Tom's Guide > Forum > Sécurité - Virus > Trojan [RESOLU]

Trojan [RESOLU]

Forum Sécurité - Virus : Trojan [RESOLU]

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
rexstar   22-12-2008 à 13:26:20

Bonjour alors voila j' ai un cheval de troie qui se nomme dskquota32.dll et qui est consideré comme un generic downloader par mon anti virus (virus scan entreprise 7.1), mon anti virus le detecte mais il ne peut ni le nettoyer ni le supprimer. le cheval de troie se trouve dans C:/WINDOWS/system32, j' ai tenté de le supprimer manuellement mais sa me dit que "le disque est peut etre protegé en ecriture ou est utilisé actuellement". J' ai voulut formater mon disque local C mais impossible de le faire (grace au clique droit de la souris => formater)

Donc si quelqu' un aurait une solution et bah je suis preneur !!

merci bien


Message édité par rexstar le 25-12-2008 à 19:06:42
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   22-12-2008 à 14:21:29
- 0 +

Bonjour,

Tu as essayé en mode sans échec ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   22-12-2008 à 14:29:58
- 0 +

oui j' ai deja tester mais toujours le meme probleme un message disant "disque proteger en ecriture ou actuellement utilisé"

Répondre à rexstar
Angeldark   22-12-2008 à 15:31:41
- 0 +

Ok.

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   22-12-2008 à 16:22:37
- 1 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:09, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Clem\Bureau\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Clem\LOCALS~1\Temp\is-LOJD9.tmp\mbam-setup.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelco [...] n.asp?id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dskquota32.dll
O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 9583 bytes

Répondre à rexstar
Angeldark   22-12-2008 à 17:16:38
- 0 +

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   22-12-2008 à 17:36:58
- 0 +

* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Clem\Application Data\020000007fbff3a7511C.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511O.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511P.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\8.tmp
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 16:26 . 2008-12-22 16:26 <REP> d-------- c:\documents and settings\Clem\Application Data\Malwarebytes
2008-12-22 16:10 . 2008-12-22 16:12 1,388,544 --a------ c:\windows\system32\MSVBVM60.DLL
2008-12-22 16:05 . 2008-12-22 16:05 <REP> d-------- c:\program files\Trend Micro
2008-12-22 15:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 15:51 . 2008-12-22 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 15:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 13:42 . 2008-12-22 15:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage réseau
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage d'impression
2008-12-22 12:33 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Modèles
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Mes documents
2008-12-22 12:33 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur.SEMPER\Menu Démarrer
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Favoris
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Bureau
2008-12-22 12:33 . 2008-12-22 12:33 <REP> d-------- c:\documents and settings\Administrateur.SEMPER
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-22 12:03 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-22 12:03 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-22 12:03 . 2008-12-22 12:04 <REP> d-------- c:\documents and settings\Administrateur
2008-12-22 11:55 . 2008-12-22 11:55 <REP> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2008-12-22 00:54 . 2008-12-22 00:54 <REP> d-------- c:\program files\CCleaner
2008-12-21 23:56 . 2008-12-21 23:56 114,142 --a------ c:\program files\keygenIRC.zip
2008-12-21 23:55 . 2008-12-21 23:55 373,760 --ahs---- c:\windows\system32\2B0.tmp
2008-12-21 23:55 . 2008-12-22 12:53 135,168 --a------ c:\windows\system32\dskquota32.dll
2008-12-21 19:53 . 2008-12-21 19:53 <REP> d-------- c:\program files\MSBuild
2008-12-21 19:52 . 2008-12-21 19:55 <REP> d-------- c:\windows\system32\XPSViewer
2008-12-21 19:51 . 2008-12-21 19:51 <REP> d-------- c:\program files\Reference Assemblies
2008-12-21 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\system32\xlive
2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\Logs
2008-12-21 19:33 . 2008-12-21 20:05 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 19:33 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-21 19:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-21 19:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-21 19:33 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-14 22:14 . 2008-12-22 17:21 <REP> d-------- C:\quarantine
2008-12-14 16:40 . 2008-12-19 06:53 <REP> d-------- c:\documents and settings\Clem\Application Data\Hamachi
2008-12-14 16:40 . 2008-12-14 16:40 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-01 23:07 . 2008-12-20 19:07 <REP> d-------- c:\program files\@
2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-24 19:51 . 2008-12-22 11:53 <REP> d-------- c:\program files\mIRC GMS
2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a------ c:\windows\system32\hpgt34tk.dll
2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a--c--- c:\windows\system32\dllcache\hpgt34tk.dll
2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a------ c:\windows\system32\hpgt34.dll
2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a--c--- c:\windows\system32\dllcache\hpgt34.dll
2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a------ c:\windows\system32\hpgtmcro.dll
2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a--c--- c:\windows\system32\dllcache\hpgtmcro.dll
2008-11-23 10:18 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-23 10:18 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 14:57 --------- d-----w c:\program files\Steam
2008-12-21 23:07 --------- d-----w c:\documents and settings\Clem\Application Data\LimeWire
2008-12-21 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 18:35 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-19 03:57 --------- d-----w c:\program files\Xfire
2008-12-18 18:00 --------- d-----w c:\documents and settings\Clem\Application Data\Xfire
2008-11-20 21:45 --------- d-----w c:\documents and settings\Clem\Application Data\Desktopicon
2008-11-20 21:41 --------- d-----w c:\program files\Vdownloader
2008-11-14 16:00 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-08 13:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-08 13:18 --------- d-----w c:\program files\LimeWire
2008-11-05 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 16:43 --------- d-----w c:\program files\NOS
2008-11-05 14:41 --------- d-----w c:\program files\RocketDock
2008-11-05 14:17 --------- d-----w c:\program files\photoshop
2008-11-05 14:14 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-29 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 17:44 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
2006-06-23 06:48 32,768 ------r c:\windows\inf\UpdateUSB.exe
2005-12-08 11:26 704,512 ----a-w c:\documents and settings\creative\ShCtMtp.dll
2005-12-02 13:27 303,104 ----a-w c:\documents and settings\creative\CTConfig.dll
2005-11-21 16:15 233,472 ------w c:\documents and settings\Auto Tag Cleaner\CTCleanU.exe
2005-10-19 15:27 172,032 ------w c:\documents and settings\Video Converter\CtConvU.exe
2005-10-19 08:10 266,240 ------w c:\documents and settings\Video Converter\HookWndU.dll
2005-10-11 17:28 245,760 ----a-w c:\documents and settings\creative\CTImpt3u.exe
2005-10-11 13:18 57,344 ----a-w c:\documents and settings\creative\VIDef.dll
2005-09-30 16:28 663,552 ----a-w c:\documents and settings\creative\PicRc.dll
2005-09-21 09:33 262,144 ------w c:\documents and settings\Auto Tag Cleaner\HookWndU.dll
2005-09-20 13:20 172,032 ----a-w c:\documents and settings\creative\CtMtpRc.dll
2005-09-12 17:08 106,496 ----a-w c:\documents and settings\creative\CTPlyLsU.exe
2005-09-06 13:36 217,088 ----a-w c:\documents and settings\creative\HomeRc.dll
2005-08-23 15:20 106,496 ----a-w c:\documents and settings\creative\HookWndU.dll
2005-08-02 19:17 40,448 ----a-w c:\documents and settings\creative\MFInfou.dll
2005-07-14 07:46 249,856 ----a-w c:\documents and settings\creative\CTPIMu.exe
2005-07-13 16:20 266,240 ------w c:\documents and settings\Video Converter\CTAboutu.dll
2005-07-13 16:20 266,240 ------w c:\documents and settings\Auto Tag Cleaner\CTAboutu.dll
2005-04-26 09:59 40,960 ----a-w c:\documents and settings\creative\CTSUAppu.exe
2005-04-26 08:06 86,016 ----a-w c:\documents and settings\creative\QueTray.exe
2005-04-25 09:50 16,384 ----a-w c:\documents and settings\creative\GenreRc.dll
2005-04-18 17:46 53,248 ----a-w c:\documents and settings\creative\CTSUSDKu.dll
2005-03-31 16:54 266,240 ----a-w c:\documents and settings\creative\CTAboutu.dll
2005-03-07 01:00 65,536 ----a-w c:\documents and settings\creative\CTIntrfu.dll
2005-03-07 01:00 65,536 ------w c:\documents and settings\Auto Tag Cleaner\CTIntrfu.dll
2005-03-07 00:00 23,552 ----a-w c:\documents and settings\creative\CTRegSvu.exe
2005-03-07 00:00 23,552 ------w c:\documents and settings\Auto Tag Cleaner\CTRegSvu.exe
2005-02-26 13:12 102,400 ------w c:\documents and settings\Auto Tag Cleaner\DXFingerprint.dll
2004-12-15 06:44 102,400 ----a-w c:\documents and settings\creative\ModeHlp.dll
2004-09-20 08:09 86,016 ------w c:\documents and settings\Auto Tag Cleaner\CTXMLPsu.dll
2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdflnk.exe
2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdfErr.exe
2008-08-30 09:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-12-19 1410296]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RGSC"="f:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-21 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-10 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Clem\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
2008-12-22 12:53 135168 c:\windows\system32\dskquota32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dskquota32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\K!TV\\K!TV.exe"=
"c:\\Program Files\\MyFreeTV\\MyFreeTV.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC GMS\\mIRC.exe"=
"f:\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-12 1121536]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-12 93696]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-07-21 152576]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://lo.st
uInternet Connection Wizard,ShellNext = hxxp://ati.amd.com/online/cccwelcome/registration.asp?id=1
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Clem\Application Data\Mozilla\Firefox\Profiles\ajiadmda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 17:34:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\System32\dskquota32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\System32\dskquota32.dll
.
Heure de fin: 2008-12-22 17:34:40
ComboFix-quarantined-files.txt 2008-12-22 16:34:35

Avant-CF: 38 222 835 712 octets libres
Après-CF: 39,130,976,256 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

Répondre à rexstar
Angeldark   22-12-2008 à 21:25:33
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   22-12-2008 à 23:33:41
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:48, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelco [...] n.asp?id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dskquota32.dll
O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 8888 bytes

Répondre à rexstar
Angeldark   23-12-2008 à 16:06:39
- 0 +

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
c:\program files\keygenIRC.zip
c:\windows\system32\dskquota32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   23-12-2008 à 18:01:59
- 0 +

Rapport combofix:

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Clem\Application Data\020000007fbff3a7511C.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511O.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511P.manifest
c:\documents and settings\Clem\Application Data\020000007fbff3a7511S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\8.tmp
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 16:26 . 2008-12-22 16:26 <REP> d-------- c:\documents and settings\Clem\Application Data\Malwarebytes
2008-12-22 16:10 . 2008-12-22 16:12 1,388,544 --a------ c:\windows\system32\MSVBVM60.DLL
2008-12-22 16:05 . 2008-12-22 16:05 <REP> d-------- c:\program files\Trend Micro
2008-12-22 15:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 15:51 . 2008-12-22 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 15:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 13:42 . 2008-12-22 15:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage réseau
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage d'impression
2008-12-22 12:33 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Modèles
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Mes documents
2008-12-22 12:33 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur.SEMPER\Menu Démarrer
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Favoris
2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Bureau
2008-12-22 12:33 . 2008-12-22 12:33 <REP> d-------- c:\documents and settings\Administrateur.SEMPER
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-22 12:03 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-22 12:03 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-22 12:03 . 2008-12-22 12:04 <REP> d-------- c:\documents and settings\Administrateur
2008-12-22 11:55 . 2008-12-22 11:55 <REP> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2008-12-22 00:54 . 2008-12-22 00:54 <REP> d-------- c:\program files\CCleaner
2008-12-21 23:56 . 2008-12-21 23:56 114,142 --a------ c:\program files\keygenIRC.zip
2008-12-21 23:55 . 2008-12-21 23:55 373,760 --ahs---- c:\windows\system32\2B0.tmp
2008-12-21 23:55 . 2008-12-22 12:53 135,168 --a------ c:\windows\system32\dskquota32.dll
2008-12-21 19:53 . 2008-12-21 19:53 <REP> d-------- c:\program files\MSBuild
2008-12-21 19:52 . 2008-12-21 19:55 <REP> d-------- c:\windows\system32\XPSViewer
2008-12-21 19:51 . 2008-12-21 19:51 <REP> d-------- c:\program files\Reference Assemblies
2008-12-21 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\system32\xlive
2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\Logs
2008-12-21 19:33 . 2008-12-21 20:05 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 19:33 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-21 19:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-21 19:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-21 19:33 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-14 22:14 . 2008-12-22 17:21 <REP> d-------- C:\quarantine
2008-12-14 16:40 . 2008-12-19 06:53 <REP> d-------- c:\documents and settings\Clem\Application Data\Hamachi
2008-12-14 16:40 . 2008-12-14 16:40 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-01 23:07 . 2008-12-20 19:07 <REP> d-------- c:\program files\@
2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-24 19:51 . 2008-12-22 11:53 <REP> d-------- c:\program files\mIRC GMS
2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a------ c:\windows\system32\hpgt34tk.dll
2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a--c--- c:\windows\system32\dllcache\hpgt34tk.dll
2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a------ c:\windows\system32\hpgt34.dll
2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a--c--- c:\windows\system32\dllcache\hpgt34.dll
2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a------ c:\windows\system32\hpgtmcro.dll
2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a--c--- c:\windows\system32\dllcache\hpgtmcro.dll
2008-11-23 10:18 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-23 10:18 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 14:57 --------- d-----w c:\program files\Steam
2008-12-21 23:07 --------- d-----w c:\documents and settings\Clem\Application Data\LimeWire
2008-12-21 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 18:35 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-19 03:57 --------- d-----w c:\program files\Xfire
2008-12-18 18:00 --------- d-----w c:\documents and settings\Clem\Application Data\Xfire
2008-11-20 21:45 --------- d-----w c:\documents and settings\Clem\Application Data\Desktopicon
2008-11-20 21:41 --------- d-----w c:\program files\Vdownloader
2008-11-14 16:00 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-08 13:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-08 13:18 --------- d-----w c:\program files\LimeWire
2008-11-05 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 16:43 --------- d-----w c:\program files\NOS
