[RESOLU] Infection TrojanDNS
Dernière réponse : dans Sécurité
Bonjour
j'ai subit une infection d'un trojan dns.
Symptomes: redirection google, windows update qui ne fait plus les mises a jour
De plus jai fait un scan avec superantispyware qui n'arrive pas à le supprimer
Par conséquent je vous demande de l'aide voici mon rapport catchme :
Merci d'avance !!!
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\GEARAspiWDMsys
scanning hidden autostart entries ...
scanning hidden files ...
C:\Windows\System32\drivers\gaopdxosewixxv.sys 77824 bytes
C:\Windows\System32\gaopdxcounter 8 bytes
C:\Windows\System32\gaopdxwqdtrlqo.dll 57344 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 3
Rapport Hijack
Scan saved at 20:26:33, on 07/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CM112Sound] RunDll32 CM112.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 7350 bytes
j'ai subit une infection d'un trojan dns.
Symptomes: redirection google, windows update qui ne fait plus les mises a jour
De plus jai fait un scan avec superantispyware qui n'arrive pas à le supprimer
Par conséquent je vous demande de l'aide voici mon rapport catchme :
Merci d'avance !!!
Citation :
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\GEARAspiWDMsys
scanning hidden autostart entries ...
scanning hidden files ...
C:\Windows\System32\drivers\gaopdxosewixxv.sys 77824 bytes
C:\Windows\System32\gaopdxcounter 8 bytes
C:\Windows\System32\gaopdxwqdtrlqo.dll 57344 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 3
Rapport Hijack
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:26:33, on 07/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CM112Sound] RunDll32 CM112.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 7350 bytes
Autres pages sur : resolu infection trojandns
Lassé par la pub ? Créez un compte
Bonsoir
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide : Comment utiliser MBAM.
Comment faire démarrer son ordinateur en mode sans échec.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide :
Merci de votre reponse
Voici le rapport :
Version de la base de données: 1654
Windows 6.0.6001 Service Pack 1
08/02/2009 12:57:32
mbam-log-2009-02-08 (12-57-28).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 218496
Temps écoulé: 44 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\matrix30980.exe (Trojan.FakeAlert) -> No action taken.
Voici le rapport :
Citation :
Malwarebytes' Anti-Malware 1.33Version de la base de données: 1654
Windows 6.0.6001 Service Pack 1
08/02/2009 12:57:32
mbam-log-2009-02-08 (12-57-28).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 218496
Temps écoulé: 44 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\matrix30980.exe (Trojan.FakeAlert) -> No action taken.
bonjour
Tu as mal lu la procédure:
dans ton rapport:
Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".
Recommence stp
puis:
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ajoute un nouveau rapport Hijackthis.
Tu as mal lu la procédure:
dans ton rapport:
Citation :
D:\resycled\boot.com (Trojan.DNSChanger) -> No action taken. Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".
Recommence stp
puis:
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ajoute un nouveau rapport Hijackthis.
Alors, j'avais bien supprimer la selection sauf que je vous avais envoyé le rapport avant la suppression. J'ai refait un test et je n'ai plus aucun fichiers infectés (Est-ce utile de vous le poster?)
