Trojan virtumonde
masque007
Messages postés
75
Statut
Membre
-
masque007 Messages postés 75 Statut Membre -
masque007 Messages postés 75 Statut Membre -
Bonjour,
Quelqu'n pourrait-il m'aider à éliminer un trojan que spybot identifie comme "virtumonde" sns toutefois parvenir à l'éiminer?
Entre autres désagréments ce virus rend mon clavier particulièrement diffciles à manipuler (oublie une lettre sur deux) c'est vous dire a galere pour écrire ce simple message.
Merci
Quelqu'n pourrait-il m'aider à éliminer un trojan que spybot identifie comme "virtumonde" sns toutefois parvenir à l'éiminer?
Entre autres désagréments ce virus rend mon clavier particulièrement diffciles à manipuler (oublie une lettre sur deux) c'est vous dire a galere pour écrire ce simple message.
Merci
A voir également:
- Trojan virtumonde
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
- Trojan win32 - Forum Virus
3 réponses
Désactive l'UAC au préalable comme indiqué ici.
Ensuite :
Télécharge ComboFix sur ton bureau.
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web, logiciel de protection et connexion internet avant d'exécuter ce programme.
Fais un clic droit sur Combofix, choisis Renommer, marque simo.exe et appuie sur la touche Entrée de ton clavier.
Double-clic dessus et appuye sur "1" pour continuer et suis ce qui est indiqué à l'écran.
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Ensuite :
Télécharge ComboFix sur ton bureau.
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web, logiciel de protection et connexion internet avant d'exécuter ce programme.
Fais un clic droit sur Combofix, choisis Renommer, marque simo.exe et appuie sur la touche Entrée de ton clavier.
Double-clic dessus et appuye sur "1" pour continuer et suis ce qui est indiqué à l'écran.
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
bonjour,
je ne dois pas avoir bien suivi tes conseils car j'ai ete prive de connection a la suite du scan lancé par combo fix. Je viens de restaurer le systeme et ca re fonctionne.
Je t'envoie le rapport de combo fix
ComboFix 09-01-07.02 - max 2009-01-08 15:12:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3327.1910 [GMT 1:00]
Lancé depuis: c:\users\max\Desktop\simo.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\max\AppData\Local\Temp\jKARHbXr.dll
c:\windows\system32\fCRLEWMe.dll
c:\windows\system32\hgGWMdbC.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:55 . 2008-12-31 17:55 <REP> d-------- c:\program files\Ableton
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\users\All Users\ICQ
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\programdata\ICQ
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\program files\ICQ6Toolbar
2008-12-29 22:36 . 2008-12-31 10:52 <REP> d-------- c:\users\max\AppData\Roaming\ICQ
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\users\max\AppData\Roaming\Babylon
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\users\All Users\Babylon
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\programdata\Babylon
2008-12-23 12:46 . 2008-12-23 12:47 7,378,840 --a------ c:\users\max\powarc1103fr.exe
2008-12-23 10:50 . 2008-12-23 10:50 <REP> d-------- c:\program files\Bonjour
2008-12-18 15:51 . 2008-12-18 15:51 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-12 09:31 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 08:57 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 22:24 --------- d-----w c:\programdata\Google Updater
2009-01-06 11:44 --------- d-----w c:\users\max\AppData\Roaming\Audacity
2008-12-31 16:57 --------- d-----w c:\users\max\AppData\Roaming\Ableton
2008-12-31 14:54 --------- d-----w c:\program files\Steinberg
2008-12-29 21:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:51 --------- d-----w c:\program files\Java
2008-12-12 16:00 --------- d-----w c:\program files\Windows Mail
2008-12-12 08:36 --------- d-----w c:\programdata\Microsoft Help
2008-12-02 11:14 --------- d-----w c:\program files\Syncrosoft
2008-11-27 22:06 --------- d-----w c:\users\max\AppData\Roaming\Yahoo!
