Plus de connexion internet suite à virus
Résolu
soleildescaraibes
Messages postés
66
Date d'inscription
Statut
Membre
Dernière intervention
-
soleildescaraibes Messages postés 66 Date d'inscription Statut Membre Dernière intervention -
soleildescaraibes Messages postés 66 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai besoin d'aide. Je ne dispose plus d' aucune connexion internet depuis que j'ai attrapé des virus (trojans, malware : Cheval de troie DIAL 43341, Crypt XPACK.GEn, crypt.CFI.GEN ; Proxy.gen, Dldr.aw.awk , Atraps.gen; Agent 49664.J ), dropper : DR/martshop.2, DR/Shopper .Q, Hotbar.BI) et Ver WORM/Ircbot.562688, VB.NPM.2 ; HEUR/HTML.Malware.
Après avoir nettoyé avec Antivir, Spybot,ccleaner, malware bytes, j'ai nettoyé l'ordi,tout semble avoit disparu, mais je n'ai toujours pas de connexion internet.
J'ai fait un rapport Hijackthis, rapport logfile of random's system information tool.
Je lis dans ce rapport :
Unknown file in windsock LSpPC:\windows\ system32\nwprovau.dll
Broken Internet access because of LSP Provider......... ntdll64.dll missing.
CF RAPPORT HIJACKTHIS : Prochain message
CF RAPPORT MALWAREBYTES : Prochain message
J'ai regardé dans les configurations des réseaux internet, ai regardé les codes TCP IP, car lorsque je démarre internet avec la club box, je reçois un message d'erreur de synchronisation problème de TCP IP. (paquets envoyés et reçus non concordants, alors que dans Ping le nombre de paquets est concordant). Le code Ip est semble -t-il bloqué manuellement, car lorsque je demande un numéro automatique, la configuration manuelle reste inscrite. !
Je suis retournée en mode sans échec pour vérifier et relancer les nettoyages
Je ne sais plus du tout quoi faire, car je suis novice et je bloque. Cela fait plus de 3 jours que je suis dessus sans avancer.
Merci par avance pour votre aide.
J'ai besoin d'aide. Je ne dispose plus d' aucune connexion internet depuis que j'ai attrapé des virus (trojans, malware : Cheval de troie DIAL 43341, Crypt XPACK.GEn, crypt.CFI.GEN ; Proxy.gen, Dldr.aw.awk , Atraps.gen; Agent 49664.J ), dropper : DR/martshop.2, DR/Shopper .Q, Hotbar.BI) et Ver WORM/Ircbot.562688, VB.NPM.2 ; HEUR/HTML.Malware.
Après avoir nettoyé avec Antivir, Spybot,ccleaner, malware bytes, j'ai nettoyé l'ordi,tout semble avoit disparu, mais je n'ai toujours pas de connexion internet.
J'ai fait un rapport Hijackthis, rapport logfile of random's system information tool.
Je lis dans ce rapport :
Unknown file in windsock LSpPC:\windows\ system32\nwprovau.dll
Broken Internet access because of LSP Provider......... ntdll64.dll missing.
CF RAPPORT HIJACKTHIS : Prochain message
CF RAPPORT MALWAREBYTES : Prochain message
J'ai regardé dans les configurations des réseaux internet, ai regardé les codes TCP IP, car lorsque je démarre internet avec la club box, je reçois un message d'erreur de synchronisation problème de TCP IP. (paquets envoyés et reçus non concordants, alors que dans Ping le nombre de paquets est concordant). Le code Ip est semble -t-il bloqué manuellement, car lorsque je demande un numéro automatique, la configuration manuelle reste inscrite. !
Je suis retournée en mode sans échec pour vérifier et relancer les nettoyages
Je ne sais plus du tout quoi faire, car je suis novice et je bloque. Cela fait plus de 3 jours que je suis dessus sans avancer.
Merci par avance pour votre aide.
