Besoin d'aide pour virrer le virus de MSN

Maillou94 Messages postés 22 Statut Membre -  
Maillou94 Messages postés 22 Statut Membre -
Bonsoir, et oui j'ai fais le con, rien que le titre vous le montre deja... J'ai clické sur un lien que m'avais envoyé un contacte sur msn et baam, j'ai moi aussi ete contaminé. Maintenant j'envoie ce lien a tous mes contacte MSN, Firefox bug enormement, je me retrouve redirictionné vers des site porno non stop :sweat: mon PC subit des gros coups de lag de quand je joue, en clair c'est la "merde" :pfff:

Je precise que j'ai deja essayé MSNfix qui me dis bien que je suis contaminé mais qui ne me décontamine... Il me demande de redemarrer pour virrer le virus, mais le virus ne par jamais, j'ai du faire 10 fois le scan de MSNfix mais toujours rien.

J'aurai besoin d'aide pour que mon PC redevienne comme avant svp.

Merci d'avance.
Configuration: Windows XP Pro
Firefox 3.0.6

38 réponses

  • 1
  • 2
Résumé de la discussion

Problème rencontré concerne une infection par malware sur Windows XP qui provoque des redirections vers des sites pornographiques, des ralentissements et la propagation du lien contaminé via MSN. Des solutions initiales évoquées incluent MSNFix qui signale l'infection sans la supprimer, des scans avec Malwarebytes, HijackThis et des outils de nettoyage comme SDFix ou RSIT. Plusieurs réponses préconisent l'analyse des éléments de démarrage et des programmes malicieux via des rapports log et des journaux, puis la mise en place de mesures de sécurité et des temporisations. D'autres interventions signalent des extraits de logs (HijackThis, RSIT) et renvoient vers des guides externes, sans conclure à la résolution immédiate et en appelant à surveiller l'état du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. furzza Messages postés 591 Statut Membre 56
     
    Salut,

    Lance un nettoyage complet avec ton anit-virus. Ca devrait marcher, en tout cas j'espère...
    0
    1. Maillou94 Messages postés 22 Statut Membre
       
      j'ai kapersky et malheureusement il n'a rien resolu :( il m'a trouvé C:\U.exe et d'autre virus... Mais le probleme est toujours present... Merci quand meme :) D'autres idées ?
      0
  2. furzza Messages postés 591 Statut Membre 56
     
    Alors ta dû chopé un trojan.

    utilise deja :
    a²free : c'est un anti trojan GRATUIT et EFFICACE:
    a² free
    _the cleaner : https://www.softwarefordown.com/thecleaner/ : anti malware gratuit pour 30 jours.
    Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

    Le patch en Français pour Ad-Aware :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

    Spybot :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

    Ensuite :
    1.tu mets à jour ces programmes
    2. afficher les dossiers cachés et protégés du système
    3. nettoyage de disque : poste de travail/clique droit sur ton disque dur/propriétés/choisir nettoyage de disque
    4. DESACTIVER ta restauration systeme : clique droit sur poste de travail/onglet restauration systeme/cocher " desactiver la rest.systeme".
    5.redémarrer en mode sans échec et effectuer les scans avec les produits
    6.revenir en mode normal
    7.reactiver la rest.systeme

    voila, ca devrait etre bon :)
    0
  3. Maillou94 Messages postés 22 Statut Membre
     
    waw merci pour ton aide :) je fais tout ce que tu me dis et je te tiens au courant ;)
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour à tous les deux,

    @ furzza :

    N'importe quoi...

    Ad-Aware, Spybot et A-squared ne règleront pas le problème, il faut utiliser des logiciels spécialisés...
    D'ailleurs les versions gratuites d'Ad-Aware et a-squared ne servent à rien !

