Virus worm.win32 netbooster : comment s'en débarasser?Help!
Dernière réponse : dans Sécurité
Depuis hier j'ai contracté worm.win32 netbooster sur mon ordi.
Je suis harcelé par les alertes intempestives suivantes:
1) System Alert: "System detected virus activities.This may impact..."
2) Spyware Alert: "Security warning: Worm.win32.NetBooster detected on your machine...
Il est proposé alors de l'éliminer en installant "Antivirus fiable" pour analyser et détecter les logiciels malveillants via des raccourcis apparus
3) Windows security Alert: "Windows has detected an internet attack attempt......click here to download spyware remover for total protection.
De plus, je ne peux ni accéder au pannneau de configuration ni au c: ni au changement de sessions et mon fond d'écran a été remplacé par un message d'alerte sur fond rouge.
Mon antivirus ne voit rien du tout.
Je suis harcelé par les alertes intempestives suivantes:
1) System Alert: "System detected virus activities.This may impact..."
2) Spyware Alert: "Security warning: Worm.win32.NetBooster detected on your machine...
Il est proposé alors de l'éliminer en installant "Antivirus fiable" pour analyser et détecter les logiciels malveillants via des raccourcis apparus
3) Windows security Alert: "Windows has detected an internet attack attempt......click here to download spyware remover for total protection.
De plus, je ne peux ni accéder au pannneau de configuration ni au c: ni au changement de sessions et mon fond d'écran a été remplacé par un message d'alerte sur fond rouge.
Mon antivirus ne voit rien du tout.
Autres pages sur : virus worm win32 netbooster debarasser help
Lassé par la pub ? Créez un compte
Un bonjour ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Bonjour Angeldark,
merci pour ton message et désolé pour ce premier message un peu brusque mais j'ai pas trop l'habitude des forums!
J'ai fait ce que tu m'as demandé et voici donc le rapport : (d'avance merci)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09: VIRUS ALERT!, on 03/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propri�taire\Application Data\U3\0BC167613332987D\LaunchPad.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: dkwqgnbe - {106198B5-9A3D-4D97-8DEF-845A1FDCD787} - C:\WINDOWS\TEMP\ac8zt2\dkwqgnbe.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdmUiAct] C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe
O4 - HKLM\..\Policies\Explorer\Run: [pDUpl4E027] C:\Documents and Settings\All Users\Application Data\armzsngn\cjkhifur.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R�SEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mlJCSMGW - C:\WINDOWS\SYSTEM32\mlJCSMGW.dll
O21 - SSODL: neksolda - {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll (file missing)
O21 - SSODL: utilcmddsc - {5A8D322F-A8C2-6EAE-79C6-02C079A1D443} - C:\Program Files\onjjvyc\utilcmddsc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6484 bytes
merci pour ton message et désolé pour ce premier message un peu brusque mais j'ai pas trop l'habitude des forums!
J'ai fait ce que tu m'as demandé et voici donc le rapport : (d'avance merci)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09: VIRUS ALERT!, on 03/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propri�taire\Application Data\U3\0BC167613332987D\LaunchPad.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: dkwqgnbe - {106198B5-9A3D-4D97-8DEF-845A1FDCD787} - C:\WINDOWS\TEMP\ac8zt2\dkwqgnbe.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdmUiAct] C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe
O4 - HKLM\..\Policies\Explorer\Run: [pDUpl4E027] C:\Documents and Settings\All Users\Application Data\armzsngn\cjkhifur.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R�SEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mlJCSMGW - C:\WINDOWS\SYSTEM32\mlJCSMGW.dll
O21 - SSODL: neksolda - {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll (file missing)
O21 - SSODL: utilcmddsc - {5A8D322F-A8C2-6EAE-79C6-02C079A1D443} - C:\Program Files\onjjvyc\utilcmddsc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6484 bytes
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Re Angeldark,
j'ai désactivé Norton mais pas spybot (je ne sais pas ce que c'est, je ne dois pas en avoir)
Voici donc le rapport de combofix:
Lanc� depuis: C:\Documents and Settings\Propri�taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a �t� cr��
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alex 8\Cookies\Thumbs.db
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\Seekmo Programs
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\BMebf6d3c4.txt
C:\WINDOWS\BMebf6d3c4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\iAlmcoin.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\mlJCSMGW.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\yayvWpoO.dll
----- BITS: Il y a peut-�tre des sites infect�s -----
hxxp://ms-facebook.110mb.com
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2008-09-03 au 2008-10-03 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-02 14:24 <REP> d-------- C:\Program Files\onjjvyc
2008-10-02 14:24 . 2008-10-02 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\armzsngn
2008-10-02 14:24 . 2008-10-02 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 266,240 --a------ C:\neksolda.dll
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propri�taire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propri�taire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 19:14 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"AdmUiAct"="C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe" [2008-10-02 106496]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"neksolda"= {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll [2008-10-02 266240]
"utilcmddsc"= {5A8D322F-A8C2-6EAE-79C6-02C079A1D443} - C:\Program Files\onjjvyc\utilcmddsc.dll [2008-10-02 135168]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'T�ches planifi�es'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
Toolbar-{106198B5-9A3D-4D97-8DEF-845A1FDCD787} - C:\WINDOWS\TEMP\ac8zt2\dkwqgnbe.dll
HKLM-Explorer_Run-pDUpl4E027 - C:\Documents and Settings\All Users\Application Data\armzsngn\cjkhifur.exe
ShellExecuteHooks-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
.
