Spywareinfo.TrafficZ. Que faire ?
pim
-
pim -
pim -
Bonjour,
Spybot me signale une infection par Spywareinfo.TrafficZ mais n'arrive pas à l'ôter.
Si quelqu'un peut m'aider, je joins un rapport hijackthis. Merci...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:29, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abonnes.lemonde.fr/web/desk/0,26-3424,1-0,0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\01t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\01t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Philips Semiconductors GmbH - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Spybot me signale une infection par Spywareinfo.TrafficZ mais n'arrive pas à l'ôter.
Si quelqu'un peut m'aider, je joins un rapport hijackthis. Merci...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:29, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abonnes.lemonde.fr/web/desk/0,26-3424,1-0,0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\01t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\01t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Philips Semiconductors GmbH - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
5 réponses
ton rapport a l air bien
1)passe cela pour verifier
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)dis moi quel est le fichier que spybot reconnait comme infecte si malwarebyte ne repere rien.
1)passe cela pour verifier
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)dis moi quel est le fichier que spybot reconnait comme infecte si malwarebyte ne repere rien.
tu as deja passe combo fix , il t a repere ce qui ne va pas , tu ferais bien de me montrer le rapport de combo fix egalement.
Bonjour !
Combofix, je l'avais passé pour une infection ancienne (en octobre je crois)
Je viens de le repasser, et voici le rapport :
ComboFix 09-01-21.04 - Patrick 2009-01-28 13:29:13.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1472 [GMT 1:00]
Lancé depuis: c:\documents and settings\Patrick\Bureau\Fificombo.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Patrick\Application Data\inst.exe
C:\InfoSat.txt
c:\windows\system32\hjpwqtet.ini
c:\windows\system32\kxhejffg.ini
c:\windows\system32\xdfitnmg.ini
D:\resycled
E:\resycled
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.
2009-01-26 22:45 . 2009-01-26 22:45 <REP> d-------- C:\combofifix
2009-01-25 18:16 . 2009-01-25 18:16 2,688 --a------ c:\windows\system32\settings.aaw
2009-01-25 18:16 . 2009-01-25 18:16 960 --a------ c:\windows\system32\history.aaw
2009-01-18 23:18 . 2009-01-25 12:59 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-18 23:18 . 2009-01-18 23:18 1,409 --a------ c:\windows\QTFont.for
2009-01-18 19:27 . 2009-01-19 21:40 237,568 --a------ c:\windows\system32\rmc_rtspdl.dll
2009-01-18 19:27 . 2009-01-19 21:40 156,672 --a------ c:\windows\system32\rmc_fixasf.exe
2009-01-18 19:26 . 2009-01-19 21:40 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL
2009-01-18 19:25 . 2009-01-18 19:25 <REP> d-------- c:\windows\Replay Media Catcher
2009-01-18 19:25 . 2009-01-19 21:52 <REP> d-------- c:\program files\Replay Media Catcher
2009-01-18 16:58 . 2009-01-18 16:58 <REP> d-------- C:\temp
2009-01-11 22:37 . 2009-01-11 22:37 <REP> d-------- c:\program files\FotoSketcher
2009-01-11 22:37 . 2009-01-11 22:37 <REP> d-------- c:\program files\eRightSoft
2009-01-11 22:19 . 2009-01-11 22:37 <REP> d-------- c:\program files\FrostWire
2009-01-11 11:29 . 2009-01-11 22:37 <REP> d-------- c:\program files\eRightSoft(2)
2009-01-11 11:18 . 2009-01-11 23:06 <REP> d-------- c:\program files\Free PDF to Word Doc Converter
2009-01-10 18:21 . 2009-01-10 18:21 <REP> d-------- c:\program files\uTorrent
2009-01-09 16:39 . 2009-01-09 16:39 <REP> d-------- c:\documents and settings\Patrick\Application Data\FreshDiagnose
2009-01-07 16:58 . 2009-01-07 21:59 <REP> d-------- c:\documents and settings\Patrick\.gimp-2.6
2009-01-07 16:58 . 2009-01-07 16:58 <REP> d-------- c:\documents and settings\Patrick\.gegl-0.0
2009-01-02 16:21 . 2009-01-02 16:21 <REP> d-------- c:\program files\RapidSolution
2009-01-01 15:30 . 2009-01-01 15:30 <REP> d-------- c:\documents and settings\Patrick\Application Data\KC Softwares
2008-12-29 18:04 . 2008-12-29 18:04 <REP> d-------- c:\program files\BitSpirit
2008-12-28 22:17 . 2008-12-28 22:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Mindjet
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 12:32 41,343,264 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-28 12:32 3,756,064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-28 12:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-27 21:53 557,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-27 21:53 357,020 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-25 18:05 --------- d-----w c:\program files\RegClean 4.1a
2009-01-25 17:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-25 17:22 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-25 17:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-25 11:59 --------- d-----w c:\documents and settings\Patrick\Application Data\Corel
2009-01-25 11:58 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-23 17:44 --------- d-----w c:\documents and settings\Patrick\Application Data\uTorrent
2009-01-19 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-01-18 17:39 --------- d-----w c:\program files\Project URL Snooper
2009-01-18 17:18 37,440 ----a-w c:\windows\system32\drivers\pssdklbf.drv
2009-01-18 17:18 30,272 ----a-w c:\windows\system32\drivers\pssdk31.drv
2009-01-18 17:18 --------- d-----w c:\program files\Tube Master Plus 1.1.0.4
2009-01-17 23:04 --------- d-----w c:\documents and settings\Patrick\Application Data\dvdcss
2009-01-17 15:22 --------- d-----w c:\documents and settings\Patrick\Application Data\Vso
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 21:26 --------- d-----w c:\documents and settings\Patrick\Application Data\FrostWire
2009-01-07 15:57 --------- d-----w c:\program files\GIMP-2.0
2008-12-29 11:21 --------- d-----w c:\documents and settings\Patrick\Application Data\CmapTools
2008-12-28 14:06 --------- d-----w c:\documents and settings\Patrick\Application Data\Pump
2008-12-28 14:05 --------- d-----w c:\documents and settings\Patrick\Application Data\Azureus
2008-12-28 14:02 --------- d-----w c:\program files\eMule
2008-12-26 17:15 --------- d-----w c:\program files\MediaInfo
2008-12-25 22:52 --------- d-----w c:\program files\Joost
2008-12-25 22:52 --------- d-----w c:\documents and settings\Patrick\Application Data\Joost
2008-12-25 20:50 --------- d-----w c:\documents and settings\Patrick\Application Data\ImgBurn
2008-12-25 20:49 --------- d-----w c:\program files\CCleaner
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 17:05 --------- d-----w c:\documents and settings\Patrick\Application Data\vlc
2008-12-07 16:58 --------- d-----w c:\program files\Winamp
2008-12-07 16:46 --------- d-----w c:\documents and settings\Patrick\Application Data\Winamp
2008-12-06 20:06 --------- d-----w c:\program files\VideoLAN
2008-12-06 18:32 --------- d-----w c:\program files\PCFriendly
2008-12-05 18:56 --------- d-----w c:\program files\Lphant
2008-12-03 15:10 --------- d-----w c:\program files\Java
2008-11-29 22:28 --------- d-----w c:\program files\free-downloads.net
2008-11-29 22:28 --------- d-----w c:\program files\Conduit
2008-11-29 22:26 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-29 17:32 --------- d-----w c:\program files\DVDFab 5
2008-11-29 17:04 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-11-29 14:00 --------- d-----w c:\documents and settings\Patrick\Application Data\AdobeUM
2008-11-29 13:41 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-29 13:41 47,360 ----a-w c:\documents and settings\Patrick\Application Data\pcouffin.sys
2008-11-28 22:25 --------- d-----w c:\program files\IHMC CmapTools
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-03 08:26 3,023,817 ----a-r c:\program files\TRISTAN.exe
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-04-02 15:46 744,339 ----a-w c:\program files\PAVARK.exe
2008-02-17 14:31 591 ----a-w c:\program files\Media Player Classic.lnk
2007-10-05 22:29 81,920 ----a-w c:\documents and settings\Patrick\Application Data\ezpinst.exe
2007-08-28 13:58 30 ----a-w c:\program files\Exiferupdate.ini
2006-12-28 17:54 810,704 ----a-w c:\program files\Panda Anti-Rootkit.exe
2006-03-27 17:49 3,809,280 ----a-w c:\program files\Guitools.exe
2005-11-19 08:31 532,480 ----a-w c:\program files\CWShredder 2.19.exe
2003-01-15 20:30 322,550 ----a-w c:\program files\Pop-up Stopper fr.exe
2001-09-11 18:24 670,720 ----a-w c:\program files\PlanetAnim.exe
1999-10-30 21:54 561,152 ----a-w c:\program files\Convert.exe
1999-06-30 13:06 151,552 ----a-r c:\windows\inf\Agfa\Message.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobipocket Reader Notifications"="c:\program files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 57344]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-26 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2006-04-17 184320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"OmniPage"="c:\progra~1\Caere\OMNIPA~1.0\opware32.exe" [1999-11-08 53248]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2008-01-23 341488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 c:\windows\system32\TWEAKUI.CPL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^DOCUME~1^Patrick^Menu Démarrer^Programmes^Démarrage^QuickShelf.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-12-13 16:15 2785256 c:\program files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-03-23 16:06 1398272 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2006-11-15 882688]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-11-15 7040]
R4 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [2007-08-18 20480]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-07-06 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-07-06 37440]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://abonnes.lemonde.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Télécharger avec NetTransport - c:\program files\NetTransport 2\NTAddLink.html
IE: Afficher cette page dans Firefox - file://c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: Ouvrir la cible dans Firefox - file://c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: Tout t&élécharger avec NetTransport - c:\program files\NetTransport 2\NTAddList.html
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://m6video.m6.fr/1click/install/files/installer2.cab
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (Français)
FF - prefs.js: browser.startup.homepage - hxxp://abonnes.lemonde.fr/
FF - component: c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbabelgum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcherAudio.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcherVideo.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 13:32:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(712)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Heure de fin: 2009-01-28 13:35:06
ComboFix-quarantined-files.txt 2009-01-28 12:35:04
ComboFix2.txt 2008-11-06 18:42:07
ComboFix3.txt 2008-11-05 13:41:18
ComboFix4.txt 2008-11-04 18:33:35
ComboFix5.txt 2009-01-26 21:45:55
Avant-CF: 31,215,730,688 octets libres
Après-CF: 31,191,162,880 octets libres
265 --- E O F --- 2009-01-13 18:28:24
Combofix, je l'avais passé pour une infection ancienne (en octobre je crois)
Je viens de le repasser, et voici le rapport :
ComboFix 09-01-21.04 - Patrick 2009-01-28 13:29:13.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1472 [GMT 1:00]
Lancé depuis: c:\documents and settings\Patrick\Bureau\Fificombo.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Patrick\Application Data\inst.exe
C:\InfoSat.txt
c:\windows\system32\hjpwqtet.ini
c:\windows\system32\kxhejffg.ini
c:\windows\system32\xdfitnmg.ini
D:\resycled
E:\resycled
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.
2009-01-26 22:45 . 2009-01-26 22:45 <REP> d-------- C:\combofifix
2009-01-25 18:16 . 2009-01-25 18:16 2,688 --a------ c:\windows\system32\settings.aaw
2009-01-25 18:16 . 2009-01-25 18:16 960 --a------ c:\windows\system32\history.aaw
2009-01-18 23:18 . 2009-01-25 12:59 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-18 23:18 . 2009-01-18 23:18 1,409 --a------ c:\windows\QTFont.for
2009-01-18 19:27 . 2009-01-19 21:40 237,568 --a------ c:\windows\system32\rmc_rtspdl.dll
2009-01-18 19:27 . 2009-01-19 21:40 156,672 --a------ c:\windows\system32\rmc_fixasf.exe
2009-01-18 19:26 . 2009-01-19 21:40 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL
2009-01-18 19:25 . 2009-01-18 19:25 <REP> d-------- c:\windows\Replay Media Catcher
2009-01-18 19:25 . 2009-01-19 21:52 <REP> d-------- c:\program files\Replay Media Catcher
2009-01-18 16:58 . 2009-01-18 16:58 <REP> d-------- C:\temp
2009-01-11 22:37 . 2009-01-11 22:37 <REP> d-------- c:\program files\FotoSketcher
2009-01-11 22:37 . 2009-01-11 22:37 <REP> d-------- c:\program files\eRightSoft
2009-01-11 22:19 . 2009-01-11 22:37 <REP> d-------- c:\program files\FrostWire
2009-01-11 11:29 . 2009-01-11 22:37 <REP> d-------- c:\program files\eRightSoft(2)
2009-01-11 11:18 . 2009-01-11 23:06 <REP> d-------- c:\program files\Free PDF to Word Doc Converter
2009-01-10 18:21 . 2009-01-10 18:21 <REP> d-------- c:\program files\uTorrent
2009-01-09 16:39 . 2009-01-09 16:39 <REP> d-------- c:\documents and settings\Patrick\Application Data\FreshDiagnose
2009-01-07 16:58 . 2009-01-07 21:59 <REP> d-------- c:\documents and settings\Patrick\.gimp-2.6
2009-01-07 16:58 . 2009-01-07 16:58 <REP> d-------- c:\documents and settings\Patrick\.gegl-0.0
2009-01-02 16:21 . 2009-01-02 16:21 <REP> d-------- c:\program files\RapidSolution
2009-01-01 15:30 . 2009-01-01 15:30 <REP> d-------- c:\documents and settings\Patrick\Application Data\KC Softwares
2008-12-29 18:04 . 2008-12-29 18:04 <REP> d-------- c:\program files\BitSpirit
2008-12-28 22:17 . 2008-12-28 22:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Mindjet
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 12:32 41,343,264 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-28 12:32 3,756,064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-28 12:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-27 21:53 557,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-27 21:53 357,020 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-25 18:05 --------- d-----w c:\program files\RegClean 4.1a