    @ maillou94 :

    Télécharge hijackthis (logiciel de diagnostic) sur ton Bureau :
    https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

    Installe le, lance le et clique sur "Do a system scan and save a logfile".
    Fais un copier-coller du rapport entier sur le forum

    0
  6. furzza Messages postés 591 Statut Membre 56
     
    Ok Anthony, merci...
    0
  7. Maillou94 Messages postés 22 Statut Membre
     
    C:\WINDOWS\system32\drivers\etc\hosts, Hijack me detecte une erreur par rapport a sa... sinon voici mon rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:43:06, on 13/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\winlogox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Mais lol\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.postarticles.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
    O4 - HKLM\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  8. Maillou94 Messages postés 22 Statut Membre
     
    tenez voici mon ligfile en pleine manifestation du virus:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:48:45, on 13/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\winlogox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Mais lol\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.postarticles.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
    O4 - HKLM\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Toutes ces lignes indiquent l'infection (n'essaye pas de les fixer avec hijackthis !) :

    C:\WINDOWS\winlogox.exe
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
    O4 - HKLM\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    • Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    • Puis redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : Redémarre ton ordinateur, puis tapote sur la touche F8 (F5 sur certains PC) juste avant l’apparition du logo Windows. Un menu va apparaître, tu devra choisir de démarrer en mode sans échec. Ouvre ensuite ta session habituelle (si nécessaire) et ne t'inquiète pas si les couleurs et la taille des icônes changent par rapport à d'habitude.

    • Puis, ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script et laisse toi guider.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Le rapport SDFix s'ouvrira alors à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

    0
  10. Maillou94 Messages postés 22 Statut Membre
     
    Voici mon nouveau rapport Hijackthis suite au passage de SDFix

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:43:49, on 14/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\notepad.exe
    C:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\winlogox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Mais lol\Bureau\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.postarticles.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
    O4 - HKLM\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  11. Maillou94 Messages postés 22 Statut Membre
     
    Oups pardon, le log de SDFix est pas complet plus haut, voici le log complet de SDFix, excusez moi pour le flood...