------- Examen suppl�mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Propri�taire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\
FF -: plugin - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 21:14:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cach�s ...
Recherche d'�l�ments en d�marrage automatique cach�s ...
Recherche de fichiers cach�s ...
Scan termin� avec succ�s
Fichiers cach�s: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-03 21:21:58 - La machine a red�marr�
ComboFix-quarantined-files.txt 2008-10-03 19:21:54
Avant-CF: 45�526�212�608 octets libres
Apr�s-CF: 46,150,635,520 octets libres
263 --- E O F --- 2008-09-11 01:05:53
Merci.
j'ai désactivé Norton mais pas spybot (je ne sais pas ce que c'est, je ne dois pas en avoir)
Voici donc le rapport de combofix:
Lanc� depuis: C:\Documents and Settings\Propri�taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a �t� cr��
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alex 8\Cookies\Thumbs.db
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\Seekmo Programs
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\BMebf6d3c4.txt
C:\WINDOWS\BMebf6d3c4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\iAlmcoin.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\mlJCSMGW.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\yayvWpoO.dll
----- BITS: Il y a peut-�tre des sites infect�s -----
hxxp://ms-facebook.110mb.com
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2008-09-03 au 2008-10-03 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-02 14:24 <REP> d-------- C:\Program Files\onjjvyc
2008-10-02 14:24 . 2008-10-02 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\armzsngn
2008-10-02 14:24 . 2008-10-02 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 266,240 --a------ C:\neksolda.dll
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propri�taire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propri�taire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 10:44 . 2008-10-01 23:20 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propri�taire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 19:14 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propri�taire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propri�taire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"AdmUiAct"="C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe" [2008-10-02 106496]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"neksolda"= {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll [2008-10-02 266240]
"utilcmddsc"= {5A8D322F-A8C2-6EAE-79C6-02C079A1D443} - C:\Program Files\onjjvyc\utilcmddsc.dll [2008-10-02 135168]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'T�ches planifi�es'
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
Toolbar-{106198B5-9A3D-4D97-8DEF-845A1FDCD787} - C:\WINDOWS\TEMP\ac8zt2\dkwqgnbe.dll
HKLM-Explorer_Run-pDUpl4E027 - C:\Documents and Settings\All Users\Application Data\armzsngn\cjkhifur.exe
ShellExecuteHooks-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\WINDOWS\system32\mlJCSMGW.dll
.
------- Examen suppl�mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Propri�taire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\
FF -: plugin - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 21:14:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cach�s ...
Recherche d'�l�ments en d�marrage automatique cach�s ...
Recherche de fichiers cach�s ...
Scan termin� avec succ�s
Fichiers cach�s: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-03 21:21:58 - La machine a red�marr�
ComboFix-quarantined-files.txt 2008-10-03 19:21:54
Avant-CF: 45�526�212�608 octets libres
Apr�s-CF: 46,150,635,520 octets libres
263 --- E O F --- 2008-09-11 01:05:53
Merci.
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Bonsoir Angeldark,
rentré tout à l'heure, je suis dispo toute la soirée.