2008-11-05 14:41 --------- d-----w c:\program files\RocketDock
2008-11-05 14:17 --------- d-----w c:\program files\photoshop
2008-11-05 14:14 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-29 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 17:44 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
2006-06-23 06:48 32,768 ------r c:\windows\inf\UpdateUSB.exe
2005-12-08 11:26 704,512 ----a-w c:\documents and settings\creative\ShCtMtp.dll
2005-12-02 13:27 303,104 ----a-w c:\documents and settings\creative\CTConfig.dll
2005-11-21 16:15 233,472 ------w c:\documents and settings\Auto Tag Cleaner\CTCleanU.exe
2005-10-19 15:27 172,032 ------w c:\documents and settings\Video Converter\CtConvU.exe
2005-10-19 08:10 266,240 ------w c:\documents and settings\Video Converter\HookWndU.dll
2005-10-11 17:28 245,760 ----a-w c:\documents and settings\creative\CTImpt3u.exe
2005-10-11 13:18 57,344 ----a-w c:\documents and settings\creative\VIDef.dll
2005-09-30 16:28 663,552 ----a-w c:\documents and settings\creative\PicRc.dll
2005-09-21 09:33 262,144 ------w c:\documents and settings\Auto Tag Cleaner\HookWndU.dll
2005-09-20 13:20 172,032 ----a-w c:\documents and settings\creative\CtMtpRc.dll
2005-09-12 17:08 106,496 ----a-w c:\documents and settings\creative\CTPlyLsU.exe
2005-09-06 13:36 217,088 ----a-w c:\documents and settings\creative\HomeRc.dll
2005-08-23 15:20 106,496 ----a-w c:\documents and settings\creative\HookWndU.dll
2005-08-02 19:17 40,448 ----a-w c:\documents and settings\creative\MFInfou.dll
2005-07-14 07:46 249,856 ----a-w c:\documents and settings\creative\CTPIMu.exe
2005-07-13 16:20 266,240 ------w c:\documents and settings\Video Converter\CTAboutu.dll
2005-07-13 16:20 266,240 ------w c:\documents and settings\Auto Tag Cleaner\CTAboutu.dll
2005-04-26 09:59 40,960 ----a-w c:\documents and settings\creative\CTSUAppu.exe
2005-04-26 08:06 86,016 ----a-w c:\documents and settings\creative\QueTray.exe
2005-04-25 09:50 16,384 ----a-w c:\documents and settings\creative\GenreRc.dll
2005-04-18 17:46 53,248 ----a-w c:\documents and settings\creative\CTSUSDKu.dll
2005-03-31 16:54 266,240 ----a-w c:\documents and settings\creative\CTAboutu.dll
2005-03-07 01:00 65,536 ----a-w c:\documents and settings\creative\CTIntrfu.dll
2005-03-07 01:00 65,536 ------w c:\documents and settings\Auto Tag Cleaner\CTIntrfu.dll
2005-03-07 00:00 23,552 ----a-w c:\documents and settings\creative\CTRegSvu.exe
2005-03-07 00:00 23,552 ------w c:\documents and settings\Auto Tag Cleaner\CTRegSvu.exe
2005-02-26 13:12 102,400 ------w c:\documents and settings\Auto Tag Cleaner\DXFingerprint.dll
2004-12-15 06:44 102,400 ----a-w c:\documents and settings\creative\ModeHlp.dll
2004-09-20 08:09 86,016 ------w c:\documents and settings\Auto Tag Cleaner\CTXMLPsu.dll
2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdflnk.exe
2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdfErr.exe
2008-08-30 09:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-12-19 1410296]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RGSC"="f:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-21 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-10 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Clem\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
2008-12-22 12:53 135168 c:\windows\system32\dskquota32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dskquota32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\K!TV\\K!TV.exe"=
"c:\\Program Files\\MyFreeTV\\MyFreeTV.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\__semper__\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC GMS\\mIRC.exe"=
"f:\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-12 1121536]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-12 93696]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-07-21 152576]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://lo.st
uInternet Connection Wizard,ShellNext = hxxp://ati.amd.com/online/cccwelcome/registration.asp?id=1
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Clem\Application Data\Mozilla\Firefox\Profiles\ajiadmda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 17:34:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\System32\dskquota32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\System32\dskquota32.dll
.
Heure de fin: 2008-12-22 17:34:40
ComboFix-quarantined-files.txt 2008-12-22 16:34:35

Avant-CF: 38 222 835 712 octets libres
Après-CF: 39,130,976,256 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

265 --- E O F --- 2008-12-19 02:00:49


Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00, on 2008-12-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelco [...] n.asp?id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 9072 bytes



Je ne suis pas sur que le rapport combofix soit le bon mais je n' ai trouvé que celui la!!


Message édité par rexstar le 23-12-2008 à 18:40:37
Répondre à rexstar
Angeldark   24-12-2008 à 17:18:39
- 0 +

Re,

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.

&

Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll (file missing)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
rexstar   25-12-2008 à 19:05:24
- 0 +

Bon et bien: IE remarche, mon PC n' est plus ralentit, plus aucun message de mon anti virus..... Si c' est tout ce que je devait faire et bien je te remercie beaucoup pour ton aide Angeldark!!

J'espere qu' on ne se reverra pas sinon sa voudrais dire que j' ai de nouveau un probleme!! ^^

Mais merci bien en tout cas!!

Répondre à rexstar
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Trojan [RESOLU]
Aller à :

Il y a 2101 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,608 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens