Metajan trojan Comment le supprimer rappor avec hijackthis
Dernière réponse : dans Sécurité
Voila j'ai installé un programme et il c'est averé que c'etait un virus.
j'ai fait un scan avec norton et j'ai trouvé pas male truck et de trojan dont meajuan![:cry:]( ":cry:")
j'ai fit plusieur recherche et j'ai fais un scan avec
hijackthis voila ce qu'il me dit :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:04, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [bc753c5a] rundll32.exe "C:\WINDOWS\system32\opptgdiv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\smat\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstal...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: nfkzgu.dll ealazw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9070 bytes
je crois que c'est la démarche a suivre mais je ne suis pas sure aider moi S.V.P !!!
j'ai fait un scan avec norton et j'ai trouvé pas male truck et de trojan dont meajuan
j'ai fit plusieur recherche et j'ai fais un scan avec hijackthis voila ce qu'il me dit :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:04, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [bc753c5a] rundll32.exe "C:\WINDOWS\system32\opptgdiv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\smat\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstal...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: nfkzgu.dll ealazw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9070 bytes
je crois que c'est la démarche a suivre mais je ne suis pas sure aider moi S.V.P !!!
Autres pages sur : metajan trojan supprimer rappor hijackthis
Lassé par la pub ? Créez un compte
bonsoir
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Un bonjour ?
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Voila le rapport de malwarebyte :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1270
Windows 5.1.2600 Service Pack 2
15/10/2008 07:42:02
mbam-log-2008-10-15 (07-41-54).txt
Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 183284
Temps écoulé: 1 hour(s), 59 minute(s), 13 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 47
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mguahovo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xxyvwTli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRHxutR.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c40d54ef-a0ee-40f9-ab47-62e18c16914e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c40d54ef-a0ee-40f9-ab47-62e18c16914e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhxutr (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77f69c64-970e-41ad-9f8a-96a307251116} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77f69c64-970e-41ad-9f8a-96a307251116} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc753c5a (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyvwtli -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvwtli -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyvwTli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ilTwvyxx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ilTwvyxx.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mguahovo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ovohaugm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRHxutR.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Everest Poker\casino.exe (Adware.Adorable casino) -> No action taken.
C:\Program Files\Everest Poker\gvcrt.dll (Adware.Adorable casino) -> No action taken.
C:\Program Files\Everest Poker\gvmain.exe (Adware.Adorable casino) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\3GVQG3FZ\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\DM4SJFNV\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\M7CH14PK\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\smat\Local Settings\Temporary Internet Files\Content.IE5\TWMHLJYR\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\btswebya.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dvcbbn.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbfcbbnl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mspxunqe.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwotuu.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uifkllep.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayXrsts.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP329\A0159852.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP329\A0159853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP330\A0160942.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP332\A0162140.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP332\A0162141.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162340.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162332.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162334.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162335.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162337.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162338.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162339.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\otvnvwee.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qladstuk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnlIcB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBrsPij.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtusspq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUkIAQH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xwtehx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yaywxvss.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iiffDsSj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXQHyay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJbCVlM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDWPGV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnNFwUl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuvspPjK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\holtrbsh.dll (Trojan.Vundo) -> No action taken.