A voir également:
- Plus de connexion internet suite à virus
- Gmail connexion - Guide
- D'où peut venir un problème de connexion internet sur un ordinateur ? - Guide
- Arcep ma connexion internet - Accueil - Box & Connexion Internet
- Comment savoir si quelqu'un utilise ma connexion internet - Guide
- Virus mcafee - Accueil - Piratage
98 réponses
fais lemaintenant car je suis vraiment pas certain qu'apres tu puisses retourner sur ce site pour le faire....
Compte rendu en cours de préparation. Juste ensuite le temps de débrancher le cable USB internet pour mettre la copie du rapport et de rebrancher internet.
Désolée pour cette attente.
Désolée pour cette attente.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
le compte rendu est toujours en cours de préparation........
Pour le moment, ce que je vois en ligne : Uniquement
FINDSTR : Impossible d'ouvrir temp01
Il continue de préparer le rapport.
Pour le moment, ce que je vois en ligne : Uniquement
FINDSTR : Impossible d'ouvrir temp01
Il continue de préparer le rapport.
rapport COMBOFIX :
ComboFix 09-01-02.01 - BS 2009-01-03 22:51:51.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.652 [GMT 1:00]
Lancé depuis: c:\documents and settings\BS\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\rhkghsmw.ini
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winnb58.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-03 au 2009-01-03 ))))))))))))))))))))))))))))))))))))
.
2009-01-03 19:28 . 2009-01-03 19:46 <REP> d-------- C:\SDFix
2009-01-03 18:52 . 2009-01-03 21:05 <REP> d-------- c:\program files\Ad-remover
2009-01-03 17:49 . 2009-01-03 17:49 <REP> d-------- c:\program files\Fichiers communs\Motive
2009-01-03 01:00 . 2009-01-03 01:00 <REP> d-------- c:\program files\Avira
2009-01-03 01:00 . 2009-01-03 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-02 20:57 . 2009-01-02 20:58 <REP> d-------- C:\rsit
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\documents and settings\BS\Application Data\Malwarebytes
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 20:57 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 20:57 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 18:45 . 2009-01-02 18:45 <REP> d-------- c:\program files\Disney Interactive
2009-01-02 16:03 . 2009-01-02 16:03 <REP> d-------- c:\program files\NetDuster
2009-01-02 16:03 . 2009-01-02 16:03 <REP> d-------- c:\documents and settings\All Users\Application Data\NetDuster
2009-01-02 15:56 . 2009-01-02 15:56 <REP> d-------- c:\program files\QUAD Utilities
2009-01-02 15:56 . 2009-01-02 15:56 <REP> d-------- c:\documents and settings\JC\Application Data\QUAD Backups
2009-01-02 15:51 . 2009-01-02 15:52 <REP> d-------- c:\documents and settings\JC\Application Data\U3
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Voisinage réseau
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Voisinage d'impression
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Modèles
2009-01-02 12:28 . 2009-01-02 12:29 <REP> dr------- c:\documents and settings\JC\Mes documents
2009-01-02 12:28 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\JC\Menu Démarrer
2009-01-02 12:28 . 2009-01-02 12:29 <REP> dr------- c:\documents and settings\JC\Favoris
2009-01-02 12:28 . 2009-01-02 16:03 <REP> dr------- c:\documents and settings\JC\Bureau
2009-01-02 12:28 . 2005-09-13 15:51 <REP> d-------- c:\documents and settings\JC\Application Data\You've Got Pictures Screensaver
2009-01-02 12:28 . 2005-09-13 15:54 <REP> d-------- c:\documents and settings\JC\Application Data\Symantec
2009-01-02 12:28 . 2009-01-02 12:28 <REP> d-------- c:\documents and settings\JC
2009-01-02 01:02 . 2009-01-03 17:48 <REP> d-------- c:\program files\Club-Internet
2008-12-30 19:14 . 2009-01-03 17:47 <REP> d-------- c:\program files\Motive
2008-12-30 19:13 . 2008-12-30 19:13 <REP> d-------- c:\program files\BroadJump
2008-12-30 19:13 . 2002-08-02 14:56 663,552 --a------ c:\windows\system32\libeay32_1-1-0_DDR.dll
2008-12-30 19:13 . 2001-09-23 16:30 532,594 --a------ c:\windows\system32\xerces-c_1_40_0_DDR.dll
2008-12-30 19:13 . 2001-09-23 15:41 524,377 --a------ c:\windows\system32\stlport_4_0_0_DDR.dll
2008-12-30 19:13 . 2002-10-18 11:36 307,329 --a------ c:\windows\system32\BJBase_2-2-2_DDR.dll