2009-01-25 17:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-25 17:22 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-25 17:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-25 11:59 --------- d-----w c:\documents and settings\Patrick\Application Data\Corel
2009-01-25 11:58 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-23 17:44 --------- d-----w c:\documents and settings\Patrick\Application Data\uTorrent
2009-01-19 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-01-18 17:39 --------- d-----w c:\program files\Project URL Snooper
2009-01-18 17:18 37,440 ----a-w c:\windows\system32\drivers\pssdklbf.drv
2009-01-18 17:18 30,272 ----a-w c:\windows\system32\drivers\pssdk31.drv
2009-01-18 17:18 --------- d-----w c:\program files\Tube Master Plus 1.1.0.4
2009-01-17 23:04 --------- d-----w c:\documents and settings\Patrick\Application Data\dvdcss
2009-01-17 15:22 --------- d-----w c:\documents and settings\Patrick\Application Data\Vso
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 21:26 --------- d-----w c:\documents and settings\Patrick\Application Data\FrostWire
2009-01-07 15:57 --------- d-----w c:\program files\GIMP-2.0
2008-12-29 11:21 --------- d-----w c:\documents and settings\Patrick\Application Data\CmapTools
2008-12-28 14:06 --------- d-----w c:\documents and settings\Patrick\Application Data\Pump
2008-12-28 14:05 --------- d-----w c:\documents and settings\Patrick\Application Data\Azureus
2008-12-28 14:02 --------- d-----w c:\program files\eMule
2008-12-26 17:15 --------- d-----w c:\program files\MediaInfo
2008-12-25 22:52 --------- d-----w c:\program files\Joost
2008-12-25 22:52 --------- d-----w c:\documents and settings\Patrick\Application Data\Joost
2008-12-25 20:50 --------- d-----w c:\documents and settings\Patrick\Application Data\ImgBurn
2008-12-25 20:49 --------- d-----w c:\program files\CCleaner
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 17:05 --------- d-----w c:\documents and settings\Patrick\Application Data\vlc
2008-12-07 16:58 --------- d-----w c:\program files\Winamp
2008-12-07 16:46 --------- d-----w c:\documents and settings\Patrick\Application Data\Winamp
2008-12-06 20:06 --------- d-----w c:\program files\VideoLAN
2008-12-06 18:32 --------- d-----w c:\program files\PCFriendly
2008-12-05 18:56 --------- d-----w c:\program files\Lphant
2008-12-03 15:10 --------- d-----w c:\program files\Java
2008-11-29 22:28 --------- d-----w c:\program files\free-downloads.net
2008-11-29 22:28 --------- d-----w c:\program files\Conduit
2008-11-29 22:26 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-29 17:32 --------- d-----w c:\program files\DVDFab 5
2008-11-29 17:04 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-11-29 14:00 --------- d-----w c:\documents and settings\Patrick\Application Data\AdobeUM
2008-11-29 13:41 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-29 13:41 47,360 ----a-w c:\documents and settings\Patrick\Application Data\pcouffin.sys
2008-11-28 22:25 --------- d-----w c:\program files\IHMC CmapTools
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-03 08:26 3,023,817 ----a-r c:\program files\TRISTAN.exe
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-04-02 15:46 744,339 ----a-w c:\program files\PAVARK.exe
2008-02-17 14:31 591 ----a-w c:\program files\Media Player Classic.lnk
2007-10-05 22:29 81,920 ----a-w c:\documents and settings\Patrick\Application Data\ezpinst.exe
2007-08-28 13:58 30 ----a-w c:\program files\Exiferupdate.ini
2006-12-28 17:54 810,704 ----a-w c:\program files\Panda Anti-Rootkit.exe
2006-03-27 17:49 3,809,280 ----a-w c:\program files\Guitools.exe
2005-11-19 08:31 532,480 ----a-w c:\program files\CWShredder 2.19.exe
2003-01-15 20:30 322,550 ----a-w c:\program files\Pop-up Stopper fr.exe
2001-09-11 18:24 670,720 ----a-w c:\program files\PlanetAnim.exe
1999-10-30 21:54 561,152 ----a-w c:\program files\Convert.exe
1999-06-30 13:06 151,552 ----a-r c:\windows\inf\Agfa\Message.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobipocket Reader Notifications"="c:\program files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 57344]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-26 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2006-04-17 184320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"OmniPage"="c:\progra~1\Caere\OMNIPA~1.0\opware32.exe" [1999-11-08 53248]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2008-01-23 341488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 c:\windows\system32\TWEAKUI.CPL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^DOCUME~1^Patrick^Menu Démarrer^Programmes^Démarrage^QuickShelf.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-12-13 16:15 2785256 c:\program files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-03-23 16:06 1398272 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2006-11-15 882688]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-11-15 7040]
R4 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [2007-08-18 20480]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-07-06 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-07-06 37440]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://abonnes.lemonde.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Télécharger avec NetTransport - c:\program files\NetTransport 2\NTAddLink.html
IE: Afficher cette page dans Firefox - file://c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: Ouvrir la cible dans Firefox - file://c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: Tout t&élécharger avec NetTransport - c:\program files\NetTransport 2\NTAddList.html
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://m6video.m6.fr/1click/install/files/installer2.cab
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (Français)
FF - prefs.js: browser.startup.homepage - hxxp://abonnes.lemonde.fr/
FF - component: c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\[u]0/u1t6xtq9.default\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbabelgum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcherAudio.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNTCatcherVideo.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 13:32:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(712)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Heure de fin: 2009-01-28 13:35:06
ComboFix-quarantined-files.txt 2009-01-28 12:35:04
ComboFix2.txt 2008-11-06 18:42:07
ComboFix3.txt 2008-11-05 13:41:18
ComboFix4.txt 2008-11-04 18:33:35
ComboFix5.txt 2009-01-26 21:45:55
Avant-CF: 31,215,730,688 octets libres
Après-CF: 31,191,162,880 octets libres
265 --- E O F --- 2009-01-13 18:28:24
combofix tu l as retelecharges ou tu as garder l ancienne version.rien sur ton rapport combofix a par ce qu il a enleve mais si tu as garde l ancienne version je te conseille de l enlever et de refaire un scan avec une nouvelle.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
une idee?
oui
pas de reponse a la question quel est le nom du fichier que spybot te reconnait comme infecte?
va sur virus total et cherche le fichier fait le scanner et tu obtiens un rapport que tu colles.merci.
oui
pas de reponse a la question quel est le nom du fichier que spybot te reconnait comme infecte?
va sur virus total et cherche le fichier fait le scanner et tu obtiens un rapport que tu colles.merci.
Bonjour
J'ai résolu le problème.
Spybot ne signale pas précisément le fichier infecté, mais dit que c'est un signet de firefox.
J'ai donc ouvert les marque -pages, choisi Organiser les marque-pages et vérifié l'emplacement de chacun, un par un.
Le fichier infecté est le marque pagespywareinfo.com. Je l'ai supprimé.
Ensuite : nettoyage avec CCleaner, puis RegSeeker.
Depuis : c'est fini.
Spybot me félicite.
Merci pour ton aide.
pim
J'ai résolu le problème.
Spybot ne signale pas précisément le fichier infecté, mais dit que c'est un signet de firefox.
J'ai donc ouvert les marque -pages, choisi Organiser les marque-pages et vérifié l'emplacement de chacun, un par un.
Le fichier infecté est le marque pagespywareinfo.com. Je l'ai supprimé.
Ensuite : nettoyage avec CCleaner, puis RegSeeker.
Depuis : c'est fini.
Spybot me félicite.
Merci pour ton aide.
pim
J'ai passé MalwareBytes qui m'a suprimé des choses, mais ensuite Spybot retrouve Spywareinfo.TrafficZ. Il le localise comme signet dans Firefox/default (www.spywareinfo.com).
Voici quand même le rapport de MalwareBytes :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1692
Windows 5.1.2600 Service Pack 3
26/01/2009 09:13:45
mbam-log-2009-01-26 (09-13-45).txt
Type de recherche: Examen complet (C:\|L:\|)
Eléments examinés: 216272
Temps écoulé: 1 hour(s), 57 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtuvTNe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcYqolL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccbBRHx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBuUkiI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJAPJDT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmjIBR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnLCus.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOFXOH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUnMgeC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyawvWq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayAsspN.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.