J'ai suivi la procédure Combofix voici le fichier log:
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1075 [GMT 1:00]
Lancé depuis: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\coolplay
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\coolplay\Uninstall.lnk
c:\windows\system32\drivers\gaopdxosewixxv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwqdtrlqo.dll
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\users\Admin\AppData\Roaming\Malwarebytes
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\progra~2\Malwarebytes
2009-02-08 11:01 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-08 11:01 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-07 20:13 . 2009-02-07 20:14 <REP> d-------- C:\fixwareout
2009-02-07 20:08 . 2009-02-07 20:08 <REP> d-------- c:\program files\Trend Micro
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-07 14:50 . 2009-02-07 16:24 <REP> d-------- c:\program files\Electronic Arts
2009-02-07 13:52 . 2009-02-07 13:52 <REP> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-07 13:52 . 2009-02-07 13:52 <REP> d-------- c:\progra~2\SUPERAntiSpyware.com
2009-02-07 13:51 . 2009-02-07 13:51 <REP> d-------- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2009-02-07 13:51 . 2009-02-07 13:51 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-07 10:17 . 2009-02-07 10:26 <REP> d-------- c:\program files\Dynamic
2009-02-01 19:57 . 2009-02-01 20:13 <REP> d-------- c:\users\Admin\AppData\Roaming\DiskAid
2009-02-01 19:57 . 2009-02-01 19:57 <REP> d-------- c:\program files\DigiDNA
2009-02-01 18:39 . 2009-02-01 18:39 <REP> d-------- C:\MobileInstallation.framework
2009-02-01 15:21 . 2009-02-01 15:21 <REP> d-------- c:\users\Admin\AppData\Roaming\dvdcss
2009-01-31 16:44 . 2009-01-31 16:44 <REP> d-------- c:\users\Admin\AppData\Roaming\vlc
2009-01-31 16:35 . 2009-01-31 16:35 <REP> d-------- c:\program files\Hobbyist Software
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\users\All Users\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\users\Admin\AppData\Roaming\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\program files\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\progra~2\NCH Swift Sound
2009-01-29 18:35 . 2009-01-29 18:37 <REP> d-------- c:\program files\Microsoft Etudes
2009-01-29 18:34 . 2009-01-29 18:34 <REP> d-------- c:\program files\Learning Essentials
2009-01-25 18:15 . 2009-01-25 18:15 <REP> d-------- c:\users\All Users\Lavasoft
2009-01-25 18:15 . 2009-01-25 18:15 <REP> d-------- c:\progra~2\Lavasoft
2009-01-25 16:55 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-25 16:55 . 2001-07-13 13:56 14,976 --a------ c:\windows\System32\drivers\SBKUPNT.SYS
2009-01-25 16:55 . 1997-02-08 17:11 13,312 --a------ c:\windows\System32\DEVLOAD.EXE
2009-01-25 16:55 . 2005-11-26 19:45 2,799 --a------ c:\windows\SKLANG.INI
2009-01-24 11:33 . 2009-02-07 15:07 <REP> d-------- c:\users\All Users\Electronic Arts
2009-01-24 11:33 . 2009-02-07 15:07 <REP> d-------- c:\progra~2\Electronic Arts
2009-01-24 11:10 . 2009-01-24 11:26 <REP> d-------- c:\program files\Saints Row 2
2009-01-23 21:22 . 2009-01-23 21:22 49 --a------ c:\windows\NeroDigital.ini
2009-01-23 21:21 . 2009-01-23 21:21 <REP> d-------- c:\program files\Red Kawa
2009-01-23 21:21 . 2009-01-23 21:21 <REP> d-------- c:\program files\AviSynth 2.5
2009-01-18 20:31 . 2009-02-01 20:16 <REP> d-------- c:\users\Admin\AppData\Roaming\FileZilla
2009-01-18 13:20 . 2009-01-18 13:20 <REP> d-------- c:\program files\Bonjour
2009-01-17 15:27 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-17 15:27 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-01-17 15:27 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-17 15:27 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-01-17 15:27 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-17 15:27 . 2008-07-30 06:20 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-01-17 15:27 . 2008-07-10 11:01 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-01-17 15:27 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-17 15:27 . 2008-07-30 06:20 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-01-17 15:27 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-17 15:27 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-17 15:27 . 2008-07-30 06:20 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-01-17 15:27 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-17 15:21 . 2009-01-17 15:24 <REP> d--h----- c:\windows\msdownld.tmp