2008-11-25 10:44 --------- d-----w c:\programdata\Apple Computer
2008-11-25 10:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 10:44 --------- d-----w c:\program files\iTunes
2008-11-25 10:44 --------- d-----w c:\program files\iPod
2008-11-25 10:44 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 10:42 --------- d-----w c:\program files\QuickTime
2008-11-24 17:17 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-24 17:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 17:06 --------- d-----w c:\program files\Pro Evolution Soccer 2008
2008-11-16 23:04 --------- d-----w c:\programdata\KONAMI
2008-11-16 22:59 --------- d-----w c:\program files\KONAMI
2008-11-08 10:23 --------- d-----w c:\users\max\AppData\Roaming\BSplayer
2008-11-03 17:25 7,299,392 ----a-w c:\users\max\powarc110103fr.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-07-04 09:23 174 --sha-w c:\program files\desktop.ini
2008-04-27 08:10 142 ----a-w c:\users\max\AppData\Roaming\wklnhst.dat
2008-03-22 22:31 103,956 ----a-w c:\users\max\AppData\Roaming\serial2.dat
2008-05-14 23:47 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-14 23:47 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-14 23:47 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"Audio Kontrol 1"="c:\program files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe" [2007-12-11 5943296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-01-24 141352]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"GPIO"="c:\program files\smart HDD\GPIO\GPIOManager.exe" [2006-07-03 708096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-06 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
RaConfig2500.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe [2008-01-27 528384]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1222B6B0-5F66-47B1-AC9B-04DCD51129E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EABE124C-C893-42EF-9792-190BE0686AAE}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CF0506C7-8CB4-4129-BE2A-5237F4DBA538}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E6345303-C94F-4A55-A1D7-DD68EF42815E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{872B8923-A031-417F-A656-0EC1512CF808}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7E9071EF-BDAC-45F6-B13C-A77E1790B26D}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{764D9C20-C027-4EC8-B93D-01E91ECEE944}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"{EE7DC892-69D4-4CC9-899A-424361419E5A}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6CA1ACE9-762B-4294-9652-252A81EE16F5}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{42D64002-6E58-461C-BC06-D8BD09AF977D}"= UDP:9403:BitComet 9403 TCP
"{C373AA8A-B29B-4D5D-B5F9-A8BD2DCC325C}"= TCP:9403:BitComet 9403 UDP
"TCP Query User{0C36AB46-5914-486D-A6E4-4BDEEF961AD8}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{61D50B4F-E78E-4AAB-A7E3-7C6D01953BF1}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{632B8967-7BBA-4002-BFB2-6AB224FDFE62}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D694DA9D-58CB-4B4F-9DBA-0EF7B01A695D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{50FF2FDE-9E83-4E48-985D-14FD33CD780A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{38413341-D8A6-4F52-99ED-9B3AE0EFCA04}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7C2E3E0-301A-4F55-9E8B-643D5E809B45}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3E9CDED9-13BA-44FC-B051-46F4E3F04B18}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9BCAEA4E-2F47-4EA9-9FD2-33168D442A1D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF714FC5-3A0C-4F6E-8A74-99DEB10D5E69}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F11C5B16-2DED-4207-9D3C-597B65C2AE76}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{76FCEF53-C7AC-4E73-84DF-0361482890C1}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{A1DFCD4F-FE17-4200-B0A6-D84C670A421F}"= UDP:c:\program files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{00AE55A6-9923-477F-9B73-075783419BD5}"= TCP:c:\program files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{05B8A45D-1E6C-4450-AB66-3CA93539A5F3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{66217042-89A6-4267-B3E7-EC7278987556}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{03FF7653-6448-4F3E-9D46-A774F7F11E85}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2FC15EF3-4506-4CF2-A08F-7CDA4432D74F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A4E3DDCB-1195-4798-B06A-F0D3BF112DA0}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{251E7EAD-67B9-4036-A99A-FACB35A09120}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{A9AAC7D3-8F2C-429C-83D8-EEE1D38A2155}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3D11B7CF-B3EB-4AE3-B060-3EBBCC227F35}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
R3 ak1avs;ak1avs;c:\windows\System32\drivers\ak1avs.sys [2008-05-01 25600]
R3 ak1usb;ak1usb;c:\windows\System32\drivers\ak1usb.sys [2008-05-01 186368]
S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [2008-05-02 18432]
S4 Asapi;Asapi;c:\windows\System32\drivers\asapi.sys [2008-05-14 8768]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
.
Contenu du dossier 'Tâches planifiées'
2008-11-22 c:\windows\Tasks\At1.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2008-05-22 c:\windows\Tasks\At2.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2008-11-22 c:\windows\Tasks\At3.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2009-01-08 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-14 20:14]
2008-12-29 c:\windows\Tasks\yxzqrmnk.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-MSServer - c:\users\max\AppData\Local\Temp\geBqOFWO.dll
HKCU-Run-cmds - c:\users\max\AppData\Local\Temp\jKARHbXr.dll
HKCU-Run-e4d7fbc0 - c:\users\max\AppData\Local\Temp\jihduksy.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {130B8CB1-F13A-4CC3-8BF5-7FE7473752B1} = 192.168.1.1
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\lbjvb2la.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 15:20:11
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002B0D133D3745513197 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\UI0Detect.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 15:24:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 14:24:10
Avant-CF: 51 003 256 832 octets libres
Après-CF: 51,100,684,288 octets libres
254 --- E O F --- 2009-01-06 10:33:51
Merci
je ne dois pas avoir bien suivi tes conseils car j'ai ete prive de connection a la suite du scan lancé par combo fix. Je viens de restaurer le systeme et ca re fonctionne.
