Virus mal effacer, Rundll introuvable
Forum Sécurité - Virus : Virus mal effacer, Rundll introuvable
bonjour!
Voila mon probleme depuis peu,
J'ai attrapé un virus "virtumonde" il me semble, avec spybot adaware et kapersky j'ai essayé de le retirer, maintenant lorsque je demarre mon pc un message d'erreur apparait :
RUNDLL
Erreur de chargement de C:\WINDOWS\systeme32\lewiyidi.dll
Le module spécifié est introuvable.
j'ai essayé avec macafee spybot et adaware de le retirer mais il reviens tout le temps.
Dans mes ms config, j'ai
lewiyidi
zebeduwi
suyetebo
que je soupconne etre des spyware/virus, je l'ai attrapé recement, et les conséquences, sont de nombreuses pop up sur IE et firefox.
Si vous pouviez m'aidez à résoudre se probleme, merci d'avance en tout cas 
kopax
Message édité par kopaxx le 04-01-2009 à 15:38:00
Salut, voilà j'ai fais ce que tu m'as demandé, la première fois j'ai lancé combofix bêtement et il a planté (normal je n'avais pas la console de restauration d'installer)
J'ai donc fermer, et supprimer tout ce que comboxfix avais crée comme dossier dans C:\
J'ai télécharger ma console de restauration, j'ai pratiqué le glisser/déposer.
Mais malheureusement aucune console c'est ouverte, j'ai redémarrer, recommencer, supprimer les fichiers télécharger par combofix.
Redéplacer la console windows vers combofix pour que ça installe.
Cette fois ci la console bleu c'est ouverte, mais un message d'erreur l'accompagnait.
| Citation :
|
Je ne sais pas si ce problème est du à mes manipulations de maniaque à vouloir toujours supprimer et recommencé pour pas avoir d'erreur ni dégueulasser le PC.
Voilà je reposte un log HJT et j'attends vos instructions.
Merci beaucoup et désolé encore 
| Citation : Logfile of Trend Micro HijackThis v2.0.2
|
Message édité par kopaxx le 04-01-2009 à 21:14:43
Voila, j'ai ignorer, d'ailleur il m'a proposé de télécharger la console windows, j'ai dit oui, il me la télécharger et installé
Voici le log au complet Angel
ComboFix 09-01-05.05 - Administrateur 2009-01-06 23:37:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2783 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\eponegef.ini
c:\windows\system32\ewonosej.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-06 au 2009-01-06 ))))))))))))))))))))))))))))))))))))
.
2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-05 19:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 19:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 15:17 . 2009-01-04 15:17 <REP> d-------- c:\program files\Trend Micro
2009-01-02 16:27 . 2009-01-02 16:27 <REP> d-------- c:\program files\Lavasoft
2009-01-02 16:27 . 2009-01-02 16:27 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Lavasoft
2009-01-02 03:47 . 2009-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2009-01-02 03:46 . 2009-01-02 03:46 <REP> d-------- c:\program files\DivX