Voici le le rapport du logiciel que tu m'as conseillé:
Malwarebytes' Anti-Malware 1.28
Version de la base de donn�es: 1134
Windows 5.1.2600 Service Pack 2
04/10/2008 20:44:47
mbam-log-2008-10-04 (20-44-47).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)
El�ments examin�s: 139372
Temps �coul�: 2 hour(s), 2 minute(s), 30 second(s)
Processus m�moire infect�(s): 0
Module(s) m�moire infect�(s): 0
Cl�(s) du Registre infect�e(s): 2
Valeur(s) du Registre infect�e(s): 2
El�ment(s) de donn�es du Registre infect�(s): 2
Dossier(s) infect�(s): 6
Fichier(s) infect�(s): 18
Processus m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)
Module(s) m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)
Cl�(s) du Registre infect�e(s):
HKEY_CLASSES_ROOT\CLSID\{5A8D322F-A8C2-6EAE-79C6-02C079A1D443} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Valeur(s) du Registre infect�e(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\utilcmddsc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admuiact (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
El�ment(s) de donn�es du Registre infect�(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55639-OEM-0011903-00106) -> Quarantined and deleted successfully.
Dossier(s) infect�(s):
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Fichier(s) infect�(s):
C:\Program Files\onjjvyc\utilcmddsc.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\neksolda.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shopper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJCSMGW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvWpoO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018580.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018629.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018918.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
rentré tout à l'heure, je suis dispo toute la soirée.
Voici le le rapport du logiciel que tu m'as conseillé:
Malwarebytes' Anti-Malware 1.28
Version de la base de donn�es: 1134
Windows 5.1.2600 Service Pack 2
04/10/2008 20:44:47
mbam-log-2008-10-04 (20-44-47).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)
El�ments examin�s: 139372
Temps �coul�: 2 hour(s), 2 minute(s), 30 second(s)
Processus m�moire infect�(s): 0
Module(s) m�moire infect�(s): 0
Cl�(s) du Registre infect�e(s): 2
Valeur(s) du Registre infect�e(s): 2
El�ment(s) de donn�es du Registre infect�(s): 2
Dossier(s) infect�(s): 6
Fichier(s) infect�(s): 18
Processus m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)
Module(s) m�moire infect�(s):
(Aucun �l�ment nuisible d�tect�)
Cl�(s) du Registre infect�e(s):
HKEY_CLASSES_ROOT\CLSID\{5A8D322F-A8C2-6EAE-79C6-02C079A1D443} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Valeur(s) du Registre infect�e(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\utilcmddsc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admuiact (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
El�ment(s) de donn�es du Registre infect�(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55639-OEM-0011903-00106) -> Quarantined and deleted successfully.
Dossier(s) infect�(s):
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Fichier(s) infect�(s):
C:\Program Files\onjjvyc\utilcmddsc.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\AdmUiAct\vopghkhu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\neksolda.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shopper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJCSMGW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvWpoO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018580.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018629.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018918.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP49\A0018920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propri�taire\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Bonjour,
voici les rapports hijackthis et combofix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: neksolda - {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5114 bytes
ET
ComboFix 08-10-03.01 - Propriétaire 2008-10-05 17:02:02.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.50 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-04 18:00 . 2008-10-04 18:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 18:00 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 18:00 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Program Files\onjjvyc
2008-10-02 14:24 . 2008-10-02 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\armzsngn
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 14:41 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
SSODL-neksolda-{580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\
FF -: plugin - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:05:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-05 17:10:22
ComboFix-quarantined-files.txt 2008-10-05 15:10:18