2009-01-17 12:41 . 2009-01-17 12:41 3,851,784 --a------ c:\windows\d3dx9_39.dll
2009-01-17 11:04 . 2009-01-17 11:04 3,026 --a------ c:\windows\System32\drivers\hwinterface.sys
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-14 13:56 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 09:02 . 2009-01-09 09:09 <REP> d-------- c:\program files\Lexmark X1100 Series
2009-01-08 18:54 . 2009-01-08 18:55 <REP> d-------- c:\program files\PDFCreator
2009-01-08 18:54 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\System32\MSCOMCTL.OCX
2009-01-08 18:54 . 2004-03-09 01:00 662,288 --a------ c:\windows\System32\MSCOMCT2.OCX
2009-01-08 18:54 . 1998-07-13 02:08 141,312 --a------ c:\windows\System32\MSCMCFR.DLL
2009-01-08 18:54 . 1998-06-24 01:00 137,000 --a------ c:\windows\System32\MSMAPI32.OCX
2009-01-08 18:54 . 1998-07-13 02:08 119,568 --a------ c:\windows\System32\VB6FR.DLL
2009-01-08 18:54 . 2001-10-28 17:42 116,224 --a------ c:\windows\System32\pdfcmnnt.dll
2009-01-08 18:54 . 1998-07-13 02:08 59,904 --a------ c:\windows\System32\MSCC2FR.DLL
2009-01-08 18:54 . 1998-07-06 01:00 23,552 --a------ c:\windows\System32\MSMPIDE.DLL
2009-01-08 11:34 . 2003-01-23 18:55 509,473 --a------ c:\windows\System32\LXBKDRV.HLP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 09:57 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-07 15:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 14:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 13:47 --------- d-----w c:\users\Admin\AppData\Roaming\GetRight
2009-02-07 12:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 20:15 --------- d-----w c:\program files\Hamachi
2009-02-06 19:59 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-06 13:32 --------- d-----w c:\progra~2\Xfire
2009-01-21 16:24 --------- d-----w c:\program files\Xfire
2009-01-21 12:35 --------- d-----w c:\users\Admin\AppData\Roaming\Xfire
2009-01-18 12:20 --------- d-----w c:\users\Admin\AppData\Roaming\Apple Computer
2009-01-17 14:39 --------- d-----w c:\program files\EA Games
2009-01-17 14:37 --------- d-----w c:\program files\AGEIA Technologies
2009-01-14 17:15 --------- d-----w c:\program files\Windows Mail
2009-01-14 17:15 --------- d-----w c:\progra~2\Microsoft Help
2009-01-04 16:18 --------- d-----w c:\users\Admin\AppData\Roaming\Ahead
2009-01-02 16:24 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-02 16:23 --------- d-----w c:\program files\Common Files\Ahead
2009-01-02 16:20 --------- d-----w c:\program files\Nero
2009-01-02 16:20 --------- d-----w c:\progra~2\Nero
2009-01-02 11:55 --------- d-----w c:\progra~2\Synetic
2009-01-02 11:54 --------- d-----w c:\program files\Crash Time 2
2009-01-01 17:32 --------- d-----w c:\program files\iTunes
2009-01-01 17:32 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 17:31 --------- d-----w c:\program files\iPod
2009-01-01 17:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-01 17:31 --------- d-----w c:\progra~2\Apple Computer
2009-01-01 17:27 --------- d-----w c:\program files\QuickTime
2009-01-01 17:27 --------- d-----w c:\program files\Apple Software Update
2009-01-01 17:26 --------- d-----w c:\progra~2\Apple
2008-12-30 20:08 --------- d-----w c:\program files\PhotoshopCS3Portable
2008-12-30 20:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 14:50 --------- d-----w c:\program files\Women’s Murder Club- fr
2008-12-27 15:03 --------- d-----w c:\progra~2\InstallShield
2008-12-26 16:50 --------- d-----w c:\program files\MSXML 4.0
2008-12-25 20:26 --------- d-----w c:\users\Admin\AppData\Roaming\Samsung
2008-12-25 19:55 --------- d-----w c:\program files\Samsung
2008-12-25 18:30 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-22 20:45 --------- d-----w c:\users\Admin\AppData\Roaming\Hamachi
2008-12-22 17:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-22 12:26 --------- d-----w c:\program files\Thrustmaster
2008-12-22 12:25 --------- d-----w c:\users\Admin\AppData\Roaming\InstallShield
2008-12-22 10:33 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-22 08:45 --------- d-----w c:\program files\VideoLAN
2008-12-21 20:53 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-21 20:04 --------- d-----w c:\program files\MSBuild
2008-12-21 20:04 --------- d-----w c:\program files\Microsoft Works
2008-12-21 20:02 --------- d-----w c:\program files\Microsoft.NET
2008-12-21 19:59 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-21 15:45 --------- d-----w c:\progra~2\Messenger Plus!