2008-12-30 19:13 . 2002-08-02 14:56 159,744 --a------ c:\windows\system32\ssleay32_1-1-0_DDR.dll
2008-12-30 00:12 . 2008-12-30 00:12 3,120 --a------ c:\windows\118294.78
2008-12-30 00:11 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-12-30 00:11 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-12-30 00:11 . 2008-12-30 00:11 3,120 --a------ c:\windows\system32\118290.54
2008-12-30 00:11 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-12-29 23:36 . 2008-12-29 23:36 <REP> d---s---- c:\documents and settings\BS\UserData
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-29 22:13 . 2009-01-02 00:48 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-29 22:13 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-29 22:13 . 2005-09-13 15:52 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-29 22:13 . 2005-09-13 16:02 <REP> dr------- c:\documents and settings\Administrateur\Bureau
2008-12-29 22:13 . 2005-09-13 15:51 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-12-29 22:13 . 2005-09-13 15:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2008-12-29 22:13 . 2009-01-02 00:46 <REP> d-------- c:\documents and settings\Administrateur
2008-12-29 18:37 . 2008-12-29 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-23 23:24 . 2008-12-23 23:24 <REP> d-------- c:\documents and settings\BS\Application Data\Babylon
2008-12-23 23:24 . 2008-12-23 23:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
2008-12-19 12:45 . 2004-02-17 00:00 434,252 --a------ c:\windows\system32\Msvcrtd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 16:47 --------- d-----w c:\program files\eMule
2009-01-03 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 20:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 20:47 --------- d-----w c:\program files\QuickTime
2008-12-30 20:47 --------- d-----w c:\program files\Gcompris
2008-12-30 20:47 --------- d-----w c:\program files\Dictionnaire
2008-12-30 20:47 --------- d-----w c:\program files\Common Files
2008-12-30 20:47 --------- d-----w c:\program files\Anuman Interactive
2008-12-30 10:29 --------- d-----w c:\program files\Secured IE
2008-12-28 17:47 --------- d-----w c:\documents and settings\BS\Application Data\U3
2008-12-20 17:00 --------- d-----w c:\program files\Ziepod
2008-12-15 19:47 --------- d-----w c:\documents and settings\BS\Application Data\Canon
2008-12-12 17:35 3,081,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-10 06:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-22 09:53 15,397 ----a-w c:\program files\settings.dat
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2007-04-13 11:55 87,608 -c--a-w c:\documents and settings\BS\Application Data\ezpinst.exe
2007-04-13 11:55 47,360 -c--a-w c:\documents and settings\BS\Application Data\pcouffin.sys
2007-01-06 23:50 89,912 -c--a-w c:\documents and settings\BS\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 12:37 1,373,512 -c--a-w c:\documents and settings\BF\lj631fr.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 13:54 1555480 --a------ c:\program files\myBabylon\tbmyB0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-10-24 08:09 1453080 --a------ c:\program files\securedie\tbsec1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsec1.dll" [2007-10-24 1453080]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsec1.dll" [2007-10-24 1453080]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-07-19 33808]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-09-13 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [1979-12-31 28160]
R4 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [1979-12-31 13912]
R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-16 14336]
S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [2008-05-27 274816]
S3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [2008-11-09 22656]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2004-08-16 12672]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-01-03 c:\windows\Tasks\xbvxhlyj.job
- c:\windows\system32\rundll32.exe [2004-08-05 13:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1D3BED5C-716A-4AB1-90BC-3022B847E0E0} - (no file)
BHO-{C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
Notify-efcYsQiH - efcYsQiH.dll
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:58:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3499459065-2555909884-1288176558-1008\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Version"=dword:01010249
[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Pilotes ATI]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{C523F390-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]
@DACL=(02 0000)
@SACL=
@="RealPlayer"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="QUICKLAUNCH"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="DESKTOP"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}\1.0]
@DACL=(02 0000)
@SACL=
@="Cerberus 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL CETCtrl 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}\1.0]
@DACL=(02 0000)
@SACL=
@="Xanthe 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}\1.0]
@DACL=(02 0000)
@SACL=
@="Downloader 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}\1.0]
@DACL=(02 0000)
@SACL=
@="CDDBControl(AOL) 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}\1.0]
@DACL=(02 0000)
@SACL=
@="AxTrack 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}\1.0]
@DACL=(02 0000)
@SACL=
@="CoachDM 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}\1.0]
@DACL=(02 0000)
@SACL=
@="SB 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}\1.0]
@DACL=(02 0000)
@SACL=
@="Phobos 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL UPFCtrl 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL Member Expression Wizard Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}\1.0]
@DACL=(02 0000)
@SACL=
@="YGPPicInfo 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}\1.0]
@DACL=(02 0000)
@SACL=
@="Ares 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}\1.0]
@DACL=(02 0000)
@SACL=
@="Animation Engine 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}\1.0]
@DACL=(02 0000)
@SACL=
@="ABUI 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}\1.0]
@DACL=(02 0000)
@SACL=
@="Pathfinder 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}\1.0]
@DACL=(02 0000)
@SACL=
@="WinAmpXChat 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}\1.0]
@DACL=(02 0000)
@SACL=
@="SAMgr 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
@SACL=
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\slserv.exe
c:\windows\system32\ati2evxx.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-03 23:05:16 - La machine a redémarré [BS]
ComboFix-quarantined-files.txt 2009-01-03 22:05:13
Avant-CF: 23,322,169,344 octets libres
Après-CF: 23,279,079,424 octets libres
406 --- E O F --- 2008-12-19 02:02:04
ComboFix 09-01-02.01 - BS 2009-01-03 22:51:51.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.652 [GMT 1:00]
Lancé depuis: c:\documents and settings\BS\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\rhkghsmw.ini
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winnb58.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-03 au 2009-01-03 ))))))))))))))))))))))))))))))))))))
.
2009-01-03 19:28 . 2009-01-03 19:46 <REP> d-------- C:\SDFix
2009-01-03 18:52 . 2009-01-03 21:05 <REP> d-------- c:\program files\Ad-remover
2009-01-03 17:49 . 2009-01-03 17:49 <REP> d-------- c:\program files\Fichiers communs\Motive
2009-01-03 01:00 . 2009-01-03 01:00 <REP> d-------- c:\program files\Avira
2009-01-03 01:00 . 2009-01-03 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-02 20:57 . 2009-01-02 20:58 <REP> d-------- C:\rsit
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\documents and settings\BS\Application Data\Malwarebytes
2009-01-02 20:57 . 2009-01-02 20:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 20:57 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 20:57 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 18:45 . 2009-01-02 18:45 <REP> d-------- c:\program files\Disney Interactive
2009-01-02 16:03 . 2009-01-02 16:03 <REP> d-------- c:\program files\NetDuster
2009-01-02 16:03 . 2009-01-02 16:03 <REP> d-------- c:\documents and settings\All Users\Application Data\NetDuster
2009-01-02 15:56 . 2009-01-02 15:56 <REP> d-------- c:\program files\QUAD Utilities
2009-01-02 15:56 . 2009-01-02 15:56 <REP> d-------- c:\documents and settings\JC\Application Data\QUAD Backups
2009-01-02 15:51 . 2009-01-02 15:52 <REP> d-------- c:\documents and settings\JC\Application Data\U3
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Voisinage réseau