ComboFix2.txt 2008-10-03 19:22:00
Avant-CF: 56 813 080 576 octets libres
Après-CF: 56,801,574,912 octets libres
186 --- E O F --- 2008-09-11 01:05:53
voici les rapports hijackthis et combofix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: neksolda - {580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5114 bytes
ET
ComboFix 08-10-03.01 - Propriétaire 2008-10-05 17:02:02.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.50 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-04 18:00 . 2008-10-04 18:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 18:00 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 18:00 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Program Files\onjjvyc
2008-10-02 14:24 . 2008-10-02 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\armzsngn
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 14:41 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
SSODL-neksolda-{580B37D7-F095-4BD8-99A7-33DCA5A9FD4E} - \neksolda.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\
FF -: plugin - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\eyyci5os.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:05:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-05 17:10:22
ComboFix-quarantined-files.txt 2008-10-05 15:10:18
ComboFix2.txt 2008-10-03 19:22:00
Avant-CF: 56 813 080 576 octets libres
Après-CF: 56,801,574,912 octets libres
186 --- E O F --- 2008-09-11 01:05:53
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
![]()
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Folder::
C:\Program Files\onjjvyc
C:\Documents and Settings\All Users\Application Data\armzsngn
C:\Program Files\onjjvyc
C:\Documents and Settings\All Users\Application Data\armzsngn
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
Voici le rapport combofix puis le hijackthis :
ComboFix 08-10-03.01 - Propriétaire 2008-10-05 17:50:13.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propriétaire\Bureau\Sécurité\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\armzsngn
C:\Program Files\onjjvyc
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-04 18:00 . 2008-10-04 18:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 18:00 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 18:00 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 14:41 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:52:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-05 17:56:37
ComboFix-quarantined-files.txt 2008-10-05 15:56:33
ComboFix2.txt 2008-10-05 15:10:23
ComboFix3.txt 2008-10-03 19:22:00
Avant-CF: 56 794 599 424 octets libres
Après-CF: 56,789,983,232 octets libres
177 --- E O F --- 2008-09-11 01:05:53
et le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Propriétaire\Bureau\Sécurité\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5028 bytes
ComboFix 08-10-03.01 - Propriétaire 2008-10-05 17:50:13.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propriétaire\Bureau\Sécurité\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\armzsngn
C:\Program Files\onjjvyc
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-04 18:00 . 2008-10-04 18:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 18:00 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 18:00 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-10-04 17:54 . 2008-10-04 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 09:08 . 2008-10-03 09:18 1,912 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-02 14:24 . 2008-10-04 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AdmUiAct
2008-10-02 14:22 . 2008-10-02 11:18 245,760 --a------ C:\xgpsarbm.dll
2008-10-02 10:58 . 2008-10-02 11:06 <REP> d-------- C:\Program Files\MediaCoder
2008-10-01 17:25 . 2008-10-01 17:25 <REP> d-------- C:\Program Files\Hasbro
2008-10-01 11:35 . 2008-10-02 10:53 <REP> d-------- C:\Program Files\MKVtoolnix
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:41 . 2008-09-29 15:40 <REP> d-------- C:\Documents and Settings\Propriétaire\.smplayer
2008-09-28 18:39 . 2008-09-28 18:39 <REP> d-------- C:\Program Files\SMPlayer
2008-09-23 07:36 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-09-16 22:05 . 2008-09-16 22:05 268 --ah----- C:\sqmdata12.sqm
2008-09-16 22:05 . 2008-09-16 22:05 244 --ah----- C:\sqmnoopt12.sqm
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Program Files\NOS
2008-09-16 14:50 . 2008-09-16 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 00:17 . 2008-09-16 00:17 268 --ah----- C:\sqmdata11.sqm
2008-09-16 00:17 . 2008-09-16 00:17 244 --ah----- C:\sqmnoopt11.sqm
2008-09-15 21:19 . 2008-09-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-09-15 20:10 . 2008-09-15 20:10 268 --ah----- C:\sqmdata10.sqm
2008-09-15 20:10 . 2008-09-15 20:10 244 --ah----- C:\sqmnoopt10.sqm
2008-09-15 12:05 . 2008-09-15 12:05 268 --ah----- C:\sqmdata09.sqm
2008-09-15 12:05 . 2008-09-15 12:05 244 --ah----- C:\sqmnoopt09.sqm
2008-09-15 11:43 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