2008-12-21 15:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-21 14:46 --------- d-----w c:\progra~2\NOS
2008-12-21 14:07 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-21 14:05 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 13:28 --------- d-----w c:\program files\GetRight
2008-12-21 13:25 --------- d-----w c:\program files\Rockstar Games
2008-12-21 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-21 12:41 --------- d-----w c:\program files\Windows Sidebar
2008-12-21 12:41 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-21 12:41 --------- d-----w c:\program files\Windows Journal
2008-12-21 12:41 --------- d-----w c:\program files\Windows Defender
2008-12-21 12:41 --------- d-----w c:\program files\Windows Collaboration
2008-12-21 12:41 --------- d-----w c:\program files\Windows Calendar
2008-12-21 12:28 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-21 12:27 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-21 12:01 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-12-21 12:01 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2008-12-21 10:42 269,312 ----a-w c:\windows\System32\es.dll
2008-12-20 17:55 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-12-20 17:55 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-12-20 17:55 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-12-20 17:55 272,896 ----a-w c:\windows\System32\polstore.dll
2008-12-20 17:53 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-20 17:53 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-12-20 17:53 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-12-20 17:49 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-12-20 17:49 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-12-20 17:46 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-12-20 17:43 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-12-20 17:42 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-20 17:42 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-20 17:42 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-20 17:42 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-20 17:42 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-12-20 17:42 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-12-20 17:42 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-20 17:42 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-20 17:42 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-20 17:42 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-12-20 17:41 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-12-20 17:40 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-12-20 17:40 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-12-20 17:38 2,048 ----a-w c:\windows\System32\tzres.dll
2008-12-20 17:34 2,927,104 ----a-w c:\windows\explorer.exe
2008-12-20 17:31 827,392 ----a-w c:\windows\System32\wininet.dll
2008-12-20 17:27 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-12-20 17:27 6,917,120 ----a-w c:\windows\System32\NlsLexicons0c1a.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0816.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0416.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0414.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-21 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-01-15 2993488]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-12-21 4628752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A98DC842-01F0-428B-8812-624F6F5CFA5A}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{800B23AF-156F-4B24-8297-C4046EA83CD8}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{9C744EDD-0433-48D8-B44F-D1D7603BB0C6}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{AF8D82F5-4910-4737-9CF5-6384A4F37CDF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{82BAFEA4-95FA-46E6-8761-FB31ACB1C071}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{9DDBE95E-ED84-4997-B400-5718CBB9FBF9}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{4BC896A1-E88B-4B2E-B403-2FB91533B01D}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{7D68E7FF-7B70-4E05-983E-558194FB0FB0}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{E2917919-069C-4064-AB13-F9ECFF97480A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A61065F1-EAAA-4C69-A286-76E0873D6638}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{389EE997-0FFC-4848-84A2-F97C051DDF79}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{01721E3B-D98D-41C8-AE91-E7D1D7101426}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe![:p]( ":p")
rinter Status Window
"{CB4277D8-A669-46B4-8D10-BF21478B1EC9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe![:p]( ":p")
rinter Status Window