    [b]SDFix: Version 1.240 [/b]
    Run by Mais lol on 14/02/2009 at 00:31

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 00:40:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e7,ef,6c,bb,f8,41,d7,8a,f9,0b,4a,8a,65,77,35,d5,65,d6,64,0e,87,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7d,ac,32,2f,5b,87,a5,f5,0d,b2,96,11,2b,a4,a0,c0,83,..
    "khjeh"=hex:c0,d2,b6,b7,ed,24,96,7f,ca,4b,d3,6e,9e,24,bb,1f,01,01,24,74,b4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:46,17,2e,e0,82,ba,74,6f,56,11,fb,35,76,b3,55,3e,3e,1c,8d,c1,9d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e7,ef,6c,bb,f8,41,d7,8a,f9,0b,4a,8a,65,77,35,d5,65,d6,64,0e,87,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7d,ac,32,2f,5b,87,a5,f5,0d,b2,96,11,2b,a4,a0,c0,83,..
    "khjeh"=hex:c0,d2,b6,b7,ed,24,96,7f,ca,4b,d3,6e,9e,24,bb,1f,01,01,24,74,b4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:46,17,2e,e0,82,ba,74,6f,56,11,fb,35,76,b3,55,3e,3e,1c,8d,c1,9d,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG10.00.00.01WORKSTATION"="735F38CE053145D2BEB77280501600C513089CA77F579AF90913C39F765E9AAB0A3DE08E0DC92EAB19ABF887A1B954E5ADB44B02B76514451FA28D1B2F053FD51D42BEAB0489CDCEBDC402AE2327C2D3926E0DF1C72CA095D998A89B75A872403100BE82F568DE336AEA7A4EE9BB549158916FEA6F0F3C1FC8646254D3D1BE67701C11A1D3331D41801692F0EFA798963B8BC597D0C1E402200B4FA9B3D9B4BC26CD2ACB7389C8D7075641D816EF9DCC98E0A656F3CE1D58B725C6B8E7EF6724446440F90E5DA748274D3FF99C6CFB94F3A96AB6C5946CAD8BDE624FA2176FF85EC0D1D64179815AAEB1897D2B4C4C41F38EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E66739C56F2C05D95DB60FF3DFDD262872CF388E5F2E99C4D1AFAFACA30F42D2B73F5D227B40F2B9DE7D3D24DB148F32DAEC04BF0A08C7A5815AE79C44AF60D7E7E765910E6D82646A6DA40D7CF6268CC6ACE4BF9A310AD1C9D2FBAE5BD635E186BFE37A1EF395D724B2DA8EBD2C1DC03532908E37D17F80A14F639CD8D07478253733F20467110658923A3E842DAA4FC8B4805B6E69D15FA39E59579143D592F64F6DC57EB05C54F2E0DE6415C586A9C7FD758CACCA2A0D921FDC7F3D23949E561BF2732D8A641E8609297C9B17EFB61EEEEE3CC519379D5046AF6CF8BBEFFBBFC5E83017049BB0C709BF37A59627525A7AB336F14FAB19E51CDBA8C4ABAC82540CB7E12582F3CD92728B7AA40CF24C2F284E7E4CBA3FFCFDBBA9718665927858BF0A25A4BC682B646DB8DEF0949D66F3138CC855FE2BB769D6AA3A04B0EB9C344551C8C53E74745F32B82FC321F25724E90100ED0F2EAE9B32B0AA6CA7899EF617C0D120E71846C79041EC3C75C4CB5C71023FDFB60DB82CA4529BCC39BF244FC051F5AB6D59B308E9CBCCDBAC6AE161FE29DAD4130B22D799EB9B1D28E3C692E4BFA1C655C0C02F3515378931BCAB9AFE5557DD1676AA7F949CEEB20BD2133BB80A73B27C5A69ED7B1D478FC49832126FA7ECEC051B8724A7468ACCCC6C89E40575C09312361C9B5D2BD01D7CE0EE7566078A5AFA4C5F70FA12190AAB94A0CFA68A8FF31BEA38300AC6D4C2C07B511A889C51616461CE2ECBE8F8EDBB32BFE210951DC0EC1096CB4ABD8E78CD503D751358972183B466CEE9FBBD6363B1C4A5C526D54C3641802E77216898364D08A2536B661DECA429E4B83D2E35DC0200C46190DF4AF4A0B2BEFE450460DC65FD5FACCBF9BC0D158F2AB264C2943717B71290ED1356FCD16087654536F3FA8DDC1198B3454B1F6A8679E1EAAB15D46824811398786BF67F3034BEFC07D71DBFD9BC2021ED78B711EC5167924BAF6CF1F2"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Wed 11 Feb 2009 45,056 ..SHR --- "C:\WINDOWS\winlogox.exe"
    Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    [b]Finished![/b]
    0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste le rapport de scan après la suppression ici

    0
  13. Maillou94 Messages postés 22 Statut Membre
     
    ok sa analyse la, jte file le log de de hijackthis ( apres le passage de malwarebytes biensur ) avec le log de malwarebytes ? ou pas besion ?
    0
  14. Maillou94 Messages postés 22 Statut Membre
     
    Malwarebytes' Anti-Malware 1.34
    Database version: 1760
    Windows 5.1.2600 Service Pack 2

    14/02/2009 01:21:21
    mbam-log-2009-02-14 (01-21-21).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Objects scanned: 162036
    Time elapsed: 23 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    Je precise que C:\U.exe je le suprime tout le temps mais qu'il revien toujours...
    0
  15. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Oui, et il va encore revenir car une partie de l'infection n'a pas été supprimée et va encore le recréer...

    On va tout supprimer d'un coup, mais j'ai besoin d'avoir une vue d'ensemble d'abord :

    • Télécharge Random's System Information Tool (RSIT) de random/random, et enregistre le sur ton Bureau.
    • Double clique sur RSIT.exe pour lancer l'outil.
    • Clique sur ' continue ' à l'écran Disclaimer.
    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    • Une fois le scan terminé, deux rapports vont apparaitre. Poste le contenu de log.txt

    0
  16. Maillou94 Messages postés 22 Statut Membre
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Mais lol at 2009-02-14 01:30:06
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 256 GB (75%) free of 343 GB
    Total RAM: 3070 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:30:20, on 14/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\winlogox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\lclock.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Mais lol\Bureau\RSIT.exe
    C:\Documents and Settings\Mais lol\Bureau\Mais lol.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.postarticles.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
    O4 - HKLM\..\Run: [Microsft managr] C:\WINDOWS\taskmgr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  17. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit du TeaTimer de Spybot (Lance Spybot → clique sur Mode → coche Mode avancé → Outils → Résident → décoche la case Résident Tea Timer → ferme Spybot) et de Kaspersky.

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  18. Maillou94 Messages postés 22 Statut Membre
     
    ComboFix 09-02-12.03 - Mais lol 2009-02-14 1:59:56.1 - NTFSx86
    Lancé depuis: c:\documents and settings\Mais lol\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_seneka

