C:\Program Files\Azureus
2008-08-26 17:25 --------- d-----w C:\Program Files\MSN Messenger
2008-08-03 15:45 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2008-08-03 15:45 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-17 16:55 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-03-31 03:27 6,327,225 ----a-w C:\Program Files\ir2007.qtd
2008-03-30 17:55 510,243 ----a-w C:\Program Files\pa2007.bmd
2008-03-30 17:55 339,649 ----a-w C:\Program Files\ir2007.sro
2008-03-30 17:54 270,336 ----a-w C:\Program Files\ir2007at.dll
2008-03-30 17:54 1,028,096 ----a-w C:\Program Files\ir2007ir.dll
2008-02-06 22:32 2,982,966 ----a-w C:\Program Files\ir2007.chm
2008-01-06 16:25 491,520 ----a-w C:\Program Files\TlTran32.dll
2008-01-06 16:25 20,489 ----a-w C:\Program Files\qttxl.chm
2008-01-06 16:25 1,024,000 ----a-w C:\Program Files\qttxl32.dll
2008-01-03 20:34 69,632 ----a-w C:\Program Files\pa233597.dll
2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa895078.dll
2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa346689.dll
2008-01-03 19:31 1,892,352 ----a-w C:\Program Files\ic2007xe.dll
2008-01-03 19:30 26,624 ----a-w C:\Program Files\ic2007xam.dll
2008-01-03 19:29 69,632 ----a-w C:\Program Files\ic2007pp.dll
2008-01-03 19:29 688,128 ----a-w C:\Program Files\python21.dll
2008-01-03 19:29 643,072 ----a-w C:\Program Files\ECLActiveX.ocx
2008-01-03 19:29 401,408 ----a-w C:\Program Files\MRQ_R4S001D07.dll
2008-01-03 19:29 31,232 ----a-w C:\Program Files\ic2007ac.dll
2008-01-03 19:29 200,704 ----a-w C:\Program Files\ic2007ne.dll
2008-01-03 19:29 163,840 ----a-w C:\Program Files\IDAutomationDMATRIX6.DLL
2008-01-03 19:29 1,867,776 ----a-w C:\Program Files\ic2007xa.dll
2008-01-03 19:27 114,688 ----a-w C:\Program Files\IDAutomationPDF417e.dll
2008-01-03 19:15 2,003,644 ----a-w C:\Program Files\ir2007.lif
2008-01-03 17:18 101 ----a-w C:\Program Files\aw.awa
2007-12-18 00:09 5,940,520 ----a-w C:\Program Files\impotnet.chm
2005-05-13 19:44 149 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 147456]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2019-10-27 949376]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ZipGenius Clean"="C:\WINDOWS\zg.exe" [2002-09-04 180736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-15 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 HPSPAR01;HPSPAR01;C:\WINDOWS\system32\drivers\HPSPAR01.SYS [1999-06-02 36128]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 21:43:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-10-04 21:46:15
ComboFix-quarantined-files.txt 2008-10-05 01:46:01
ComboFix2.txt 2008-10-05 01:32:26
ComboFix3.txt 2008-10-02 20:54:23
Pre-Run: 6,983,237,632 bytes free
Post-Run: 6,969,131,008 bytes free
208 --- E O F --- 2008-09-11 00:12:02
Scanner results
Scan taken on 05 Oct 2008 02:02:46 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Statistics
Last file scanned at least one scanner reported something about: tcp.exe (MD5: ec3c1e36e14fc9f9c5a3318b503bcf8e, size: 1135411 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir HEUR/Crypted
ArcaVir Trojan.Dropper.Vb.Ffk
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus X
Kaspersky Anti-Virus X
NOD32 probably a variant of Win32/Genetik
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Trojan-Dropper.Win32.VB.ffo
bonjour
Désinstalle combofix en suivant cette procédure:
- Menu démarrer puis exécuter
- Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.
++++++++++
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Bonjour !
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 05, 2008 16:40:34
Records in database: 1292718
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 52079
Threat name 8
Infected objects 9
Suspicious objects 0
Duration of the scan 01:49:34
File name Threat name Threats count
C:\Program Files\ESET\infected\3J33SICA.NQF Infected: Trojan.Win32.Monder.pyg 1
C:\Program Files\ESET\infected\542MH4AA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.ehe 1
C:\Program Files\ESET\infected\ATCO5DDA.NQF Infected: Backdoor.Win32.Frauder.fk 1
C:\Program Files\ESET\infected\GFA53MDA.NQF Infected: Backdoor.Win32.SdBot.eiu 1
C:\Program Files\ESET\infected\JLPB0JAA.NQF Infected: Trojan.Win32.Vapsup.lxf 1
C:\Program Files\ESET\infected\M202BXAA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.eex 1
C:\Program Files\ESET\infected\NVOO5BCA.NQF Infected: Trojan.Win32.Monder.pyg 1
C:\Program Files\ESET\infected\UCFA3YAA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.efa 1
C:\WINDOWS\SYSTEM32\mswinsck.ocx Infected: Backdoor.Win32.VB.fnl 1
The selected area was scanned.
re
supprime:
C:\WINDOWS\SYSTEM32\mswinsck.ocx
vide la quarantaine de Nod32
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Merci Beaucoup !!!
Tu m'a été d'une grande d'aide. Je te remercie mille fois pour avoir pris le temps de m'aidé.
Bye bye et bonne journée !
de rien
bon surf ;O)
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 1433 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