2009-01-02 03:44 . 2009-01-02 03:44 <REP> d-------- c:\program files\Xvid
2009-01-02 03:44 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2009-01-02 03:44 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-02 03:44 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-02 03:38 . 2009-01-02 03:38 <REP> d-------- c:\program files\WinAVI MP4 Converter
2009-01-01 23:17 . 2009-01-01 23:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-01 23:17 . 2009-01-01 23:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 19:26 . 2008-12-28 19:28 139,264 --a------ c:\windows\War3Unin.exe
2008-12-28 19:26 . 2008-12-28 19:33 106,840 --a------ c:\windows\War3Unin.dat
2008-12-28 19:26 . 2008-12-28 19:28 2,829 --a------ c:\windows\War3Unin.pif
2008-12-28 19:03 . 2009-01-03 09:22 <REP> d-------- c:\program files\Warcraft III
2008-12-28 16:37 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-28 16:37 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 16:37 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 16:37 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-27 17:06 . 2009-01-02 17:26 <REP> d-------- c:\program files\UsbFix
2008-12-21 18:34 . 2008-12-21 18:40 8 --a------ c:\windows\system32\nvModes.dat
2008-12-21 07:45 . 2008-12-21 07:45 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-12-21 06:52 . 2008-12-21 06:52 <REP> d-------- c:\program files\DVD Flick
2008-12-21 06:52 . 2008-12-21 06:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DVD Flick
2008-12-21 06:52 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-12-21 06:52 . 2004-03-09 00:00 609,824 --a------ c:\windows\system32\comctl32.ocx
2008-12-21 06:52 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2008-12-21 06:52 . 1998-06-24 00:00 164,144 --a------ c:\windows\system32\comct232.ocx
2008-12-21 06:52 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-12-21 06:52 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-12-21 06:52 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-12-21 04:59 . 2008-12-21 04:59 <REP> d-------- c:\program files\Freeplayer
2008-12-21 03:14 . 2008-12-21 03:14 <REP> d-------- c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-12-20 23:30 . 2009-01-02 17:37 <REP> d-------- c:\program files\uTorrent
2008-12-20 23:30 . 2009-01-02 19:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-20 06:50 . 2008-12-20 06:50 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NetDrive
2008-12-13 17:07 . 2008-12-13 17:07 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-13 01:22 . 2008-12-02 23:11 205,413 --a------ c:\windows\system32\nvapps.nvb
2008-12-06 20:56 . 2008-12-06 20:56 107,888 --a------ c:\windows\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 22:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