2008-09-15 11:43 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
2008-09-15 11:43 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-15 11:35 . 2008-09-15 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-15 00:07 . 2008-09-15 00:07 268 --ah----- C:\sqmdata08.sqm
2008-09-15 00:07 . 2008-09-15 00:07 244 --ah----- C:\sqmnoopt08.sqm
2008-09-14 20:40 . 2008-09-14 20:40 268 --ah----- C:\sqmdata07.sqm
2008-09-14 20:40 . 2008-09-14 20:40 244 --ah----- C:\sqmnoopt07.sqm
2008-09-14 18:28 . 2008-09-14 18:28 268 --ah----- C:\sqmdata06.sqm
2008-09-14 18:28 . 2008-09-14 18:28 244 --ah----- C:\sqmnoopt06.sqm
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:55 . 2008-09-14 13:55 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-14 13:54 . 2008-09-16 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 13:54 . 2008-09-14 13:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-14 11:51 . 2008-09-14 11:51 268 --ah----- C:\sqmdata05.sqm
2008-09-14 11:51 . 2008-09-14 11:51 244 --ah----- C:\sqmnoopt05.sqm
2008-09-14 01:17 . 2008-09-14 01:17 268 --ah----- C:\sqmdata04.sqm
2008-09-14 01:16 . 2008-09-14 01:16 244 --ah----- C:\sqmnoopt04.sqm
2008-09-13 17:53 . 2008-09-13 17:53 268 --ah----- C:\sqmdata03.sqm
2008-09-13 17:53 . 2008-09-13 17:53 244 --ah----- C:\sqmnoopt03.sqm
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-11 09:47 . 2008-09-11 09:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-09-05 07:48 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-05 07:42 . 2008-09-05 07:42 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:36 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2008-09-05 07:36 . 2008-09-05 07:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 14:41 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-03 18:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-10-02 12:15 --------- d-----w C:\Program Files\PopCap Games
2008-09-23 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 05:38 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-09-17 08:34 --------- d-----w C:\Program Files\GameHouse
2008-09-14 11:50 --------- d-----w C:\Program Files\QuickTime
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-11 07:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-09-04 20:58 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-08-29 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-22 08:16 --------- d---a-w C:\Program Files\Easy Internet signup
2008-07-21 22:21 401,696 ----a-w C:\WINDOWS\Prince.scr
2008-07-21 22:21 29,696 ----a-w C:\WINDOWS\mickey32.dll
2008-07-21 22:21 2,343,553 ----a-w C:\WINDOWS\Prince.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-01-02 19:08 34,280 ----a-w C:\Documents and Settings\Alex 8\Application Data\GDIPFONTCACHEV1.DAT
2005-11-26 21:26 7,680 --sha-w C:\Program Files\Thumbs.db
2005-11-26 13:12 1,108,550 ----a-w C:\Program Files\elem.exe
2005-11-26 12:12 12,234,628 ----a-w C:\Program Files\celestia-win32-1.3.2.exe
2005-11-26 09:59 1,067,640 ----a-w C:\Program Files\zipcentral.exe
2005-11-25 14:17 23,021,360 ----a-w C:\Program Files\AdbeRdr705_fra_full.exe
2005-11-25 14:10 7,218,088 ----a-w C:\Program Files\psa30se_fr_fr.exe
2005-11-25 14:08 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2003-01-01 19:32 32 --sha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"NVIEW"="nview.dll" [2003-05-03 C:\WINDOWS\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 335872]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"nwiz"="nwiz.exe" [2003-05-03 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:52:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-05 17:56:37
ComboFix-quarantined-files.txt 2008-10-05 15:56:33
ComboFix2.txt 2008-10-05 15:10:23
ComboFix3.txt 2008-10-03 19:22:00
Avant-CF: 56 794 599 424 octets libres
Après-CF: 56,789,983,232 octets libres
177 --- E O F --- 2008-09-11 01:05:53
et le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Propriétaire\Bureau\Sécurité\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5028 bytes
Apparemment non, mais je ne me suis pas encore re-connecté à internet ! Avant cela, je pense installer les logiciels que tu recommandes sur ce forum (antivir...) même si j'avais abandonné antivir il y a quelques années car il avait planté mon ordi en plein téléchargement d'une mise à jour...
Donc en espérant qsue ce soit mon dernier message du post, je te remercie énormément Angeldark :-)
Donc en espérant qsue ce soit mon dernier message du post, je te remercie énormément Angeldark :-)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus worm win32 netsky
- ForumVirus worms win32 netbooster
- ForumVirus de type worm win32.netsky
- ForumHelp virus win32, winreg, vbs malware-gen
- ForumVirus win32 trojan et agent help
- ForumHelp virus win32 skimorph cryp
- ForumVirus win32 adan-161 help svp
- ForumVirus win32 may day help rapport hijackthis
- ForumHelp comment virer le virus win32 vb-cvo
- ForumVirus rootkit win32 agen help
- Voir plus