et voila celui de combofix:
ComboFix 08-10-12.01 - smat 2008-10-15 12:30:51.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1566 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\smat\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\smat\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 21:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 22:59 . 2008-10-13 23:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-13 22:50 . 2008-10-13 22:50 <REP> d-------- C:\_OTMoveIt
2008-10-13 22:48 . 2008-10-13 22:56 <REP> d-------- C:\Documents and Settings\smat\.SunDownloadManager
2008-10-13 22:34 . 2008-10-13 22:34 <REP> d-------- C:\VundoFix Backups
2008-10-13 21:34 . 2008-10-13 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-10-11 19:49 . 2008-10-11 19:49 <REP> d-------- C:\Program Files\uTorrent
2008-10-09 20:02 . 2008-10-09 20:02 <REP> d-------- C:\Program Files\K!TV
2008-10-05 21:58 . 2008-10-11 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-10-05 21:55 . 2008-10-05 21:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-10-05 20:48 . 2008-10-05 21:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-09-28 10:21 . 2008-09-28 10:21 <REP> d-------- C:\Documents and Settings\smat\Application Data\ItsLabel
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:32 27,826,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 05:43 326,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 05:42 --------- d-----w C:\Program Files\Everest Poker
2008-10-14 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 19:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-14 19:33 --------- d-----w C:\Documents and Settings\smat\Application Data\Symantec
2008-10-14 18:57 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 18:56 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-14 17:51 --------- d-----w C:\Program Files\Symantec
2008-10-13 21:13 --------- d-----w C:\Program Files\MultiMedia France Toolbar
2008-10-13 19:59 3,310,157 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-12 19:26 --------- d-----w C:\Documents and Settings\smat\Application Data\uTorrent
2008-10-12 07:58 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
2008-10-12 07:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-11 22:06 --------- d-----w C:\Documents and Settings\smat\Application Data\EoRezo
2008-10-11 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 21:51 --------- d-----w C:\Program Files\Conquete 2.0
2008-10-11 21:45 --------- d-----w C:\Program Files\EA SPORTS
2008-10-11 16:33 --------- d-----w C:\Program Files\eMule
2008-10-11 11:44 --------- d-----w C:\Program Files\WarRock
2008-10-10 20:32 --------- d-----w C:\Documents and Settings\smat\Application Data\Xfire
2008-10-09 14:36 --------- d-----w C:\Program Files\Xfire
2008-10-06 10:42 --------- d-----w C:\Program Files\FlashGet
2008-09-27 21:28 --------- d-----w C:\Program Files\EoRezo
2008-09-06 06:09 --------- d-----w C:\Program Files\LogMeIn
2008-09-04 19:28 --------- d-----w C:\Program Files\VirtualDJ
2008-09-04 19:25 --------- d-----w C:\Program Files\DJ Mix Lite
2008-09-03 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-09-01 08:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 10:45 --------- d-----w C:\Documents and Settings\smat\Application Data\teamspeak2
2008-08-17 09:26 --------- d-----w C:\Documents and Settings\smat\Application Data\Ubisoft
2008-08-17 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-17 09:05 --------- d-----w C:\Program Files\Ubisoft
2008-08-16 17:30 --------- d-----w C:\Program Files\ManyCam 2.3
2008-08-16 17:28 --------- d-----w C:\Program Files\ManyCam 2.2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-25 15:36 22,328 ----a-w C:\Documents and Settings\smat\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-13_22.07.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-13 20:59:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-10-13 20:59:37 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-10-13 20:59:37 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-10-13 20:59:39 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-10-13 20:59:39 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-10-13 20:59:38 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 98304]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-18 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nfkzgu.dll ealazw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 12:58 94208 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 19:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21335:TCP"= 21335:TCP:BitComet 21335 TCP
"21335:UDP"= 21335:UDP:BitComet 21335 UDP
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29e5ccf-ca50-11dc-84a1-000d0bffd1f9}]
\Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - K:\Directx\dxsetup.exe
*Newly Created Service* - CATCHME
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\smat\Application Data\Mozilla\Firefox\Profiles\xdz70uw6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 12:32:03
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-15 12:33:11
ComboFix-quarantined-files.txt 2008-10-15 10:33:06
ComboFix2.txt 2008-10-15 05:53:18
ComboFix3.txt 2008-10-14 19:42:13
ComboFix4.txt 2008-10-13 20:33:05
ComboFix5.txt 2008-10-15 10:30:38
Avant-CF: 148 264 988 672 octets libres
Après-CF: 148,244,111,360 octets libres
189 --- E O F --- 2008-09-10 20:02:01
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1270
Windows 5.1.2600 Service Pack 2
15/10/2008 07:42:02
mbam-log-2008-10-15 (07-41-54).txt
Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 183284
Temps écoulé: 1 hour(s), 59 minute(s), 13 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 47
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mguahovo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xxyvwTli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRHxutR.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c40d54ef-a0ee-40f9-ab47-62e18c16914e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c40d54ef-a0ee-40f9-ab47-62e18c16914e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhxutr (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77f69c64-970e-41ad-9f8a-96a307251116} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77f69c64-970e-41ad-9f8a-96a307251116} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc753c5a (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20d23232-aed6-490d-a3c2-f08ba539a1fe} (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyvwtli -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvwtli -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyvwTli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ilTwvyxx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ilTwvyxx.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mguahovo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ovohaugm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRHxutR.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Everest Poker\casino.exe (Adware.Adorable casino) -> No action taken.
C:\Program Files\Everest Poker\gvcrt.dll (Adware.Adorable casino) -> No action taken.
