Tom's Guide > Forum > Sécurité - Virus > Virus Msn

Virus Msn

Forum Sécurité - Virus : Virus Msn

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
player91   16-12-2008 à 22:34:42

Bonjour a tous j'ai chopé un virus via msn en ouvrant comme un con un doc envoyé par le virus d'un de mes amis :p

Voila je m'y connais pas du tout, j'ai juste fait un scan highjack que tout le monde fait, pouvez vous me dire ou est le virus?merci beaucoup!!

Logfile of HijackThis v1.99.1
Scan saved at 22:34:12, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 5992968312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3641815765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: eumvzy.dll bkytfq.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   17-12-2008 à 12:50:57
- 0 +

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   18-12-2008 à 16:09:45
- 0 +

Voila le résultat du scan :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1511
Windows 5.1.2600 Service Pack 3

17/12/2008 23:33:49
mbam-log-2008-12-17 (23-33-43).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 508717
Temps écoulé: 3 hour(s), 38 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXQkllL.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mrcoff.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\urqQjjhg.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{563fa337-3324-4655-b8ba-9fd8698ae055} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{563fa337-3324-4655-b8ba-9fd8698ae055} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqjjhg (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9198ed8-aa60-4fae-a773-a597adf87dbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9198ed8-aa60-4fae-a773-a597adf87dbf} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c0597ae (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxqklll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxqklll -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\mrcoff.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\urqQjjhg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cbXQkllL.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LllkQXbc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LllkQXbc.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mnyconrb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\brnocynm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tjtfqchg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ghcqftjt.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Antoine\Local Settings\Temporary Internet Files\Content.IE5\11Z5WWUP\kb600179[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Antoine\Local Settings\Temporary Internet Files\Content.IE5\6KO2XX4N\wax[1].jpg (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Antoine\Local Settings\Temporary Internet Files\Content.IE5\8ETUHDZ7\index[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP317\A0175037.dll (Rogue.MessengerSkinner) -> No action taken.

Répondre à player91
Angeldark   18-12-2008 à 17:22:43
- 0 +

Tu as bien supprimé les infections ?


Message édité par Angeldark le 18-12-2008 à 17:24:10
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   18-12-2008 à 19:08:05
- 0 +

oui oui j'ai supprimé les infections en rebootant comme il me l'a demandé mais j'ai l'impression que je l'ai toujours...

Répondre à player91
player91   18-12-2008 à 23:01:39
- 0 +

C'est même pire maintenant mon ordi commence a buger sérieusement!!! plein de fenêtres s'affichent et se referment!!

Répondre à player91
Angeldark   19-12-2008 à 17:47:18
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   19-12-2008 à 18:05:04
- 0 +

Voila:

Logfile of HijackThis v1.99.1
Scan saved at 18:04:47, on 19/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svscs.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Documents and Settings\Antoine\Mes documents\HijackThis.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\MDCrashReportTool.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 5992968312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3641815765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: eumvzy.dll bkytfq.dll mrcoff.dll nlpzgf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


Répondre à player91
Angeldark   19-12-2008 à 19:21:44
- 0 +

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   19-12-2008 à 19:52:53
- 0 +

Voila:

ComboFix 08-12-18.03 - Antoine 2008-12-19 19:38:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.658 [GMT 1:00]
Lancé depuis: c:\documents and settings\Antoine\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\svhost.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\fxstaller.exe
c:\windows\system32\atwsettl
c:\windows\system32\atwsettl\icon1.ico
c:\windows\system32\awtqnljG.dll
c:\windows\system32\bkytfq.dll
c:\windows\system32\bwuiqqim.dll
c:\windows\system32\byXOhFUO.dll
c:\windows\system32\byXqPhIc.dll
c:\windows\system32\cbXOhhHw.dll
c:\windows\system32\cbXOIbbA.dll
c:\windows\system32\ddcApqoo.dll
c:\windows\system32\eumvzy.dll
c:\windows\system32\fccAsRif.dll
c:\windows\system32\fccdbCRH.dll
c:\windows\system32\geBuTjji.dll
c:\windows\system32\hgGwWmno.dll
c:\windows\system32\HjRrCMoq.ini
c:\windows\system32\HjRrCMoq.ini2
c:\windows\system32\iexplore.exe
c:\windows\system32\iiffCULc.dll
c:\windows\system32\imsfnefc.dll
c:\windows\system32\jkkIywUM.dll
c:\windows\system32\jkkJdExW.dll
c:\windows\system32\jkkJDuvw.dll
c:\windows\system32\khfEUmkk.dll
c:\windows\system32\khffgHyw.dll
c:\windows\system32\khfGywvU.dll
c:\windows\system32\ljJBsppn.dll
c:\windows\system32\ljJBusqQ.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdm.exe
c:\windows\system32\miqqiuwb.ini
c:\windows\system32\nlpzgf.dll
c:\windows\system32\nwxuchhf.dll
c:\windows\system32\opnkheCU.dll
c:\windows\system32\opnnkJBq.dll
c:\windows\system32\pmnkIAPg.dll
c:\windows\system32\pmnljJYQ.dll
c:\windows\system32\Process.exe
c:\windows\system32\qoMCrRjH.dll
c:\windows\system32\qoMdAPhf.dll
c:\windows\system32\qoMdCvWM.dll
c:\windows\system32\qoMeEVmN.dll
c:\windows\system32\qoMEurop.dll
c:\windows\system32\qoMgecYq.dll
c:\windows\system32\rqRKDwvW.dll
c:\windows\system32\rqRKEXOI.dll
c:\windows\system32\rqRLcCVO.dll
c:\windows\system32\rqRlLFXo.dll
c:\windows\system32\ssqPfdcA.dll
c:\windows\system32\ssqppOec.dll
c:\windows\system32\sysmgr.exe
c:\windows\system32\tuvTKDWm.dll
c:\windows\system32\tuvUKEww.dll
c:\windows\system32\tuvVMDvT.dll
c:\windows\system32\urqNDTLc.dll
c:\windows\system32\urqNEXon.dll
c:\windows\system32\vtUoLCvV.dll
c:\windows\system32\wvUlmLfG.dll
c:\windows\system32\xxyvsTnl.dll
c:\windows\system32\yaepqgsm.dll
c:\windows\system32\yayaYpNe.dll
c:\windows\system32\yaywtQgH.dll
c:\windows\system32\yxifaajg.dll
c:\windows\Tasks\vrzmywet.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_NTMLSVC
-------\Service_Boonty Games
-------\Service_NtmlSvc


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-19 au 2008-12-19 ))))))))))))))))))))))))))))))))))))
.

2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\documents and settings\Antoine\Application Data\Malwarebytes
2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 19:40 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 19:40 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 18:23 . 2008-12-17 18:23 102,681 --a------ c:\windows\system32\msvcrt2.dll
2008-12-14 22:30 . 2008-12-14 22:29 167,474 ---hs---- c:\windows\system32\svscs.exe
2008-12-14 22:29 . 2008-12-14 22:29 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-14 22:29 . 2008-12-14 22:29 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-14 22:29 . 2008-12-14 22:29 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-14 22:29 . 2008-12-14 22:29 2,560 ---hs---- c:\windows\system32\helpersvscs.exe
2008-12-14 13:19 . 2008-12-14 13:19 <REP> d-------- c:\program files\Auslogics
2008-12-14 13:19 . 2008-12-14 13:19 <REP> d-------- c:\documents and settings\Antoine\Application Data\Auslogics
2008-12-08 15:30 . 2008-12-12 21:42 <REP> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-12-08 15:29 . 2008-12-08 16:21 33 --a------ c:\windows\GunzLauncher.INI
2008-12-08 15:24 . 2008-12-12 21:43 <REP> d-------- c:\program files\MAIET
2008-12-06 17:27 . 2008-12-06 17:27 <REP> d-------- c:\program files\MSECache
2008-12-04 18:51 . 2008-12-04 18:51 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-03 14:07 . 2008-12-03 14:07 <REP> d-------- c:\program files\GameSpy Arcade
2008-12-03 14:04 . 2008-12-05 22:22 <REP> d-------- c:\program files\Postal2STPDemo
2008-12-02 22:41 . 2008-12-02 22:42 <REP> d-------- c:\program files\iTunes
2008-12-02 22:41 . 2008-12-02 22:41 <REP> d-------- c:\program files\iPod
2008-12-02 22:41 . 2008-12-02 22:42 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 18:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-19 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 11:44 --------- d-----w c:\program files\Project64 1.6
2008-12-14 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-04 17:50 --------- d-----w c:\program files\Java
2008-12-02 21:41 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-02 21:40 --------- d-----w c:\program files\QuickTime
2008-12-02 21:36 --------- d-----w c:\program files\Safari
2008-11-20 18:52 --------- d-----w c:\documents and settings\Antoine\Application Data\uTorrent
2008-11-11 12:25 --------- d-----w c:\program files\Hotspot Shield
2008-10-24 15:14 --------- d-----w c:\documents and settings\Antoine\Application Data\LimeWire
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 15:13 --------- d-----w c:\program files\Microsoft Silverlight
2008-04-14 02:34 148,018 --sh--r c:\windows\system32\mldmm.exe
2008-08-31 01:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"nl2plwrk"="c:\windows\system32\svscs.exe" [2008-12-14 167474]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nl2plwrk"="c:\windows\system32\svscs.exe" [2008-12-14 167474]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111 Configuration Utility\WPN111.exe [2006-03-10 491606]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\Incoming\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\filters\\divxconfig.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2005-02-09 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2006-03-10 286720]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys [2006-03-10 43392]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys [2007-04-04 155411]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" []
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2005-03-01 40448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09cab8d5-8307-11dc-9358-00146c0a4410}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be6b18d-ccf1-11dc-9370-00146c0a4410}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6148254b-f58c-11db-9262-00146c0a4410}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b87a1b1-7d75-11dc-9354-00146c0a4410}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54c1b5e-f1cc-11db-925b-00146c0a4410}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-18 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 20:35]

2008-12-12 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2E13FDAA-346C-4E6A-AFB3-9D9ECB8530E9} - (no file)
BHO-{3BED8F85-7332-4291-8E6D-12FBA36A49ED} - (no file)
BHO-{8B515427-1E22-4598-A6CD-9BCAD61E4E30} - (no file)
BHO-{B8ECA5C6-59EF-44F0-AAEE-95C5613F392D} - c:\windows\system32\qoMCrRjH.dll
BHO-{d3a130a0-1fb9-4c2a-ac7b-0743ad3c97f9} - c:\windows\system32\nlpzgf.dll
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-urqQjjhg - (no file)
Notify-WgaLogon - (no file)


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Antoine\Application Data\Mozilla\Firefox\Profiles\60bqv7w6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\documents and settings\Antoine\Application Data\Mozilla\Firefox\Profiles\60bqv7w6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 19:45:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-12-19 19:51:22 - La machine a redémarré [Antoine]
ComboFix-quarantined-files.txt 2008-12-19 18:51:20

Avant-CF: 4 540 620 800 octets libres
Après-CF: 4,511,182,848 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

266 --- E O F --- 2008-12-12 14:03:15


Et merci encore!

Répondre à player91
Angeldark   20-12-2008 à 14:14:49
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   20-12-2008 à 15:11:19
- 0 +

Logfile of HijackThis v1.99.1
Scan saved at 15:11:04, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svscs.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svscs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 5992968312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3641815765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Répondre à player91
Angeldark   21-12-2008 à 12:45:50
- 0 +

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
c:\windows\system32\helpersvscs.exe
c:\windows\system32\mldmm.exe
c:\windows\system32\svscs.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nl2plwrk"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nl2plwrk"=-



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   21-12-2008 à 13:33:45
- 0 +

Voila le rapport combofix:

ComboFix 08-12-18.03 - Antoine 2008-12-21 13:27:18.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.540 [GMT 1:00]
Lancé depuis: c:\documents and settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Antoine\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\helpersvscs.exe
c:\windows\system32\mldmm.exe
c:\windows\system32\svscs.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\helpersvscs.exe
c:\windows\system32\mldmm.exe
c:\windows\system32\svscs.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 ))))))))))))))))))))))))))))))))))))
.

2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\documents and settings\Antoine\Application Data\Malwarebytes
2008-12-17 19:40 . 2008-12-17 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 19:40 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 19:40 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 18:23 . 2008-12-17 18:23 102,681 --a------ c:\windows\system32\msvcrt2.dll
2008-12-14 22:29 . 2008-12-14 22:29 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-14 13:19 . 2008-12-14 13:19 <REP> d-------- c:\program files\Auslogics
2008-12-14 13:19 . 2008-12-14 13:19 <REP> d-------- c:\documents and settings\Antoine\Application Data\Auslogics
2008-12-08 15:30 . 2008-12-12 21:42 <REP> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-12-08 15:29 . 2008-12-08 16:21 33 --a------ c:\windows\GunzLauncher.INI
2008-12-06 17:27 . 2008-12-06 17:27 <REP> d-------- c:\program files\MSECache
2008-12-04 18:51 . 2008-12-04 18:51 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-02 22:41 . 2008-12-02 22:42 <REP> d-------- c:\program files\iTunes
2008-12-02 22:41 . 2008-12-02 22:41 <REP> d-------- c:\program files\iPod
2008-12-02 22:41 . 2008-12-02 22:42 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 11:44 --------- d-----w c:\program files\Project64 1.6
2008-12-14 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-04 17:50 --------- d-----w c:\program files\Java
2008-12-02 21:41 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-02 21:40 --------- d-----w c:\program files\QuickTime
2008-12-02 21:36 --------- d-----w c:\program files\Safari
2008-11-20 18:52 --------- d-----w c:\documents and settings\Antoine\Application Data\uTorrent
2008-11-11 12:25 --------- d-----w c:\program files\Hotspot Shield
2008-10-24 15:14 --------- d-----w c:\documents and settings\Antoine\Application Data\LimeWire
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 15:13 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-08-31 01:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_19.50.54.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 00:48:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-20 14:13:08 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_1bc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111 Configuration Utility\WPN111.exe [2006-03-10 491606]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\Incoming\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\filters\\divxconfig.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2005-02-09 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2006-03-10 286720]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys [2006-03-10 43392]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys [2007-04-04 155411]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" []
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2005-03-01 40448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09cab8d5-8307-11dc-9358-00146c0a4410}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be6b18d-ccf1-11dc-9370-00146c0a4410}]
\Shell\AutoRun\command - F:\start.exe
\Shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6148254b-f58c-11db-9262-00146c0a4410}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b87a1b1-7d75-11dc-9354-00146c0a4410}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54c1b5e-f1cc-11db-925b-00146c0a4410}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 20:35]

2008-12-12 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Antoine\Application Data\Mozilla\Firefox\Profiles\60bqv7w6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\documents and settings\Antoine\Application Data\Mozilla\Firefox\Profiles\60bqv7w6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 13:30:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Heure de fin: 2008-12-21 13:32:26
ComboFix-quarantined-files.txt 2008-12-21 12:31:53
ComboFix2.txt 2008-12-19 18:51:23

Avant-CF: 4 553 224 192 octets libres
Après-CF: 4,480,495,616 octets libres

188 --- E O F --- 2008-12-20 14:01:21

Répondre à player91
player91   21-12-2008 à 13:34:55
- 0 +

Et le rapport highjack:

Logfile of HijackThis v1.99.1
Scan saved at 13:34:03, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Antoine\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Antoine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 5992968312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3641815765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


Répondre à player91
Angeldark   21-12-2008 à 16:39:49
- 0 +

Ton pc se comporte mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
player91   21-12-2008 à 16:57:14
- 0 +

ouais il va beaucoup mieux merci mille fois!!

Par contre je sais que ca n'a aucun rapport mais parfois mon ordi affiche un fond bleu avec un message d'erreur avec de la vidage de la mémoire physique et je sais plus quoi?
ça m'est arrivé plusieurs fois , c'est a cause de quoi?

Répondre à player91
Angeldark   22-12-2008 à 12:55:32
- 0 +

Problème Hardware je pense.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Virus Msn
Aller à :

Il y a 1247 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,276 secondes
Liens