2009-01-06 21:24 --------- d-----w c:\program files\Steam
2009-01-06 15:48 --------- d-----w c:\program files\PokerStars
2008-12-30 16:30 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-26 23:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\teamspeak2
2008-12-26 00:24 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-12-21 04:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-12-20 22:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
2008-12-13 00:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-13 00:22 --------- d-----w c:\program files\AGEIA Technologies
2008-12-12 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 19:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 19:28 --------- d-----w c:\program files\Rockstar Games
2008-12-05 22:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\HLSW
2008-12-05 00:07 --------- d-----w c:\program files\PokerRoom.com
2008-12-04 08:28 --------- d--h--r c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-04 08:08 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-04 07:35 --------- d-----w c:\program files\MSBuild
2008-12-04 07:34 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 22:11 6,209,536 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-24 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 12:30 --------- d-----w c:\program files\Adobe Media Player
2008-11-22 12:29 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-11-11 16:02 --------- d-----w c:\program files\Icemat Siberia USB Soundcard
2008-11-10 13:56 --------- d-----w c:\program files\FLV Player
2008-11-06 17:13 --------- d-----w c:\program files\SnadBoy's Revelation v2
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-03 19:31 1410296 c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopax@espace-design.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Mes Documents\\Programmes\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Mes Documents\\Programmes\\HLSW\\hlsw.exe"=
"d:\\Mes Documents\\Documents\\Programmes Installation\\MyFreeTv\\MyFreeTV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopax@espace-design.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\UsbFix\\Tools\\swreg.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:war3serv
"6112:UDP"= 6112:UDP:war3servudp
R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\drivers\UT_FPRd.sys [2008-09-22 16000]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-09-22 194304]
S4 SampleScanner;USB-Flachbettscanner;c:\windows\system32\drivers\ArtecGT.sys [2008-09-22 18120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57a6b46b-c00c-11dd-a7b6-00301bbd5e98}]
\Shell\AutoRun\command - J:\RavMon.exe
\Shell\explore\Command - J:\RavMon.exe -e
\Shell\open\Command - J:\RavMon.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-9076fc95 - c:\windows\system32\suyetebo.dll
MSConfigStartUp-CPM9345cf09 - c:\windows\system32\zebeduwi.dll
MSConfigStartUp-dawuravafi - c:\windows\system32\lewiyidi.dll
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yrdeqr91.default\
FF - prefs.js: browser.search.selectedEngine - Dailymotion
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:39:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\Software\SecuROM\License information*NULL*]
"datasecu"=hex:a8,4d,7b,84,f2,1a,5a,5b,4b,02,04,bb,49,e6,fb,47,dd,33,b3,cd,1d,\
92,19,91,15,d9,43,7b,69,c9,8f,b4,c6,f7,c2,1c,6d,62,7b,05,d8,01,12,21,bc,1e,\
fe,c7,85,a4,67,9e,90,63,5b,29,87,cf,64,21,f1,d8,b8,85,4c,db,b0,a5,e9,8d,d7,\
23,26,79,10,82,4e,8a,6f,b8,73,2e,07,68,9d,5e,e9,1b,73,b5,a3,85,5a,59,9a,06,\
4d,c9,c9,4a,60,f4,b7,44,56,f2,7a,7a,aa,3f,42,a6,f2,48,fa,a8,af,24,cd,52,c3,\
20,10,61,76,3a,c2,35,41,71,04,c7,a9,76,cc,90,9a,a9,6d,6c,19,fb,fc,39,8e,d9,\
e4,a1,1d,d0,27,a1,6a,a9,58,ee,6a,4b,6a,a7,8f,77,1e,0e,26,0d,fa,be,14,86,aa,\
03,b9,bf,6b,96,b8,22,78,9e,21,88,15,5d,87,a1,cb,7e,d9,cc,c4,6f,7d,9e,92,b7,\
a6,ab,b8,dc,03,d1,fa,0a,c0,19,0d,d2,43,bf,1f,48,70,bb,90,f6,7d,b1,d2,0b,0f,\
04,7f,08,70,39,90,35,1c,1c,b8,c6,7c,29,2d,2b,e5,d0,68,63,0b,eb,be,ce,b7,e0,\
25,72,7e,95,44,d6,b6,24,4c,2a,0a,de,34,00,c2,10,52,b1,8d,0a,59,8d,53,7b,fc,\
76,44,de,45,d6,ff,b5,19,da,ec,e6,a2,1a,f8,1b,5f,82,a7,fc,99,19,63,d0,50,36,\
d9,6b,23,48,09,48,59,c8,97,49,f4,ec,91,e6,5c,68,ef,24,e4,63,a7,12,db,17,7c,\
0c,c5,4a,15,cf,d3,0c,91,a3,1b,1f,06,48,60,35,69,61,f1,e1,aa,e2,68,6c,04,ba,\
69,51,43,b6,d1,01,1e,ad,78,88,9e,6b,9a,22,14,37,17,a7,fc,d7,90,ee,08,32,96,\
2f,05,67,03,a7,30,5b,c7,1c,75,1c,9a,08,4a,dc,8e,43,05,c2,91,87,d9,21,0a,e3,\
31,01,41,f8,75,1c,0c,db,20,38,6e,39,c9,6d,33,5b,e0,7c,4b,c5,a9,c8,f5,27,d8,\
88,13,3e,40,c6,01,b2,ae,69,2d,e1,3d,66,fe,77,eb,85,65,db,e6,e8,8c,09,10,7f,\
20,b3,c0,d2,4f,43,41,c5,f3,a5,8b,e5,16,c7,6b,ec,de,86,81,1b,ad,6c,dd,5d,9a,\
8c,a6,b1,c6,19,83,f8,d2,b9,e8,26,f9,7a,69,cb,8d,47,20,a6,37,0d,16,00,af,a8,\
58,29,dd,94,41,ab,93,81,96,f4,2e,ad,4f,44,b8,90,87,c8,ee,03,9e,6b,8e,f9,31,\
56,4e,df,59,83,15,4c,89,e5,4f,69,97,2f,0b,e4,7e,6e,23,ef,8b,4a,05,f8,18,c3,\
a9,20,e6,2c,1a,24,28,ad,92,f8,0e,01,38,13,d0,90,9c,35,53,68,bc,5e,71,e6,d6,\
57,89,8e,b2,65,d3,bb,65,dc,67,dd,c3,f5,65,77,4e,a0,4c,2e,17,d3,82,e3,7c,bb,\
a2,c0,f5,e5,f3,a8,5a,36,1f,3d,93,22,82,e7,d8,aa,6f,b4,34,3e,b0,a0,21,b3,a2,\
98,4b,fe,b3,da,43,3c,fd,a0,9c,0b,05,b7,90,80,2b,87,18,04,5c,fd,b6,b5,3e,bd,\
1f,2a,3a,54,b1,6d,44,63,53,8c,e9,bd,da,10,b5,be,30,f3,e7,14,6e,46,8c,73,ba,\
8d,bd,9c,7d,1c,12,46,14,d6,e0,5f,c5,c2,cc,d8,a0,85,d9,a5,07,c1,68,75,69,67,\
c5,15,e5,12,11,00,3b,ec,35,c2,35,18,34,0a,e0,c5,23,d1,da,c6,c2,70,26,84,bc,\
e2,27,a1,85,19,96,27,7d,c4,39,20,f3,c9,ed,ff,fe,60,b5,87,f4,4d,b9,fc,76,8e,\
1f,d5,3a,ce,8b,52,ad,37,aa,43,d2,7e,a9,1c,4b,4a,06,8a,b2,4b,18,91,ed,86,6e,\
2f,e9,78,aa,ce,9b,9f,36,a7,96,a0,88,34,99,ca,11,b5,51,3d,84,6c,7b,53,66,e2,\