C:\Program Files\Everest Poker\gvmain.exe (Adware.Adorable casino) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\3GVQG3FZ\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\DM4SJFNV\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\célya\Local Settings\Temporary Internet Files\Content.IE5\M7CH14PK\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\smat\Local Settings\Temporary Internet Files\Content.IE5\TWMHLJYR\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\btswebya.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dvcbbn.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbfcbbnl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mspxunqe.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwotuu.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uifkllep.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayXrsts.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP329\A0159852.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP329\A0159853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP330\A0160942.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP332\A0162140.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP332\A0162141.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162340.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162332.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162334.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162335.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162337.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162338.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162339.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\otvnvwee.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qladstuk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnlIcB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBrsPij.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtusspq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUkIAQH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xwtehx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yaywxvss.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iiffDsSj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXQHyay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJbCVlM.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDWPGV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnNFwUl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuvspPjK.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\holtrbsh.dll (Trojan.Vundo) -> No action taken.
et voila celui de combofix:
ComboFix 08-10-12.01 - smat 2008-10-15 12:30:51.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1566 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\smat\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\smat\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 21:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 22:59 . 2008-10-13 23:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-13 22:50 . 2008-10-13 22:50 <REP> d-------- C:\_OTMoveIt
2008-10-13 22:48 . 2008-10-13 22:56 <REP> d-------- C:\Documents and Settings\smat\.SunDownloadManager
2008-10-13 22:34 . 2008-10-13 22:34 <REP> d-------- C:\VundoFix Backups
2008-10-13 21:34 . 2008-10-13 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-10-11 19:49 . 2008-10-11 19:49 <REP> d-------- C:\Program Files\uTorrent
2008-10-09 20:02 . 2008-10-09 20:02 <REP> d-------- C:\Program Files\K!TV
2008-10-05 21:58 . 2008-10-11 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-10-05 21:55 . 2008-10-05 21:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-10-05 20:48 . 2008-10-05 21:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-09-28 10:21 . 2008-09-28 10:21 <REP> d-------- C:\Documents and Settings\smat\Application Data\ItsLabel
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:32 27,826,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 05:43 326,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 05:42 --------- d-----w C:\Program Files\Everest Poker
2008-10-14 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 19:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-14 19:33 --------- d-----w C:\Documents and Settings\smat\Application Data\Symantec
2008-10-14 18:57 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 18:56 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-14 17:51 --------- d-----w C:\Program Files\Symantec
2008-10-13 21:13 --------- d-----w C:\Program Files\MultiMedia France Toolbar
2008-10-13 19:59 3,310,157 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-12 19:26 --------- d-----w C:\Documents and Settings\smat\Application Data\uTorrent
2008-10-12 07:58 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
2008-10-12 07:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-11 22:06 --------- d-----w C:\Documents and Settings\smat\Application Data\EoRezo
2008-10-11 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 21:51 --------- d-----w C:\Program Files\Conquete 2.0
2008-10-11 21:45 --------- d-----w C:\Program Files\EA SPORTS
2008-10-11 16:33 --------- d-----w C:\Program Files\eMule
2008-10-11 11:44 --------- d-----w C:\Program Files\WarRock
2008-10-10 20:32 --------- d-----w C:\Documents and Settings\smat\Application Data\Xfire
2008-10-09 14:36 --------- d-----w C:\Program Files\Xfire
2008-10-06 10:42 --------- d-----w C:\Program Files\FlashGet
2008-09-27 21:28 --------- d-----w C:\Program Files\EoRezo
2008-09-06 06:09 --------- d-----w C:\Program Files\LogMeIn
2008-09-04 19:28 --------- d-----w C:\Program Files\VirtualDJ
2008-09-04 19:25 --------- d-----w C:\Program Files\DJ Mix Lite
2008-09-03 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-09-01 08:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 10:45 --------- d-----w C:\Documents and Settings\smat\Application Data\teamspeak2
2008-08-17 09:26 --------- d-----w C:\Documents and Settings\smat\Application Data\Ubisoft
2008-08-17 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-17 09:05 --------- d-----w C:\Program Files\Ubisoft
2008-08-16 17:30 --------- d-----w C:\Program Files\ManyCam 2.3
2008-08-16 17:28 --------- d-----w C:\Program Files\ManyCam 2.2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-25 15:36 22,328 ----a-w C:\Documents and Settings\smat\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-13_22.07.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-13 20:59:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-10-13 20:59:37 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-10-13 20:59:37 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-10-13 20:59:39 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-10-13 20:59:39 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-10-13 20:59:38 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 98304]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-18 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nfkzgu.dll ealazw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 12:58 94208 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 19:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21335:TCP"= 21335:TCP:BitComet 21335 TCP
"21335:UDP"= 21335:UDP:BitComet 21335 UDP
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29e5ccf-ca50-11dc-84a1-000d0bffd1f9}]
\Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - K:\Directx\dxsetup.exe
*Newly Created Service* - CATCHME
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\smat\Application Data\Mozilla\Firefox\Profiles\xdz70uw6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 12:32:03
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-15 12:33:11
ComboFix-quarantined-files.txt 2008-10-15 10:33:06
ComboFix2.txt 2008-10-15 05:53:18
ComboFix3.txt 2008-10-14 19:42:13
ComboFix4.txt 2008-10-13 20:33:05
ComboFix5.txt 2008-10-15 10:30:38
Avant-CF: 148 264 988 672 octets libres
Après-CF: 148,244,111,360 octets libres
189 --- E O F --- 2008-09-10 20:02:01
Re,
Bon je fais le script alors![:D]( ":D")
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
![]()
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
Bon je fais le script alors
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Folder::
C:\Program Files\MultiMedia France Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
C:\Program Files\MultiMedia France Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
voila le rapport combofix :
ComboFix 08-10-12.01 - smat 2008-10-15 12:56:49.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1507 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\smat\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\smat\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\smat\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 21:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 22:59 . 2008-10-13 23:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-13 22:50 . 2008-10-13 22:50 <REP> d-------- C:\_OTMoveIt
2008-10-13 22:48 . 2008-10-13 22:56 <REP> d-------- C:\Documents and Settings\smat\.SunDownloadManager
2008-10-13 22:34 . 2008-10-13 22:34 <REP> d-------- C:\VundoFix Backups
2008-10-13 21:34 . 2008-10-13 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-10-11 19:49 . 2008-10-11 19:49 <REP> d-------- C:\Program Files\uTorrent
2008-10-09 20:02 . 2008-10-09 20:02 <REP> d-------- C:\Program Files\K!TV
2008-10-05 21:58 . 2008-10-11 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-10-05 21:55 . 2008-10-05 21:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-10-05 20:48 . 2008-10-05 21:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-09-28 10:21 . 2008-09-28 10:21 <REP> d-------- C:\Documents and Settings\smat\Application Data\ItsLabel
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:58 27,918,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 05:43 326,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 05:42 --------- d-----w C:\Program Files\Everest Poker
2008-10-14 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 19:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-14 19:33 --------- d-----w C:\Documents and Settings\smat\Application Data\Symantec
2008-10-14 18:57 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 18:56 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-14 17:51 --------- d-----w C:\Program Files\Symantec
2008-10-13 19:59 3,310,157 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-12 19:26 --------- d-----w C:\Documents and Settings\smat\Application Data\uTorrent
2008-10-12 07:58 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
2008-10-12 07:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-11 22:06 --------- d-----w C:\Documents and Settings\smat\Application Data\EoRezo
2008-10-11 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 21:51 --------- d-----w C:\Program Files\Conquete 2.0
2008-10-11 21:45 --------- d-----w C:\Program Files\EA SPORTS
2008-10-11 16:33 --------- d-----w C:\Program Files\eMule
2008-10-11 11:44 --------- d-----w C:\Program Files\WarRock
2008-10-10 20:32 --------- d-----w C:\Documents and Settings\smat\Application Data\Xfire
2008-10-09 14:36 --------- d-----w C:\Program Files\Xfire
2008-10-06 10:42 --------- d-----w C:\Program Files\FlashGet
2008-09-27 21:28 --------- d-----w C:\Program Files\EoRezo
2008-09-06 06:09 --------- d-----w C:\Program Files\LogMeIn
2008-09-04 19:28 --------- d-----w C:\Program Files\VirtualDJ
2008-09-04 19:25 --------- d-----w C:\Program Files\DJ Mix Lite
2008-09-03 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-09-01 08:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 10:45 --------- d-----w C:\Documents and Settings\smat\Application Data\teamspeak2
2008-08-17 09:26 --------- d-----w C:\Documents and Settings\smat\Application Data\Ubisoft
2008-08-17 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-17 09:05 --------- d-----w C:\Program Files\Ubisoft
2008-08-16 17:30 --------- d-----w C:\Program Files\ManyCam 2.3
2008-08-16 17:28 --------- d-----w C:\Program Files\ManyCam 2.2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-25 15:36 22,328 ----a-w C:\Documents and Settings\smat\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-13_22.07.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-13 20:59:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-10-13 20:59:37 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-10-13 20:59:37 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-10-13 20:59:39 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-10-13 20:59:39 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-10-13 20:59:38 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 98304]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-18 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 12:58 94208 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 19:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21335:TCP"= 21335:TCP:BitComet 21335 TCP