"{74ED1484-1821-4C58-B77B-703D7F2234C5}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{94960876-BDD7-47C1-BBC3-934129042A51}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7292D1A7-5CE3-4FA6-B96D-1FD583667675}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A4F87BB6-595E-42D2-8B70-56FD36C22B77}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{22B3FC19-5D14-406B-B0B0-0E3E8A6C8B0B}"= UDP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{12169EAC-BF93-4017-B521-02713B88E8BF}"= TCP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"TCP Query User{564AA0EE-048F-48BA-BB10-A6CC4352F508}c:\\program files\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{611CD4B3-BBE4-4810-B98C-E090BE9F9622}c:\\program files\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{C7868BCB-08BD-4AC4-BE92-FE894C822DDD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{FA85A0DF-660C-4350-98E8-491532FA4F20}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5E831338-831A-4A87-908A-B70301EBF5D3}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{6BA4AC7A-593F-4AE8-B43B-D98D9396D527}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{7B54537E-294B-4DAE-8F55-B96369433524}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{23DAA9AD-A940-450D-94E2-CFF15276475A}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{A1E3F456-DF13-46DC-B6F0-FA6C1F78F711}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{3F892031-0AE9-4D1D-9C13-EB3CB629DEC1}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EBE77F1F-E99E-47F0-9174-D2BC000FFCE2}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{9399E929-42DE-49D0-AC28-5984464CA26A}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{C0A1F30A-8A5D-4FFD-A263-952F19E428A0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B9730304-CD54-469F-9882-12D2CB1EFCB2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 hwinterface;hwinterface;c:\windows\System32\drivers\hwinterface.sys [2009-01-17 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPNT.SYS [2009-01-25 14976]
S3 cm1123264;C-Media CM112 UDAX Sound Interface;c:\windows\System32\drivers\cm112.sys [2008-12-21 1308160]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\System32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [2008-12-22 17920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86417fa-ce90-11dd-afab-0007cb0000ff}]
\shell\AutoRun\command - I:\Autorun.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-CM112Sound - CM112.cpl
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zmowwl8.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.my.yahoo.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:43:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-08 16:44:42
ComboFix-quarantined-files.txt 2009-02-08 15:44:40
Avant-CF: 162,800,406,528 octets libres
Après-CF: 163,046,617,088 octets libres
314 --- E O F --- 2009-01-26 16:35:50
Et voici le rapport Hijack :
Scan saved at 20:26:33, on 07/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CM112Sound] RunDll32 CM112.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 7350 bytes
J'ai suivi la procédure Combofix voici le fichier log:
Citation :
ComboFix 09-02-06.04 - Admin 2009-02-08 16:39:48.1 - NTFSx86Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1075 [GMT 1:00]
Lancé depuis: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\coolplay
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\coolplay\Uninstall.lnk
c:\windows\system32\drivers\gaopdxosewixxv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwqdtrlqo.dll
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\users\Admin\AppData\Roaming\Malwarebytes
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 11:01 . 2009-02-08 11:01 <REP> d-------- c:\progra~2\Malwarebytes
2009-02-08 11:01 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-08 11:01 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-07 20:13 . 2009-02-07 20:14 <REP> d-------- C:\fixwareout
2009-02-07 20:08 . 2009-02-07 20:08 <REP> d-------- c:\program files\Trend Micro
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-07 15:06 . 2009-02-07 15:06 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-07 14:50 . 2009-02-07 16:24 <REP> d-------- c:\program files\Electronic Arts
2009-02-07 13:52 . 2009-02-07 13:52 <REP> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-07 13:52 . 2009-02-07 13:52 <REP> d-------- c:\progra~2\SUPERAntiSpyware.com
2009-02-07 13:51 . 2009-02-07 13:51 <REP> d-------- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2009-02-07 13:51 . 2009-02-07 13:51 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-07 10:17 . 2009-02-07 10:26 <REP> d-------- c:\program files\Dynamic
2009-02-01 19:57 . 2009-02-01 20:13 <REP> d-------- c:\users\Admin\AppData\Roaming\DiskAid
2009-02-01 19:57 . 2009-02-01 19:57 <REP> d-------- c:\program files\DigiDNA
2009-02-01 18:39 . 2009-02-01 18:39 <REP> d-------- C:\MobileInstallation.framework
2009-02-01 15:21 . 2009-02-01 15:21 <REP> d-------- c:\users\Admin\AppData\Roaming\dvdcss
2009-01-31 16:44 . 2009-01-31 16:44 <REP> d-------- c:\users\Admin\AppData\Roaming\vlc
2009-01-31 16:35 . 2009-01-31 16:35 <REP> d-------- c:\program files\Hobbyist Software
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\users\All Users\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\users\Admin\AppData\Roaming\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\program files\NCH Swift Sound
2009-01-29 18:58 . 2009-01-29 18:58 <REP> d-------- c:\progra~2\NCH Swift Sound
2009-01-29 18:35 . 2009-01-29 18:37 <REP> d-------- c:\program files\Microsoft Etudes
2009-01-29 18:34 . 2009-01-29 18:34 <REP> d-------- c:\program files\Learning Essentials
2009-01-25 18:15 . 2009-01-25 18:15 <REP> d-------- c:\users\All Users\Lavasoft
2009-01-25 18:15 . 2009-01-25 18:15 <REP> d-------- c:\progra~2\Lavasoft
2009-01-25 16:55 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-25 16:55 . 2001-07-13 13:56 14,976 --a------ c:\windows\System32\drivers\SBKUPNT.SYS
2009-01-25 16:55 . 1997-02-08 17:11 13,312 --a------ c:\windows\System32\DEVLOAD.EXE