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-14 01:30 . 2009-02-14 01:30 <REP> d-------- C:\rsit
    2009-02-14 00:31 . 2009-02-14 00:31 579,072 --a------ c:\windows\system32\DllCache\user32.dll
    2009-02-14 00:29 . 2009-02-14 00:29 <REP> d-------- c:\windows\ERUNT
    2009-02-14 00:03 . 2009-02-14 00:41 <REP> d-------- C:\SDFix
    2009-02-13 21:31 . 2009-02-13 21:31 <REP> d-------- c:\program files\Trend Micro
    2009-02-13 00:47 . 2009-02-13 03:59 <REP> d-------- c:\program files\a-squared Free
    2009-02-12 23:21 . 2009-02-12 23:21 <REP> d-------- c:\documents and settings\Mais lol\Application Data\Malwarebytes
    2009-02-12 23:04 . 2009-02-12 23:04 <REP> d-------- c:\documents and settings\Mais lol\Application Data\teamspeak2
    2009-02-12 22:55 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-02-12 22:54 . 2009-02-12 22:54 <REP> d-------- c:\program files\Panda Security
    2009-02-12 22:48 . 2009-02-12 22:48 <REP> d-------- c:\documents and settings\Mais lol\Contacts
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage réseau
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage d'impression
    2009-02-12 22:45 . 2008-05-01 18:49 <REP> d--h----- c:\documents and settings\Mais lol\Modèles
    2009-02-12 22:45 . 2009-02-13 01:04 <REP> dr------- c:\documents and settings\Mais lol\Mes documents
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> dr------- c:\documents and settings\Mais lol\Menu Démarrer
    2009-02-12 22:45 . 2009-02-12 22:45 <REP> dr------- c:\documents and settings\Mais lol\Favoris
    2009-02-12 22:45 . 2009-02-14 01:45 <REP> d-------- c:\documents and settings\Mais lol\Bureau
    2009-02-12 22:45 . 2009-02-14 01:51 <REP> d-------- c:\documents and settings\Mais lol
    2009-02-12 22:45 . 2009-02-12 22:45 244 --ah----- C:\sqmnoopt01.sqm
    2009-02-12 22:45 . 2009-02-12 22:45 232 --ah----- C:\sqmdata01.sqm
    2009-02-12 22:11 . 2009-02-12 22:16 1,374 --a------ c:\windows\imsins.BAK
    2009-02-12 22:10 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
    2009-02-12 22:10 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
    2009-02-12 22:10 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
    2009-02-12 22:10 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
    2009-02-12 22:10 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
    2009-02-12 22:10 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
    2009-02-12 22:10 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
    2009-02-12 22:10 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
    2009-02-12 22:10 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
    2009-02-12 21:08 . 2009-02-13 01:24 <REP> d-------- c:\program files\MSNFix
    2009-02-12 14:00 . 2009-02-12 14:00 <REP> d-------- c:\program files\Live-Prod
    2009-02-12 07:20 . 2009-02-12 07:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-02-12 02:22 . 2009-02-12 02:22 <REP> d-------- c:\program files\Messenger Plus! Live
    2009-02-12 02:03 . 2009-02-12 02:04 <REP> d-------- c:\program files\Windows Live
    2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
    2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
    2009-02-12 02:03 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
    2009-02-12 01:54 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
    2009-02-12 01:54 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
    2009-02-12 01:53 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
    2009-02-12 01:51 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
    2009-02-12 01:51 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
    2009-02-12 01:51 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
    2009-02-12 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-02-12 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-02-12 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-02-12 01:38 . 2009-02-12 01:38 <REP> d-------- c:\program files\MSECACHE
    2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-12 01:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-12 01:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-11 23:04 . 2009-02-11 23:04 <REP> d-------- c:\documents and settings\NetworkService\Bureau
    2009-02-11 21:46 . 2009-02-11 21:46 45,056 -r-hs---- c:\windows\winlogox.exe
    2009-02-04 19:42 . 2009-02-04 19:42 34 --a------ c:\windows\cdplayer.ini
    2009-02-04 19:28 . 2009-02-04 19:34 <REP> d-------- C:\audiograbber
    2009-02-03 13:54 . 2009-02-03 03:43 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-02-03 03:45 . 2009-02-03 03:45 <REP> d-------- c:\documents and settings\LocalService\Bureau
    2009-02-03 03:43 . 2009-02-03 03:43 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
    2009-02-03 03:40 . 2009-02-03 03:40 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
    2009-02-03 01:13 . 2009-02-03 01:13 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-03 01:12 . 2009-02-03 01:12 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
    2009-02-03 01:11 . 2009-02-03 01:11 <REP> d-------- c:\program files\Microsoft
    2009-02-03 01:05 . 2009-02-03 01:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-02-01 23:18 . 2009-02-01 23:18 <REP> d-------- C:\Logs
    2009-01-31 20:40 . 2009-01-31 20:40 <REP> d-------- c:\documents and settings\All Users\Application Data\id Software
    2009-01-30 00:57 . 2009-01-30 00:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2009-01-29 22:58 . 2009-01-31 17:46 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment
    2009-01-29 01:03 . 2009-01-29 01:03 <REP> d-------- c:\program files\CCleaner
    2009-01-28 15:14 . 2009-01-28 15:14 <REP> d-------- c:\windows\system32\LogFiles
    2009-01-28 15:14 . 2009-01-31 20:40 2,246,144 --a------ c:\windows\system32\pbsvc.exe
    2009-01-28 15:14 . 2009-02-01 00:40 189,576 --a------ c:\windows\system32\PnkBstrB.exe
    2009-01-28 15:14 . 2009-02-01 00:40 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-28 15:14 . 2009-01-31 20:44 70,968 --a------ c:\windows\system32\PnkBstrA.exe
    2009-01-18 18:43 . 2004-10-30 01:42 142,976 --a------ c:\windows\system32\DllCache\usbport.sys
    2009-01-17 16:49 . 2009-02-13 21:53 <REP> d-------- c:\program files\Steam
    2009-01-16 22:05 . 2009-02-14 02:01 97,052 --a------ c:\windows\system32\oodbs.lor
    2009-01-16 13:09 . 2009-01-16 13:09 0 --a------ c:\windows\oodcnt.INI
    2009-01-16 06:50 . 2009-01-16 06:50 <REP> d-------- c:\windows\system32\oodag
    2009-01-16 04:42 . 2009-01-16 04:42 <REP> d-------- c:\program files\OO Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 01:02 55,313,696 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-02-14 01:02 1,997,088 --sha-w c:\windows\system32\drivers\fidbox2.dat
    2009-02-14 01:01 742,880 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-02-14 01:01 188,228 --sha-w c:\windows\system32\drivers\fidbox2.idx
    2009-02-14 00:53 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2009-02-12 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-12 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-12 22:04 --------- d-----w c:\program files\Teamspeak2_RC2
    2009-02-11 16:18 --------- d-----w c:\program files\mIRC
    2009-02-04 12:43 89,601 ----a-w c:\windows\system32\drivers\klick.dat
    2009-02-04 12:43 101,287 ----a-w c:\windows\system32\drivers\klin.dat
    2009-01-31 20:06 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-25 15:44 --------- d-----w c:\program files\ma-config.com
    2009-01-25 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-13 15:39 --------- d-----w c:\program files\Warcraft III
    2009-01-05 00:19 --------- d-----w c:\program files\MP4Converter
    2008-12-29 12:32 --------- d-----w c:\program files\FreeGo
    2008-12-27 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-27 15:09 --------- d-----w c:\program files\Bonjour
    2008-12-27 15:08 --------- d-----w c:\program files\QuickTime
    2008-12-27 15:07 --------- d-----w c:\program files\Apple Software Update
    2008-12-27 14:58 --------- d-----w c:\program files\Safari
    2008-12-15 22:30 --------- d-----w c:\program files\PyGrenouille
    .

    ------- Sigcheck -------

    2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe

    2007-08-06 10:51 3256832 7c56d56d6be0760ddf9a37344731bd3f c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "Microsft managr"="c:\windows\taskmgr.exe" [2009-02-14 24576]
    "LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-03 509784]
    "Microsft managr"="c:\windows\taskmgr.exe" [2009-02-14 24576]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-17 227856]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.exe]
    "Window UDP Control Servic"="winlogox.exe" [2009-02-11 c:\windows\winlogox.exe]
    "nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
    "nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS\[u]0/ulsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
    backup=c:\windows\pss\PyGrenouille.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
    --a------ 2005-11-23 14:04 1544192 c:\program files\D-Link\AirPlus G\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft managr]
    ---hs---- 2009-02-14 02:03 24576 c:\windows\taskmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2009-01-17 16:50 1410296 c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "O&O Defrag"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24060:TCP"= 24060:TCP:BitComet 24060 TCP
    "24060:UDP"= 24060:UDP:BitComet 24060 UDP

    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-03 64160]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-03 950096]
    S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - a2free
    *Deregistered* - AegisP
    *Deregistered* - AFD
    *Deregistered* - ALG
    *Deregistered* - ANIO
    *Deregistered* - ANIWZCSdService
    *Deregistered* - Arp1394
    *Deregistered* - AudioSrv
    *Deregistered* - audstub
    *Deregistered* - AVP
    *Deregistered* - Beep
    *Deregistered* - Bonjour Service
    *Deregistered* - Browser
    *Deregistered* - Cdfs
    *Deregistered* - CryptSvc
    *Deregistered* - DcomLaunch
    *Deregistered* - Dhcp
    *Deregistered* - dmio
    *Deregistered* - dmload
    *Deregistered* - dmserver
    *Deregistered* - Dnscache
    *Deregistered* - ERSvc
    *Deregistered* - EventSystem
    *Deregistered* - FastUserSwitchingCompatibility
    *Deregistered* - Fips
    *Deregistered* - FltMgr
    *Deregistered* - Ftdisk
    *Deregistered* - Gpc
    *Deregistered* - helpsvc
    *Deregistered* - IpNat
    *Deregistered* - IPSec
    *Deregistered* - JavaQuickStarterService
    *Deregistered* - kl1
    *Deregistered* - klif
    *Deregistered* - klim5
    *Deregistered* - KSecDD
    *Deregistered* - lanmanserver
    *Deregistered* - lanmanworkstation
    *Deregistered* - Lavasoft Ad-Aware Service
    *Deregistered* - Lbd
    *Deregistered* - mnmdd
    *Deregistered* - Mouclass
    *Deregistered* - MountMgr
    *Deregistered* - MRxSmb
    *Deregistered* - Msfs
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NDIS
    *Deregistered* - NdisTapi
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - NetBIOS
    *Deregistered* - NetBT
    *Deregistered* - Netman
    *Deregistered* - Nla
    *Deregistered* - Npfs
    *Deregistered* - Ntfs
    *Deregistered* - Null
    *Deregistered* - NVSvc
    *Deregistered* - PartMgr
    *Deregistered* - pavboot
    *Deregistered* - PnkBstrA
    *Deregistered* - PptpMiniport
    *Deregistered* - PSched
    *Deregistered* - PStrip
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasMan
    *Deregistered* - RasPppoe
    *Deregistered* - Raspti
    *Deregistered* - Rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - rdpdr
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - Secdrv
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - Spooler
    *Deregistered* - sptd
    *Deregistered* - sr
    *Deregistered* - srservice
    *Deregistered* - Srv
    *Deregistered* - StarOpen
    *Deregistered* - swenum
    *Deregistered* - SysmonLog
    *Deregistered* - TapiSrv
    *Deregistered* - Tcpip
    *Deregistered* - TermDD
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - VolSnap
    *Deregistered* - Wanarp
    *Deregistered* - winmgmt
    *Deregistered* - WmiApSrv
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-03 c:\windows\Tasks\Ad-Aware Update (Daily).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-03 03:43]