"21335:UDP"= 21335:UDP:BitComet 21335 UDP
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29e5ccf-ca50-11dc-84a1-000d0bffd1f9}]
\Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - K:\Directx\dxsetup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 12:58:01
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-15 12:59:02
ComboFix-quarantined-files.txt 2008-10-15 10:58:59
ComboFix2.txt 2008-10-15 10:33:12
ComboFix3.txt 2008-10-15 05:53:18
ComboFix4.txt 2008-10-14 19:42:13
ComboFix5.txt 2008-10-15 10:56:20
Avant-CF: 148 199 047 168 octets libres
Après-CF: 148,187,889,664 octets libres
189 --- E O F --- 2008-09-10 20:02:01
et celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:23, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\smat\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstal...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9380 bytes
ComboFix 08-10-12.01 - smat 2008-10-15 12:56:49.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1507 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\smat\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\smat\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\smat\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-10-14 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 21:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 21:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 22:59 . 2008-10-13 23:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-13 22:50 . 2008-10-13 22:50 <REP> d-------- C:\_OTMoveIt
2008-10-13 22:48 . 2008-10-13 22:56 <REP> d-------- C:\Documents and Settings\smat\.SunDownloadManager
2008-10-13 22:34 . 2008-10-13 22:34 <REP> d-------- C:\VundoFix Backups
2008-10-13 21:34 . 2008-10-13 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-10-11 19:49 . 2008-10-11 19:49 <REP> d-------- C:\Program Files\uTorrent
2008-10-09 20:02 . 2008-10-09 20:02 <REP> d-------- C:\Program Files\K!TV
2008-10-05 21:58 . 2008-10-11 10:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-10-05 21:55 . 2008-10-05 21:57 <REP> d-------- C:\Program Files\TmNationsForever
2008-10-05 20:48 . 2008-10-05 21:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-09-28 10:21 . 2008-09-28 10:21 <REP> d-------- C:\Documents and Settings\smat\Application Data\ItsLabel
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:58 27,918,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 05:43 326,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 05:42 --------- d-----w C:\Program Files\Everest Poker
2008-10-14 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 19:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-14 19:33 --------- d-----w C:\Documents and Settings\smat\Application Data\Symantec
2008-10-14 18:57 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 18:56 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-14 17:51 --------- d-----w C:\Program Files\Symantec
2008-10-13 19:59 3,310,157 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-12 19:26 --------- d-----w C:\Documents and Settings\smat\Application Data\uTorrent
2008-10-12 07:58 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
2008-10-12 07:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-11 22:06 --------- d-----w C:\Documents and Settings\smat\Application Data\EoRezo
2008-10-11 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 21:51 --------- d-----w C:\Program Files\Conquete 2.0
2008-10-11 21:45 --------- d-----w C:\Program Files\EA SPORTS
2008-10-11 16:33 --------- d-----w C:\Program Files\eMule
2008-10-11 11:44 --------- d-----w C:\Program Files\WarRock
2008-10-10 20:32 --------- d-----w C:\Documents and Settings\smat\Application Data\Xfire
2008-10-09 14:36 --------- d-----w C:\Program Files\Xfire
2008-10-06 10:42 --------- d-----w C:\Program Files\FlashGet
2008-09-27 21:28 --------- d-----w C:\Program Files\EoRezo
2008-09-06 06:09 --------- d-----w C:\Program Files\LogMeIn
2008-09-04 19:28 --------- d-----w C:\Program Files\VirtualDJ
2008-09-04 19:25 --------- d-----w C:\Program Files\DJ Mix Lite
2008-09-03 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-09-01 08:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 10:45 --------- d-----w C:\Documents and Settings\smat\Application Data\teamspeak2
2008-08-17 09:26 --------- d-----w C:\Documents and Settings\smat\Application Data\Ubisoft
2008-08-17 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-17 09:05 --------- d-----w C:\Program Files\Ubisoft
2008-08-16 17:30 --------- d-----w C:\Program Files\ManyCam 2.3
2008-08-16 17:28 --------- d-----w C:\Program Files\ManyCam 2.2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-25 15:36 22,328 ----a-w C:\Documents and Settings\smat\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-13_22.07.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-13 20:59:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-10-13 20:59:37 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-10-13 20:59:37 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-10-13 20:59:39 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-10-13 20:59:39 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-10-13 20:59:38 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-24 23:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 98304]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-18 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 12:58 94208 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 19:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Personnel 2007.SP1\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21335:TCP"= 21335:TCP:BitComet 21335 TCP
"21335:UDP"= 21335:UDP:BitComet 21335 UDP
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29e5ccf-ca50-11dc-84a1-000d0bffd1f9}]
\Shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - K:\Directx\dxsetup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 12:58:01
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-15 12:59:02
ComboFix-quarantined-files.txt 2008-10-15 10:58:59
ComboFix2.txt 2008-10-15 10:33:12
ComboFix3.txt 2008-10-15 05:53:18
ComboFix4.txt 2008-10-14 19:42:13
ComboFix5.txt 2008-10-15 10:56:20
Avant-CF: 148 199 047 168 octets libres
Après-CF: 148,187,889,664 octets libres
189 --- E O F --- 2008-09-10 20:02:01
et celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:23, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\smat\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstal...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9380 bytes
Re,
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
voila le rapport avec panda activescan 2.0 :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-16 22:39:20
PROTECTIONS: 1
MALWARE: 53
SUSPECTS: 8
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.473.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@mediaplex[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@xiti[2].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fe.lea.lycos[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@888[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@media.adrevolver[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@zedo[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@int.sitestat[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@int.sitestat[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@searchportal.information[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@did-it[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@www1.addfreestats[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP338\A0163408.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP334\A0162372.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP336\A0162453.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@enhance[2].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP336\A0162438.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP337\A0163387.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162345.sys
03445560 Adware/Lop Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
03448800 Adware/Lop Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
03625222 Adware/Popuper Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\BitP.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\smat\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03806616 Adware/NaviPromo Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c003372D.dat.vir
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP339\A0163481.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location ܮ
;===================================================================================================================================================================================
No C:\Documents and Settings\smat\Bureau\ComboFix.exe[32788R22FWJFW\psexec.cfexe] ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\drhsvgqv.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\ealazw.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\jragulvd.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\lkloaobt.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\nfkzgu.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\opptgdiv.dll.vir ܮ
No I:\msdownld.tmp\IXP000.TMP\Setup_ver1.1808.0.exe ܮ
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ܮ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-16 22:39:20
PROTECTIONS: 1
MALWARE: 53
SUSPECTS: 8
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.473.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@mediaplex[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@xiti[2].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fe.lea.lycos[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@888[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@media.adrevolver[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@zedo[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@int.sitestat[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@int.sitestat[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@searchportal.information[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@did-it[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Application Data\Mozilla\Firefox\Profiles\9thit057.default\cookies.txt[.smartadserver.com/]
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\célya\Cookies\célya@www1.addfreestats[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP338\A0163408.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP334\A0162372.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP336\A0162453.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\smat\Cookies\smat@enhance[2].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP336\A0162438.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP337\A0163387.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP333\A0162345.sys
03445560 Adware/Lop Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
03448800 Adware/Lop Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
03625222 Adware/Popuper Adware No 0 Yes No C:\Program Files\BitTorrent Fastest Tool\BitP.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\smat\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03806616 Adware/NaviPromo Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c003372D.dat.vir
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{74E5A79A-EC5C-4068-ABF9-6A20D5577D0D}\RP339\A0163481.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location ܮ
;===================================================================================================================================================================================
No C:\Documents and Settings\smat\Bureau\ComboFix.exe[32788R22FWJFW\psexec.cfexe] ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\drhsvgqv.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\ealazw.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\jragulvd.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\lkloaobt.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\nfkzgu.dll.vir ܮ
No C:\Qoobox\Quarantine\C\WINDOWS\system32\opptgdiv.dll.vir ܮ
No I:\msdownld.tmp\IXP000.TMP\Setup_ver1.1808.0.exe ܮ
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ܮ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[résolu] Virus ou trojan (hijackthis)
- Forum[résolu] Trojan impossible à supprimer
- ForumAnalyse hijackthis Trojan
- ForumVirus trojan ADH comment le supprimer ?? [RESOLU]
- ForumSupprimer Virus Trojan Win32/sefnit.g
- ForumHttp://www infos-du-net com/forum/163892-11-virus-trojan-supprimer
- ForumRapport hijackthis / Quelles lignes supprimer ? [Résolu]
- ForumAnalyser un rapport Hijackthis & supprimer pages de pub intempestives
- ForumComment supprimer un virus trojan
- Voir plus