2009-01-25 16:55 . 2005-11-26 19:45 2,799 --a------ c:\windows\SKLANG.INI
2009-01-24 11:33 . 2009-02-07 15:07 <REP> d-------- c:\users\All Users\Electronic Arts
2009-01-24 11:33 . 2009-02-07 15:07 <REP> d-------- c:\progra~2\Electronic Arts
2009-01-24 11:10 . 2009-01-24 11:26 <REP> d-------- c:\program files\Saints Row 2
2009-01-23 21:22 . 2009-01-23 21:22 49 --a------ c:\windows\NeroDigital.ini
2009-01-23 21:21 . 2009-01-23 21:21 <REP> d-------- c:\program files\Red Kawa
2009-01-23 21:21 . 2009-01-23 21:21 <REP> d-------- c:\program files\AviSynth 2.5
2009-01-18 20:31 . 2009-02-01 20:16 <REP> d-------- c:\users\Admin\AppData\Roaming\FileZilla
2009-01-18 13:20 . 2009-01-18 13:20 <REP> d-------- c:\program files\Bonjour
2009-01-17 15:27 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-17 15:27 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-01-17 15:27 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-17 15:27 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-01-17 15:27 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-17 15:27 . 2008-07-30 06:20 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-01-17 15:27 . 2008-07-10 11:01 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-01-17 15:27 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-17 15:27 . 2008-07-30 06:20 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-01-17 15:27 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-17 15:27 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-17 15:27 . 2008-07-30 06:20 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-01-17 15:27 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-17 15:21 . 2009-01-17 15:24 <REP> d--h----- c:\windows\msdownld.tmp
2009-01-17 12:41 . 2009-01-17 12:41 3,851,784 --a------ c:\windows\d3dx9_39.dll
2009-01-17 11:04 . 2009-01-17 11:04 3,026 --a------ c:\windows\System32\drivers\hwinterface.sys
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-01-14 13:56 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 09:02 . 2009-01-09 09:09 <REP> d-------- c:\program files\Lexmark X1100 Series
2009-01-08 18:54 . 2009-01-08 18:55 <REP> d-------- c:\program files\PDFCreator
2009-01-08 18:54 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\System32\MSCOMCTL.OCX
2009-01-08 18:54 . 2004-03-09 01:00 662,288 --a------ c:\windows\System32\MSCOMCT2.OCX
2009-01-08 18:54 . 1998-07-13 02:08 141,312 --a------ c:\windows\System32\MSCMCFR.DLL
2009-01-08 18:54 . 1998-06-24 01:00 137,000 --a------ c:\windows\System32\MSMAPI32.OCX
2009-01-08 18:54 . 1998-07-13 02:08 119,568 --a------ c:\windows\System32\VB6FR.DLL
2009-01-08 18:54 . 2001-10-28 17:42 116,224 --a------ c:\windows\System32\pdfcmnnt.dll
2009-01-08 18:54 . 1998-07-13 02:08 59,904 --a------ c:\windows\System32\MSCC2FR.DLL
2009-01-08 18:54 . 1998-07-06 01:00 23,552 --a------ c:\windows\System32\MSMPIDE.DLL
2009-01-08 11:34 . 2003-01-23 18:55 509,473 --a------ c:\windows\System32\LXBKDRV.HLP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 09:57 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-07 15:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 14:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 13:47 --------- d-----w c:\users\Admin\AppData\Roaming\GetRight
2009-02-07 12:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 20:15 --------- d-----w c:\program files\Hamachi
2009-02-06 19:59 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-06 13:32 --------- d-----w c:\progra~2\Xfire
2009-01-21 16:24 --------- d-----w c:\program files\Xfire
2009-01-21 12:35 --------- d-----w c:\users\Admin\AppData\Roaming\Xfire
2009-01-18 12:20 --------- d-----w c:\users\Admin\AppData\Roaming\Apple Computer
2009-01-17 14:39 --------- d-----w c:\program files\EA Games
2009-01-17 14:37 --------- d-----w c:\program files\AGEIA Technologies
2009-01-14 17:15 --------- d-----w c:\program files\Windows Mail
2009-01-14 17:15 --------- d-----w c:\progra~2\Microsoft Help
2009-01-04 16:18 --------- d-----w c:\users\Admin\AppData\Roaming\Ahead
2009-01-02 16:24 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-02 16:23 --------- d-----w c:\program files\Common Files\Ahead
2009-01-02 16:20 --------- d-----w c:\program files\Nero
2009-01-02 16:20 --------- d-----w c:\progra~2\Nero
2009-01-02 11:55 --------- d-----w c:\progra~2\Synetic
2009-01-02 11:54 --------- d-----w c:\program files\Crash Time 2
2009-01-01 17:32 --------- d-----w c:\program files\iTunes
2009-01-01 17:32 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 17:31 --------- d-----w c:\program files\iPod
2009-01-01 17:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-01 17:31 --------- d-----w c:\progra~2\Apple Computer
2009-01-01 17:27 --------- d-----w c:\program files\QuickTime
2009-01-01 17:27 --------- d-----w c:\program files\Apple Software Update
2009-01-01 17:26 --------- d-----w c:\progra~2\Apple
2008-12-30 20:08 --------- d-----w c:\program files\PhotoshopCS3Portable
2008-12-30 20:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 14:50 --------- d-----w c:\program files\Women’s Murder Club- fr
2008-12-27 15:03 --------- d-----w c:\progra~2\InstallShield
2008-12-26 16:50 --------- d-----w c:\program files\MSXML 4.0
2008-12-25 20:26 --------- d-----w c:\users\Admin\AppData\Roaming\Samsung
2008-12-25 19:55 --------- d-----w c:\program files\Samsung
2008-12-25 18:30 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-22 20:45 --------- d-----w c:\users\Admin\AppData\Roaming\Hamachi
2008-12-22 17:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-22 12:26 --------- d-----w c:\program files\Thrustmaster
2008-12-22 12:25 --------- d-----w c:\users\Admin\AppData\Roaming\InstallShield
2008-12-22 10:33 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-22 08:45 --------- d-----w c:\program files\VideoLAN
2008-12-21 20:53 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-21 20:04 --------- d-----w c:\program files\MSBuild
2008-12-21 20:04 --------- d-----w c:\program files\Microsoft Works
2008-12-21 20:02 --------- d-----w c:\program files\Microsoft.NET
2008-12-21 19:59 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-21 15:45 --------- d-----w c:\progra~2\Messenger Plus!
2008-12-21 15:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-21 14:46 --------- d-----w c:\progra~2\NOS
2008-12-21 14:07 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-21 14:05 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 13:28 --------- d-----w c:\program files\GetRight
2008-12-21 13:25 --------- d-----w c:\program files\Rockstar Games
2008-12-21 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-21 12:41 --------- d-----w c:\program files\Windows Sidebar
2008-12-21 12:41 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-21 12:41 --------- d-----w c:\program files\Windows Journal
2008-12-21 12:41 --------- d-----w c:\program files\Windows Defender
2008-12-21 12:41 --------- d-----w c:\program files\Windows Collaboration
2008-12-21 12:41 --------- d-----w c:\program files\Windows Calendar
2008-12-21 12:28 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-21 12:27 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-21 12:01 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-12-21 12:01 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2008-12-21 10:42 269,312 ----a-w c:\windows\System32\es.dll
2008-12-20 17:55 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-12-20 17:55 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-12-20 17:55 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-12-20 17:55 272,896 ----a-w c:\windows\System32\polstore.dll
2008-12-20 17:53 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-20 17:53 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-12-20 17:53 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-12-20 17:49 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-12-20 17:49 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-12-20 17:46 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-12-20 17:43 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-12-20 17:42 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-20 17:42 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-20 17:42 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-20 17:42 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-20 17:42 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-12-20 17:42 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-12-20 17:42 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-20 17:42 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-20 17:42 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-20 17:42 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-12-20 17:41 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-12-20 17:40 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-12-20 17:40 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-12-20 17:38 2,048 ----a-w c:\windows\System32\tzres.dll
2008-12-20 17:34 2,927,104 ----a-w c:\windows\explorer.exe
2008-12-20 17:31 827,392 ----a-w c:\windows\System32\wininet.dll
2008-12-20 17:27 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-12-20 17:27 6,917,120 ----a-w c:\windows\System32\NlsLexicons0c1a.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0816.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0416.dll
2008-12-20 17:27 4,495,360 ----a-w c:\windows\System32\NlsData0414.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-21 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-01-15 2993488]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-12-21 4628752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A98DC842-01F0-428B-8812-624F6F5CFA5A}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{800B23AF-156F-4B24-8297-C4046EA83CD8}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{9C744EDD-0433-48D8-B44F-D1D7603BB0C6}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{AF8D82F5-4910-4737-9CF5-6384A4F37CDF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{82BAFEA4-95FA-46E6-8761-FB31ACB1C071}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{9DDBE95E-ED84-4997-B400-5718CBB9FBF9}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{4BC896A1-E88B-4B2E-B403-2FB91533B01D}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{7D68E7FF-7B70-4E05-983E-558194FB0FB0}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{E2917919-069C-4064-AB13-F9ECFF97480A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A61065F1-EAAA-4C69-A286-76E0873D6638}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{389EE997-0FFC-4848-84A2-F97C051DDF79}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{01721E3B-D98D-41C8-AE91-E7D1D7101426}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
rinter Status Window"{CB4277D8-A669-46B4-8D10-BF21478B1EC9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
rinter Status Window"{74ED1484-1821-4C58-B77B-703D7F2234C5}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{94960876-BDD7-47C1-BBC3-934129042A51}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7292D1A7-5CE3-4FA6-B96D-1FD583667675}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A4F87BB6-595E-42D2-8B70-56FD36C22B77}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{22B3FC19-5D14-406B-B0B0-0E3E8A6C8B0B}"= UDP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{12169EAC-BF93-4017-B521-02713B88E8BF}"= TCP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"TCP Query User{564AA0EE-048F-48BA-BB10-A6CC4352F508}c:\\program files\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{611CD4B3-BBE4-4810-B98C-E090BE9F9622}c:\\program files\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{C7868BCB-08BD-4AC4-BE92-FE894C822DDD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{FA85A0DF-660C-4350-98E8-491532FA4F20}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5E831338-831A-4A87-908A-B70301EBF5D3}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{6BA4AC7A-593F-4AE8-B43B-D98D9396D527}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{7B54537E-294B-4DAE-8F55-B96369433524}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{23DAA9AD-A940-450D-94E2-CFF15276475A}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{A1E3F456-DF13-46DC-B6F0-FA6C1F78F711}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{3F892031-0AE9-4D1D-9C13-EB3CB629DEC1}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EBE77F1F-E99E-47F0-9174-D2BC000FFCE2}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{9399E929-42DE-49D0-AC28-5984464CA26A}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{C0A1F30A-8A5D-4FFD-A263-952F19E428A0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B9730304-CD54-469F-9882-12D2CB1EFCB2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 hwinterface;hwinterface;c:\windows\System32\drivers\hwinterface.sys [2009-01-17 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPNT.SYS [2009-01-25 14976]
S3 cm1123264;C-Media CM112 UDAX Sound Interface;c:\windows\System32\drivers\cm112.sys [2008-12-21 1308160]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\System32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [2008-12-22 17920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86417fa-ce90-11dd-afab-0007cb0000ff}]
\shell\AutoRun\command - I:\Autorun.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-CM112Sound - CM112.cpl
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zmowwl8.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.my.yahoo.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:43:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-08 16:44:42
ComboFix-quarantined-files.txt 2009-02-08 15:44:40
Avant-CF: 162,800,406,528 octets libres
Après-CF: 163,046,617,088 octets libres
314 --- E O F --- 2009-01-26 16:35:50
Et voici le rapport Hijack :
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:26:33, on 07/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CM112Sound] RunDll32 CM112.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 7350 bytes
re
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.
Autorise les Active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
Poste un nouveau rapport Hijackthis.
Aide : Comment faire un scan en ligne avec Kaspersky .
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.
Aide : Comment faire un scan en ligne avec Kaspersky .
Bonjour,
Rapport Kapersky:
Monday, February 9, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 09, 2009 18:07:17
Records in database: 1774918
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 174607
Threat name 2
Infected objects 9
Suspicious objects 0
Duration of the scan 01:56:46
File name Threat name Threats count
C:\Users\Admin\Documents\Drivers\Controler.zip Infected: Backdoor.JS.Agent.a 8
C:\Users\Admin\Documents\Programmes Indépendant\CryptLoad_1.1.4\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
The selected area was scanned.
Scan saved at 22:28:42, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Admin\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 6102 bytes
Rapport Kapersky:
Citation :
KASPERSKY ONLINE SCANNER 7 REPORTMonday, February 9, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 09, 2009 18:07:17
Records in database: 1774918
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 174607
Threat name 2
Infected objects 9
Suspicious objects 0
Duration of the scan 01:56:46
File name Threat name Threats count
C:\Users\Admin\Documents\Drivers\Controler.zip Infected: Backdoor.JS.Agent.a 8
C:\Users\Admin\Documents\Programmes Indépendant\CryptLoad_1.1.4\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
The selected area was scanned.
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:28:42, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Admin\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 6102 bytes
re
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
![:hello:]( ":hello:")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInfecte par trojan.popuper. resolu
- ForumInfecte par infection trojan-spy.win32
- ForumSystem volume information infecte et resolu
- ForumInfection popup et .exe infectes.
- ForumVirus resolu ,
- ForumCsrss.exe resolu
- ForumPc infecte win32 registrybooster application resolu
- articlesPsn resolu
- ForumVirus - resolu
- Voir plus