35,ce,b7,d5,8e,eb,72,93,43,d6,01,02,d7,b3,46,3e,0e,b3,3b,e8,4d,f7,b9,03,cb,\
67,f7,fa,75,ea,fb,0e,18,d4,23,a9,26,2b,97,bd,91,80,df,10,4d,43,5c,57,0c,28,\
fe,fd,8c,ff,6a,8f,59,a8,ce,aa,1d,94,bc,20,2d,09,c9,83,40,5c,c2,af,52,bb,6a,\
92,35,90,08,d4,c5,0b,fd,a2,d5,40,2f,d5,ec,a2,40,8b,30,af,ea,4d,f3,77,a3,a2,\
ca,8d,98,bd,c1,9b,8a,ae,67,5e,03,79,5b,04,c8,ae,9b,96,2c,9c,77,37,dd,45,a8,\
fb,17,ec,c7,15,4f,a5,ac,33,1d,60,f9,09,41,69,03,bc,63,aa,14,2f,cf,b9,c6,fc,\
6c,bf,8f,d0,e5,39,c9,2d,3d,74,54,99,c0,3e,93,c7,01,2f,65,1e,ef,21,4a,aa,e1,\
86,2f,7c,41,91,81,63,e6,7b,b8,79,6f,e3,7b,ac,83,39,8d,2f,8a,79,95,cd,c0,7c,\
7e,0c,2b,c7,b5,0a,9e,06,54,87,28,8c,67,9b,6b,80,ad,60,37,21,89,61,46,80,24,\
f0,46,8e,e3,77,2d,cd,10,42,d6,b3,83,b7,4f,57,da,3e,73,27,ec,85,b6,d9,7a,5a,\
0d,f9,ba,16,16,a2,67,23,a7,7d,c7,8f,b4,61,39,42,56,ba,c5,eb,f8,d5,c5,ce,d8,\
68,6f,7d,eb,1a,05,f6,8f,d0,cb,01,a0,43,bb,4f,ee,30,4a,75,e8,0c,2b,e4,e6,63,\
41,f5,a1,78,45,fd,a8,3b,70,a8,1d,d7,a5,79,13,5b,e7,04,f1,a2,24,1d,c8,b1,b2,\
88,1a,69,5b,f2,d0,f3,c1,1a,2a,c5,4c,80,be,a6,2e,86,6b,ab,08,e8,52,9e,c9,af,\
8c,ce,75,f8,88,5d,cf,ce,b5,7b,79,38,d1,22,fa,4c,3f,3f,9d,25,41,1b,aa,6f,98,\
3b,f1,97,12,aa,2e,76,fb,cf,45,28,8e,7b,98,74,5d,0a,46,3a,e0,27,12,a4,90,de,\
59,e1,58,e6,ef,c7,1d,ab,cf,44,5e,60,b4,ed,79,c2,77,95,34,44,8b,85,8d,b8,eb,\
68,4d,8c,2d,90,ac,86,76,cb,9f,d2,32,39,22,cf,58,3c,06,40,5b,79,0b,7d,a6,d9,\
1b,29,63,de,d0,82,e7,d8,f8,dd,92,93,3a,37,ab,08,86,4a,50,f6,48,23,88,50,79,\
6f,d5,cc,18,c3,87,d8,2f,ed,ca,40,8c,39,fa,48,05,bf,5e,89,81,7c,fb,bf,75,c2,\
cc,03,84,af,db,41,e2,65,e8,8d,ce,30,60,ed,ce,35,2a,d1,19,9c,6e,6b,fe,ff,a5,\
90,3d,52,13,8b,21,47,7b,9b,5a,a1,47,08,62,43,ac,83,62,dd,2c,6f,3e,7a,74,3b,\
ee,78,34,74,74,f2,33,eb,06,13,3b,33,35,7c,f4,b7,f4,74,11,34,78,40,6d,1a,48,\
f7,36,d5,25,9a,88,7f,23,3b,03,4b,6b,79,bc,ff,55,60,89,fa,61,37,36,58,bd,ff,\
19,62,57,f2,83,7f,b8,43,80,3e,e4,83,48,43,55,d6,b4,52,68,bd,7c,ac,ed,36,94,\
15,ca,bb,19,32,47,39,d3,88,10,a4,ba,06,b3,ff,e6,3e,0a,d4,a3,da,af,b5,8b,23,\
06,30,ac,12,10,4f,b2,01,d3,4d,d9,8a,50,b9,85,3c,aa,2f,f7,52,d2,de,8b,48,a9,\
75,fc,d6,85,f9,9c,86,c4,00,7b,e7,ee,bd,af,7a,74,c8,bd,b1,98,df,ea,ae,d3,8b,\
99,66,f3,7b,e2,e9,b7,b0,75,84,af,e7,02,76,ee,61,c6,35,ee,82,9a,5b,1f,6f,fb,\
8e,4c,fc,a5,9c,f9,a8,18,dc,36,08,15,d8,c3,7c,a5,1d,7a,a3,f3,2b,b1,98,1a,48,\
c3,9b,f3,a1,03,74,6e,f9,80,2f,b2,b5,1f,0d,56,df,44,11,5e,81,d5,bf,76,6c,ba,\
59,9d,9f,ef,44,5c,1b,48,d1,0d,8f,78,8f,1f,9f,95,32,81,a7,34,ad,17,a6,70,3e,\
ae,31,43,1a,2a,66,7e,a2,3c,cf,6c,76,85,55,21,6a,00,da,71,fc,cf,3c,9b,28,99,\
87,ed,a1,e1,63,c1,21,20,39,a7,36,5f,81,7f,23,82,67,c5,93,a7,f6,1e,b4,03,9f,\
dc,d2,8f,e2,e9,87,e1,e5,a5,da,f8,8a,14,0f,f6,45,5a,a6,93,a2,f5,6a,04,b4,b1,\
75,1b,95,1e,c9,4d,8a,1c,35,51,77,8f,13,3e,22,a3,50,be,29,71,0f,83,bb,44,a0,\
b6,05,d0,68,d5,af,54,bf,33,dc,fc,4e,2f,fc,ed,a9,0a,36,58,b0,ca,dc,d3,4b,db,\
55,e2,a5,1e,86,d4,8a,a8,bc,ac,ab,26,01,ed,dc,c0,72,84,75,89,dd,c7,38,24,cc,\
99,86,d7,e9,02,5f,55,2e,3a,d6,88,66,ba,d4,df,4a,3d,14,a8,bf,94,8a,44,a9,4c,\
89,43,df,a5,39,ed,df,b5,46,24,ca,29,45,0b,16,9f,2f,85,05,24,36,58,cb,3b,d1,\
bd,8d,e3,42,d4,be,1e,f1,cf,ac,2e,67,15,30,28,2d,44,80,3b,c0,1c,61,71,6f,e9,\
df,c6,f7,c0,34,7a,56,f0,e3,a7,9a,26,48,59,20,73,dd,26,01,6a,04,d8,fb,1f,54,\
57,4d,af,d7,0c,c5,c7,25,2b,1d,dc,80,9c,b2,95,a2,8c,1f,07,0d,ef,4a,82,f6,bd,\
ec,7d,40,3b,6b,75,d1,e3,a4,20,ff,1e,a9,89,c2,a0,1f,90,52,1e,cd,2a,cf,7c,b7,\
9c,46,00,13,5d,91,81,65,3b,f9,08,fd,22,7c,f4,8a,75,74,b1,bd,3c,80,f1,7e,8b,\
fa,43,57,e8,9b,62,e2,f6,ab,7a,b4,ab,68,4a,05,8e,a0,88,8e,a5,d4,b3,57,8d,74,\
e9,c5,91,3a,c2,f1,7a,d1,5a,55,2b,d6,87,0d,11,5e,0a,10,99,82,0c,f8,6b,2f,ea,\
e1,5b,37,ea,e1,5b
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21d2e3c2-bcc2-4b24-8ae6-ca91ecde0c43}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014a
"Therad"=dword:00000008
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,\
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,66,28,73,a6,e4,dd,c0,9e,49,f5,68,62,d0,c2,\
21,1f,1e,b4,b8,3c,fb,30,90,91,cb,56,a8,d5,35,31,88,08,a6,a3,7b,59,81,a2,43,\
8a,3f,fb,d7,f0,44,63,e6,df,3b,a8,b3,71,f7,b7,5b,1d,cd,f9,72,ba,47,3b,d1,e9,\
2e,32,1f,e7,18,16,6a,17,5e,aa,1d,ab,92,d7,16,b4,43,e2,84,fb,dc,cb,78,5d,3e,\
99,15,90,64,19,b5,3b,d0,42,1c,3d,7f,6b,10,9f,ba,9f,61,d0,e3,bb,55,c6,3e,49,\
65,b1,70,fa,b1,92,3d,3a,b9,89,83,ff,4f,60,b6,4d,6d,5a,18,2e,18,3d,84,76,e7,\
e8,ba,51,7c,3b,36,5e,cb,04,af,32,3d,9a,1a,6f,95,e7,a5,3a,43,88,d3,ab,2a,3a,\
d9,c8,54,25,66,14,b5,b0,5d,71,5f,c4,43,58,df,d6,ea,44,9b,1e,f9,c4,e3,8e,97,\
ae,d3,9b,2a,b1,f4,d4,34,2c,4d,68,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
3f,ce,f9,a8,11,ff,3a,74,11,fb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):37,71,8e,3d,90,dc,4f,25,8b,bb,ad,b6,2e,cd,c3,74,73,c1,00,ab,60,\
28,81,45,16,ec,20,dd,42,7e,24,bb,26,14,34,23,d3,ed,e4,75,00,00,00,00,00,00,\
00,00,00,00
.
Heure de fin: 2009-01-06 23:40:56 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2009-01-06 22:40:54
Avant-CF: 210,503,163,904 octets libres
Après-CF: 210,393,763,840 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noguiboot
307 --- E O F --- 2008-12-18 08:38:42
Voici
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:51, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2087566203
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5992 bytes
non mon pc à l'air de mieux tourné qu'avant d'avoir les virus.
Merci beaucoup en tout cas, c'est cool de trouvé des personnes comme toi qui aide bénévolement les types dans notre genre 
Bonne chance et bon courage Meilleur vœux pour cette année.
Merci beaucoup =)
Passe une bonne année
Répondre à Angeldark
| kopaxx a écrit : bonjour!
|