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Voisinage d'impression
2009-01-02 12:28 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\JC\Modèles
2009-01-02 12:28 . 2009-01-02 12:29 <REP> dr------- c:\documents and settings\JC\Mes documents
2009-01-02 12:28 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\JC\Menu Démarrer
2009-01-02 12:28 . 2009-01-02 12:29 <REP> dr------- c:\documents and settings\JC\Favoris
2009-01-02 12:28 . 2009-01-02 16:03 <REP> dr------- c:\documents and settings\JC\Bureau
2009-01-02 12:28 . 2005-09-13 15:51 <REP> d-------- c:\documents and settings\JC\Application Data\You've Got Pictures Screensaver
2009-01-02 12:28 . 2005-09-13 15:54 <REP> d-------- c:\documents and settings\JC\Application Data\Symantec
2009-01-02 12:28 . 2009-01-02 12:28 <REP> d-------- c:\documents and settings\JC
2009-01-02 01:02 . 2009-01-03 17:48 <REP> d-------- c:\program files\Club-Internet
2008-12-30 19:14 . 2009-01-03 17:47 <REP> d-------- c:\program files\Motive
2008-12-30 19:13 . 2008-12-30 19:13 <REP> d-------- c:\program files\BroadJump
2008-12-30 19:13 . 2002-08-02 14:56 663,552 --a------ c:\windows\system32\libeay32_1-1-0_DDR.dll
2008-12-30 19:13 . 2001-09-23 16:30 532,594 --a------ c:\windows\system32\xerces-c_1_40_0_DDR.dll
2008-12-30 19:13 . 2001-09-23 15:41 524,377 --a------ c:\windows\system32\stlport_4_0_0_DDR.dll
2008-12-30 19:13 . 2002-10-18 11:36 307,329 --a------ c:\windows\system32\BJBase_2-2-2_DDR.dll
2008-12-30 19:13 . 2002-08-02 14:56 159,744 --a------ c:\windows\system32\ssleay32_1-1-0_DDR.dll
2008-12-30 00:12 . 2008-12-30 00:12 3,120 --a------ c:\windows\118294.78
2008-12-30 00:11 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-12-30 00:11 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-12-30 00:11 . 2008-12-30 00:11 3,120 --a------ c:\windows\system32\118290.54
2008-12-30 00:11 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-12-29 23:36 . 2008-12-29 23:36 <REP> d---s---- c:\documents and settings\BS\UserData
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-29 22:13 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-29 22:13 . 2009-01-02 00:48 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-29 22:13 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-29 22:13 . 2005-09-13 15:52 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-29 22:13 . 2005-09-13 16:02 <REP> dr------- c:\documents and settings\Administrateur\Bureau
2008-12-29 22:13 . 2005-09-13 15:51 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-12-29 22:13 . 2005-09-13 15:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2008-12-29 22:13 . 2009-01-02 00:46 <REP> d-------- c:\documents and settings\Administrateur
2008-12-29 18:37 . 2008-12-29 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-23 23:24 . 2008-12-23 23:24 <REP> d-------- c:\documents and settings\BS\Application Data\Babylon
2008-12-23 23:24 . 2008-12-23 23:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
2008-12-19 12:45 . 2004-02-17 00:00 434,252 --a------ c:\windows\system32\Msvcrtd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 16:47 --------- d-----w c:\program files\eMule
2009-01-03 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 20:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 20:47 --------- d-----w c:\program files\QuickTime
2008-12-30 20:47 --------- d-----w c:\program files\Gcompris
2008-12-30 20:47 --------- d-----w c:\program files\Dictionnaire
2008-12-30 20:47 --------- d-----w c:\program files\Common Files
2008-12-30 20:47 --------- d-----w c:\program files\Anuman Interactive
2008-12-30 10:29 --------- d-----w c:\program files\Secured IE
2008-12-28 17:47 --------- d-----w c:\documents and settings\BS\Application Data\U3
2008-12-20 17:00 --------- d-----w c:\program files\Ziepod
2008-12-15 19:47 --------- d-----w c:\documents and settings\BS\Application Data\Canon
2008-12-12 17:35 3,081,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-10 06:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-22 09:53 15,397 ----a-w c:\program files\settings.dat
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2007-04-13 11:55 87,608 -c--a-w c:\documents and settings\BS\Application Data\ezpinst.exe
2007-04-13 11:55 47,360 -c--a-w c:\documents and settings\BS\Application Data\pcouffin.sys
2007-01-06 23:50 89,912 -c--a-w c:\documents and settings\BS\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 12:37 1,373,512 -c--a-w c:\documents and settings\BF\lj631fr.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 13:54 1555480 --a------ c:\program files\myBabylon\tbmyB0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-10-24 08:09 1453080 --a------ c:\program files\securedie\tbsec1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsec1.dll" [2007-10-24 1453080]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsec1.dll" [2007-10-24 1453080]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyB0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-07-19 33808]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-09-13 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [1979-12-31 28160]
R4 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [1979-12-31 13912]
R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-16 14336]
S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [2008-05-27 274816]
S3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [2008-11-09 22656]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2004-08-16 12672]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-01-03 c:\windows\Tasks\xbvxhlyj.job
- c:\windows\system32\rundll32.exe [2004-08-05 13:00]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1D3BED5C-716A-4AB1-90BC-3022B847E0E0} - (no file)
BHO-{C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
Notify-efcYsQiH - efcYsQiH.dll
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:58:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3499459065-2555909884-1288176558-1008\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Version"=dword:01010249
[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Pilotes ATI]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{C523F390-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcrobatAccess"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]
@DACL=(02 0000)
@SACL=
@="RealPlayer"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="QUICKLAUNCH"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="DESKTOP"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}\1.0]
@DACL=(02 0000)
@SACL=
@="Cerberus 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL CETCtrl 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}\1.0]
@DACL=(02 0000)
@SACL=
@="Xanthe 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}\1.0]
@DACL=(02 0000)
@SACL=
@="Downloader 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}\1.0]
@DACL=(02 0000)
@SACL=
@="CDDBControl(AOL) 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}\1.0]
@DACL=(02 0000)
@SACL=
@="AxTrack 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}\1.0]
@DACL=(02 0000)
@SACL=
@="CoachDM 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}\1.0]
@DACL=(02 0000)
@SACL=
@="SB 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}\1.0]
@DACL=(02 0000)
@SACL=
@="Phobos 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL UPFCtrl 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}\1.0]
@DACL=(02 0000)
@SACL=
@="AOL Member Expression Wizard Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}\1.0]
@DACL=(02 0000)
@SACL=
@="YGPPicInfo 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}\1.0]
@DACL=(02 0000)
@SACL=
@="Ares 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}\1.0]
@DACL=(02 0000)
@SACL=
@="Animation Engine 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}\1.0]
@DACL=(02 0000)
@SACL=
@="ABUI 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}\1.0]
@DACL=(02 0000)
@SACL=
@="Pathfinder 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}\1.0]
@DACL=(02 0000)
@SACL=
@="WinAmpXChat 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}\1.0]
@DACL=(02 0000)
@SACL=
@="SAMgr 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
@SACL=
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\slserv.exe
c:\windows\system32\ati2evxx.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-03 23:05:16 - La machine a redémarré [BS]
ComboFix-quarantined-files.txt 2009-01-03 22:05:13
Avant-CF: 23,322,169,344 octets libres
Après-CF: 23,279,079,424 octets libres
406 --- E O F --- 2008-12-19 02:02:04
Re,
Tu vois sa était !!
Redémarre ton pc normalement et refait un log avec RSIT.
Dit moi si tu as une amélioration ?
Tu vois sa était !!
Redémarre ton pc normalement et refait un log avec RSIT.
Dit moi si tu as une amélioration ?
A première vue ligne 10 il n' y a plus Broken, mais il reste Unknown file dans windsock.
Enfin, je mets le rapport car je ne suis pas certaine de moi, pas une experte.
encore merci pour votre aide et votre patience.
***
Logfile of random's system information tool 1.05 (written by random/random)
Run by BS at 2009-01-03 23:25:46
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 22 GB (32%) free of 70 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:01, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\logiciel\RSIT.exe
E:\logiciel\BS.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-98ffbb35634a4c39.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - (no file)
Enfin, je mets le rapport car je ne suis pas certaine de moi, pas une experte.
encore merci pour votre aide et votre patience.
***
Logfile of random's system information tool 1.05 (written by random/random)
Run by BS at 2009-01-03 23:25:46
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 22 GB (32%) free of 70 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:01, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\logiciel\RSIT.exe
E:\logiciel\BS.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsec1.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyB0.dll
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-98ffbb35634a4c39.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - (no file)
Re,
▶ Relance hijack et clique sur "Do a system scan only"
▶ Ensuite recherche ces lignes et coches les cases
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O24 - Desktop Component 0: (no name) - (no file)
▶ Ensuite clique sur "Fix checked"
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER
▶ Lance-le. Va dans "Options" puis "Avancé",
▶ Tu décoches la case "Effacer uniquement les fichiers etc...".
▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.
▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".
Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
▶ Un tuto ( aide )
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Refait un scan complet en mode sans échec avec malwarebyte.
▶ Relance hijack et clique sur "Do a system scan only"
▶ Ensuite recherche ces lignes et coches les cases
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O24 - Desktop Component 0: (no name) - (no file)
▶ Ensuite clique sur "Fix checked"
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER
▶ Lance-le. Va dans "Options" puis "Avancé",
▶ Tu décoches la case "Effacer uniquement les fichiers etc...".
▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.
▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".
Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
▶ Un tuto ( aide )
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Refait un scan complet en mode sans échec avec malwarebyte.
Je fais tout ça OK. Merci
PAr contre, j'ai déjà C CLeaner dans l'ordi version V 2.01.507 est- ce bon ou dois je prendre une autre version ?
Merci par avance.
PAr contre, j'ai déjà C CLeaner dans l'ordi version V 2.01.507 est- ce bon ou dois je prendre une autre version ?
Merci par avance.
Re,
Tu le met à jour .......
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mise à jour de Adobe :
Pour Flash, c'est ici
Si tu utilises Acrobat Reader (PDF), c'est là
Les mises à jour, sont primordiale, de nombreuse infection utilisent des failles de Java ou de Flash, télécharger la dernière version comble de nombreux "trous" de sécurité.
Les antivirus détectent mal ce genre d'infection.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Met à jour internet explorer:
Windows Internet Explorer 7
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Met à jour ton WINDOWS:
WINDOWS XP SP3
Tu le met à jour .......
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mise à jour de Adobe :
Pour Flash, c'est ici
Si tu utilises Acrobat Reader (PDF), c'est là
Les mises à jour, sont primordiale, de nombreuse infection utilisent des failles de Java ou de Flash, télécharger la dernière version comble de nombreux "trous" de sécurité.
Les antivirus détectent mal ce genre d'infection.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Met à jour internet explorer:
Windows Internet Explorer 7
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Met à jour ton WINDOWS:
WINDOWS XP SP3
non je prends le soin de quitter mes helpés en beauté et de corriger les gens qui en ont besoin avant de partir ca te dérange ?
et bien pour quelqu'un qui reproche de piquer les topics et qui en fairt autant t'as du toupet mon coco enfin.......