Je t'envoie le rapport de combo fix
ComboFix 09-01-07.02 - max 2009-01-08 15:12:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3327.1910 [GMT 1:00]
Lancé depuis: c:\users\max\Desktop\simo.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\max\AppData\Local\Temp\jKARHbXr.dll
c:\windows\system32\fCRLEWMe.dll
c:\windows\system32\hgGWMdbC.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:55 . 2008-12-31 17:55 <REP> d-------- c:\program files\Ableton
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\users\All Users\ICQ
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\programdata\ICQ
2008-12-29 22:37 . 2008-12-29 22:37 <REP> d-------- c:\program files\ICQ6Toolbar
2008-12-29 22:36 . 2008-12-31 10:52 <REP> d-------- c:\users\max\AppData\Roaming\ICQ
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\users\max\AppData\Roaming\Babylon
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\users\All Users\Babylon
2008-12-29 17:17 . 2008-12-29 17:17 <REP> d-------- c:\programdata\Babylon
2008-12-23 12:46 . 2008-12-23 12:47 7,378,840 --a------ c:\users\max\powarc1103fr.exe
2008-12-23 10:50 . 2008-12-23 10:50 <REP> d-------- c:\program files\Bonjour
2008-12-18 15:51 . 2008-12-18 15:51 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-12 09:31 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 08:57 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 22:24 --------- d-----w c:\programdata\Google Updater
2009-01-06 11:44 --------- d-----w c:\users\max\AppData\Roaming\Audacity
2008-12-31 16:57 --------- d-----w c:\users\max\AppData\Roaming\Ableton
2008-12-31 14:54 --------- d-----w c:\program files\Steinberg
2008-12-29 21:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 14:51 --------- d-----w c:\program files\Java
2008-12-12 16:00 --------- d-----w c:\program files\Windows Mail
2008-12-12 08:36 --------- d-----w c:\programdata\Microsoft Help
2008-12-02 11:14 --------- d-----w c:\program files\Syncrosoft
2008-11-27 22:06 --------- d-----w c:\users\max\AppData\Roaming\Yahoo!
2008-11-25 10:44 --------- d-----w c:\programdata\Apple Computer
2008-11-25 10:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 10:44 --------- d-----w c:\program files\iTunes
2008-11-25 10:44 --------- d-----w c:\program files\iPod
2008-11-25 10:44 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 10:42 --------- d-----w c:\program files\QuickTime
2008-11-24 17:17 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-24 17:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 17:06 --------- d-----w c:\program files\Pro Evolution Soccer 2008
2008-11-16 23:04 --------- d-----w c:\programdata\KONAMI
2008-11-16 22:59 --------- d-----w c:\program files\KONAMI
2008-11-08 10:23 --------- d-----w c:\users\max\AppData\Roaming\BSplayer
2008-11-03 17:25 7,299,392 ----a-w c:\users\max\powarc110103fr.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-07-04 09:23 174 --sha-w c:\program files\desktop.ini
2008-04-27 08:10 142 ----a-w c:\users\max\AppData\Roaming\wklnhst.dat
2008-03-22 22:31 103,956 ----a-w c:\users\max\AppData\Roaming\serial2.dat
2008-05-14 23:47 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-14 23:47 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-14 23:47 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-25 68856]
"Audio Kontrol 1"="c:\program files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe" [2007-12-11 5943296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2008-01-24 141352]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"GPIO"="c:\program files\smart HDD\GPIO\GPIOManager.exe" [2006-07-03 708096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-06 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
RaConfig2500.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe [2008-01-27 528384]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1222B6B0-5F66-47B1-AC9B-04DCD51129E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EABE124C-C893-42EF-9792-190BE0686AAE}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CF0506C7-8CB4-4129-BE2A-5237F4DBA538}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E6345303-C94F-4A55-A1D7-DD68EF42815E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{872B8923-A031-417F-A656-0EC1512CF808}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7E9071EF-BDAC-45F6-B13C-A77E1790B26D}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{764D9C20-C027-4EC8-B93D-01E91ECEE944}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"{EE7DC892-69D4-4CC9-899A-424361419E5A}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6CA1ACE9-762B-4294-9652-252A81EE16F5}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{42D64002-6E58-461C-BC06-D8BD09AF977D}"= UDP:9403:BitComet 9403 TCP
"{C373AA8A-B29B-4D5D-B5F9-A8BD2DCC325C}"= TCP:9403:BitComet 9403 UDP
"TCP Query User{0C36AB46-5914-486D-A6E4-4BDEEF961AD8}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{61D50B4F-E78E-4AAB-A7E3-7C6D01953BF1}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{632B8967-7BBA-4002-BFB2-6AB224FDFE62}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D694DA9D-58CB-4B4F-9DBA-0EF7B01A695D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{50FF2FDE-9E83-4E48-985D-14FD33CD780A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{38413341-D8A6-4F52-99ED-9B3AE0EFCA04}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7C2E3E0-301A-4F55-9E8B-643D5E809B45}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3E9CDED9-13BA-44FC-B051-46F4E3F04B18}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9BCAEA4E-2F47-4EA9-9FD2-33168D442A1D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{DF714FC5-3A0C-4F6E-8A74-99DEB10D5E69}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F11C5B16-2DED-4207-9D3C-597B65C2AE76}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{76FCEF53-C7AC-4E73-84DF-0361482890C1}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{A1DFCD4F-FE17-4200-B0A6-D84C670A421F}"= UDP:c:\program files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{00AE55A6-9923-477F-9B73-075783419BD5}"= TCP:c:\program files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{05B8A45D-1E6C-4450-AB66-3CA93539A5F3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{66217042-89A6-4267-B3E7-EC7278987556}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{03FF7653-6448-4F3E-9D46-A774F7F11E85}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2FC15EF3-4506-4CF2-A08F-7CDA4432D74F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A4E3DDCB-1195-4798-B06A-F0D3BF112DA0}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{251E7EAD-67B9-4036-A99A-FACB35A09120}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{A9AAC7D3-8F2C-429C-83D8-EEE1D38A2155}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3D11B7CF-B3EB-4AE3-B060-3EBBCC227F35}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
R3 ak1avs;ak1avs;c:\windows\System32\drivers\ak1avs.sys [2008-05-01 25600]
R3 ak1usb;ak1usb;c:\windows\System32\drivers\ak1usb.sys [2008-05-01 186368]
S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [2008-05-02 18432]
S4 Asapi;Asapi;c:\windows\System32\drivers\asapi.sys [2008-05-14 8768]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
.
Contenu du dossier 'Tâches planifiées'
2008-11-22 c:\windows\Tasks\At1.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2008-05-22 c:\windows\Tasks\At2.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2008-11-22 c:\windows\Tasks\At3.job
- c:\users\max\AppData\Roaming\wunauclt.exe []
2009-01-08 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-14 20:14]
2008-12-29 c:\windows\Tasks\yxzqrmnk.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-MSServer - c:\users\max\AppData\Local\Temp\geBqOFWO.dll
HKCU-Run-cmds - c:\users\max\AppData\Local\Temp\jKARHbXr.dll
HKCU-Run-e4d7fbc0 - c:\users\max\AppData\Local\Temp\jihduksy.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {130B8CB1-F13A-4CC3-8BF5-7FE7473752B1} = 192.168.1.1
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\lbjvb2la.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 15:20:11
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002B0D133D3745513197 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\UI0Detect.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 15:24:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 14:24:10
Avant-CF: 51 003 256 832 octets libres
Après-CF: 51,100,684,288 octets libres
254 --- E O F --- 2009-01-06 10:33:51
Merci
voici le rapport highjack demandé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:20, on 08/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Smart HDD\GPIO\GPIOManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Le Robert\Le Petit Robert\PRHYPER.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\max\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [GPIO] C:\Program Files\smart HDD\GPIO\GPIOManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fCRLEWMe.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Audio Kontrol 1] C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\max\AppData\Local\Temp\geBqOFWO.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\max\AppData\Local\Temp\jKARHbXr.dll,c
O4 - HKCU\..\Run: [e4d7fbc0] rundll32.exe "C:\Users\max\AppData\Local\Temp\jihduksy.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{130B8CB1-F13A-4CC3-8BF5-7FE7473752B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{130B8CB1-F13A-4CC3-8BF5-7FE7473752B1}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{130B8CB1-F13A-4CC3-8BF5-7FE7473752B1}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe