virussecureexpertcleaner
Forum Sécurité - Virus : virussecureexpertcleaner
salut quelqu'un peut-il m'aider a me debarrasser du virus secureexpert cleaner.merci
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Salut angel dark merci de me venir en aide. je te poste le rapportLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:38, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\hphmon04.exe
C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\fred\LOCALS~1\Temp\a.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\DOCUME~1\fred\LOCALS~1\Temp\~tmpd.exe
C:\WINDOWS\system32\nc45f4EY.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fred\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffe [...] ftPane.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system\winlogin.cmd
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Shell] C:\WINDOWS\system\winlogin.cmd
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\fred\LOCALS~1\Temp\a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 6439541749
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/co [...] Player.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility [...] tility.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FD9480-B7CC-46EF-AADC-FA5C099F7F86}: NameServer = 10.5.65.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Panda Software Controller - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 9354 bytes
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Salut angel merci pour ton aide mon virus n'est plus présent dans l'ordi. je te poste le rapportC:\Program Files\INSTALL.LOG
C:\Program Files\instant access
C:\Program Files\instant access\Center\Acces-Sex.lnk
C:\Program Files\instant access\Center\InstantAccess.lnk
C:\Program Files\instant access\Center\NoCreditCardGay.lnk
C:\Program Files\instant access\DesktopIcons\Acces-Sex.lnk
C:\Program Files\instant access\Multi\20060401090449\Common\module.php
C:\Program Files\instant access\Multi\20060401090449\dialerexe.ini
C:\Program Files\instant access\Multi\20060401090449\js\js_api_dialer.php
C:\Program Files\instant access\Multi\20060401090449\medias\3804_dialer.ico
C:\Program Files\instant access\Multi\20060401090449\medias\button1.gif
C:\Program Files\instant access\Multi\20060401090449\medias\button2.gif
C:\Program Files\instant access\Multi\20060401090449\medias\button3.gif
C:\Program Files\instant access\Multi\20060401090449\medias\button4.gif
C:\Program Files\instant access\P2E\2004012817\Common\module.php
C:\Program Files\instant access\P2E\2004012817\Common\show_module.php
C:\Program Files\instant access\P2E\2004012817\ExitTraffic\exit.php
C:\Program Files\instant access\P2E\2004012817\img\banner.bmp
C:\Program Files\instant access\P2E\2004012817\img\ncc.ico
C:\Program Files\instant access\P2E\2004012817\img\p2e_1.bmp
C:\Program Files\instant access\P2E\2004012817\img\p2e_2.bmp
C:\Program Files\instant access\P2E\2004012817\img\p2e_go.bmp
C:\Program Files\instant access\P2E\2004012817\img\p2e_icon.bmp
C:\Program Files\instant access\P2E\2004012817\img\p2e_logo.bmp
C:\Program Files\instant access\P2E\2004012817\index.htm
C:\Program Files\instant access\P2E\2004012817\inv_frame.php
C:\Program Files\instant access\P2E\2004012817\mainframe.php
C:\Program Files\instant access\P2E\2004020221\Common\module.php
C:\Program Files\instant access\P2E\2004020221\Common\show_module.php
C:\Program Files\instant access\P2E\2004020221\ExitTraffic\exit.php
C:\Program Files\instant access\P2E\2004020221\img\index_01.bmp
C:\Program Files\instant access\P2E\2004020221\img\index_02.bmp
C:\Program Files\instant access\P2E\2004020221\img\index_05.bmp
C:\Program Files\instant access\P2E\2004020221\img\index_06.bmp
C:\Program Files\instant access\P2E\2004020221\img\index_07.bmp
C:\Program Files\instant access\P2E\2004020221\img\ncc.ico
C:\Program Files\instant access\P2E\2004020221\img\p2e_1.bmp
C:\Program Files\instant access\P2E\2004020221\img\p2e_2.bmp
C:\Program Files\instant access\P2E\2004020221\img\p2e_go.bmp
C:\Program Files\instant access\P2E\2004020221\img\p2e_icon.bmp
C:\Program Files\instant access\P2E\2004020221\img\p2e_logo.bmp
C:\Program Files\instant access\P2E\2004020221\index.htm
C:\WINDOWS\system\kl.dll
C:\WINDOWS\system\msn.dat
C:\WINDOWS\system\msn.dll
C:\WINDOWS\system\svchost.dat
C:\WINDOWS\system32\drivers\Hjf39.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\nc45f4EY.exe.a_a
C:\WINDOWS\system32\RunOnce.tmp
C:\WINDOWS\tmlpcert2007
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HJF39
-------\Service_HJF39
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 ))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:12 . 2008-11-01 14:12 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-11-01 11:42 . 2008-11-01 11:42 60,928 --a------ C:\WINDOWS\system32\nc45f4EY.exe
2008-10-31 20:58 . 2008-10-31 20:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-31 20:58 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-31 20:58 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-31 15:14 . 2008-10-31 15:14 <REP> d-------- C:\Documents and Settings\fred\Application Data\Malwarebytes
2008-10-31 15:14 . 2008-10-31 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-31 03:08 . 2008-10-31 03:08 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-31 03:07 . 2008-10-31 03:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-29 12:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-29 12:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-29 12:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-29 12:07 . 2008-10-29 12:07 <REP> d-------- C:\Program Files\Windows Live
2008-10-29 12:07 . 2008-10-29 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-24 16:07 . 2008-10-30 19:17 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-24 15:54 . 2008-06-14 18:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-24 15:32 . 2008-05-01 15:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-23 11:12 . 2008-10-23 12:41 <REP> d-------- C:\Documents and Settings\fred\Application Data\U3
2008-10-20 18:11 . 2008-10-20 18:11 <REP> d-------- C:\Documents and Settings\fred\Application Data\DivX
2008-10-20 17:45 . 2008-10-20 17:45 <REP> d-------- C:\Sounds
2008-10-19 08:24 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-19 08:24 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-19 08:24 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-19 08:23 . 2008-10-19 08:23 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-19 08:19 . 2008-10-19 08:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-19 08:15 . 2008-10-19 08:15 <REP> d-------- C:\Program Files\LG Electronics
2008-10-19 08:15 . 2008-01-09 09:22 83,584 --a------ C:\WINDOWS\system32\drivers\lgmcbus.sys
2008-10-19 08:15 . 2008-01-09 09:22 12,160 --a------ C:\WINDOWS\system32\drivers\lgmcwhnt.sys
2008-10-19 08:15 . 2008-01-09 09:22 12,160 --a------ C:\WINDOWS\system32\drivers\lgmcwh.sys
2008-10-19 08:11 . 2008-10-19 08:11 <REP> d-------- C:\Documents and Settings\fred\Application Data\LG Electronics
2008-10-19 08:09 . 2007-09-28 18:56 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 14:32 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-30 22:54 --------- d-----w C:\Program Files\AxBx
2008-10-26 22:26 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-10-26 21:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-26 21:39 --------- d-----w C:\Program Files\eMule
2008-10-26 21:38 --------- d-----w C:\Program Files\DivX
2008-09-23 11:02 --------- d-----w C:\Program Files\Micro Application
2008-09-23 11:02 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-07 14:40 --------- d-----w C:\Documents and Settings\fred\Application Data\Gaijin Ent
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-06-08 17:43 51,784 ------w C:\Documents and Settings\fred\Application Data\GDIPFONTCACHEV1.DAT
2006-03-20 08:37 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-02-08 16:57 1,096,495 ----a-w C:\Program Files\wrar330fr.exe
2004-01-18 16:02 0 ---h--w C:\Documents and Settings\fred\hpothb07.dat
2003-11-11 17:33 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-11-11 17:33 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"XTNDConnect PC - ErPhn2"="C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe" [2003-02-13 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-20 98304]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-04-22 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-04-22 69632]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-06-14 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-06-14 544768]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PCTVOICE"="pctspk.exe" [2002-03-10 C:\WINDOWS\system32\pctspk.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-03 68856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax
"msacm.avis"= C:\PROGRA~1\ffdshow\ffdshow.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=C:\WINDOWS\pss\WiFi Station.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f938b410-a0ea-11dd-a582-0040d0469131}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-02 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-01 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-02 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-02 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-02 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-01 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-30 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-10-31 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\nc45f4EY.exe [2008-11-01 11:42]
2008-11-02 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 20:50]
2008-11-02 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 20:50]
2008-10-30 C:\WINDOWS\Tasks\WebReg 20040308183626.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-SITEguard - (no file)
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://home.sweetim.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{65FD9480-B7CC-46EF-AADC-FA5C099F7F86}: NameServer = 10.5.65.254
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab
C:\WINDOWS\Downloaded Program Files\SMILViewer_DX6.inf
C:\WINDOWS\System32\l3codecx.ax
C:\WINDOWS\System32\QEdit.dll
C:\WINDOWS\scroll.bmp
C:\WINDOWS\System32\Pal.dll
C:\WINDOWS\System32\ErrorHandler.dll
C:\WINDOWS\System32\MCS.dll
C:\WINDOWS\Downloaded Program Files\xmltok.dll
C:\WINDOWS\Downloaded Program Files\xmlparse.dll
C:\WINDOWS\Downloaded Program Files\coltrans.ax
C:\WINDOWS\Downloaded Program Files\WBMPSource.ax
C:\WINDOWS\Downloaded Program Files\PNGSource.ax
C:\WINDOWS\System32\Mpeg4DSF.dll
C:\WINDOWS\System32\Mpeg4Tools.dll
C:\WINDOWS\System32\Mpeg4System.dll
C:\WINDOWS\Downloaded Program Files\MelodySourceParser.ax
C:\WINDOWS\System32\AMRDSF.dll
C:\WINDOWS\System32\AMR.dll
C:\WINDOWS\Downloaded Program Files\scg.ax
C:\WINDOWS\Downloaded Program Files\HtmlParser.dll
C:\WINDOWS\Downloaded Program Files\HTMLSourceFilter.ax
C:\WINDOWS\Downloaded Program Files\VideoCompositor.ax
C:\WINDOWS\Downloaded Program Files\StreamControl.ax
C:\WINDOWS\Downloaded Program Files\DownloadersWI.dll
C:\WINDOWS\Downloaded Program Files\Parsers.dll
C:\WINDOWS\Downloaded Program Files\PlayerServer.dll
C:\WINDOWS\Downloaded Program Files\MPO.dll
C:\WINDOWS\Downloaded Program Files\CoreExecutive.dll
C:\WINDOWS\Downloaded Program Files\SMILInetCtrl.dll
C:\WINDOWS\Downloaded Program Files\RegType_IE.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 15:27:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hphipm11.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-11-02 15:49:36 - La machine a redémarré [fred]
ComboFix-quarantined-files.txt 2008-11-02 14:49:22
Avant-CF: 4,458,246,144 octets libres
Après-CF: 4,709,011,456 octets libres
303 --- E O F --- 2008-11-02 09:56:39
Le rapport n'est pas complet.
Répondre à Angeldark
A bon je pensais avoir tout mis... comment je fais pour avoir le rapport a nouveau?
C:\combofix.txt
Répondre à Angeldark
Il y a 677 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