    2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.postarticles.net
    uInternet Connection Wizard,ShellNext = hxxp://www.postarticles.net/
    uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    FF - ProfilePath - c:\documents and settings\Mais lol\Application Data\Mozilla\Firefox\Profiles\105thn2o.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 02:02:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="735F38CE053145D2BEB77280501600C513089CA77F579AF90913C39F765E9AAB0A3DE08E0DC92EAB19ABF887A1B954E5ADB44B02B76514451FA28D1B2F053FD51D42BEAB0489CDCEBDC402AE2327C2D3926E0DF1C72CA095D998A89B75A872403100BE82F568DE336AEA7A4EE9BB549158916FEA6F0F3C1FC8646254D3D1BE67701C11A1D3331D41801692F0EFA798963B8BC597D0C1E402200B4FA9B3D9B4BC26CD2ACB7389C8D7075641D816EF9DCC98E0A656F3CE1D58B725C6B8E7EF6724446440F90E5DA748274D3FF99C6CFB94F3A96AB6C5946CAD8BDE624FA2176FF85EC0D1D64179815AAEB1897D2B4C4C41F38EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E66739C56F2C05D95DB60FF3DFDD262872CF388E5F2E99C4D1AFAFACA30F42D2B73F5D227B40F2B9DE7D3D24DB148F32DAEC04BF0A08C7A5815AE79C44AF60D7E7E765910E6D82646A6DA40D7CF6268CC6ACE4BF9A310AD1C9D2FBAE5BD635E186BFE37A1EF395D724B2DA8EBD2C1DC03532908E37D17F80A14F639CD8D07478253733F20467110658923A3E842DAA4FC8B4805B6E69D15FA39E59579143D592F64F6DC57EB05C54F2E0DE6415C586A9C7FD758CACCA2A0D921FDC7F3D23949E561BF2732D8A641E8609297C9B17EFB61EEEEE3CC519379D5046AF6CF8BBEFFBBFC5E83017049BB0C709BF37A59627525A7AB336F14FAB19E51CDBA8C4ABAC82540CB7E12582F3CD92728B7AA40CF24C2F284E7E4CBA3FFCFDBBA9718665927858BF0A25A4BC682B646DB8DEF0949D66F3138CC855FE2BB769D6AA3A04B0EB9C344551C8C53E74745F32B82FC321F25724E90100ED0F2EAE9B32B0AA6CA7899EF617C0D120E71846C79041EC3C75C4CB5C71023FDFB60DB82CA4529BCC39BF244FC051F5AB6D59B308E9CBCCDBAC6AE161FE29DAD4130B22D799EB9B1D28E3C692E4BFA1C655C0C02F3515378931BCAB9AFE5557DD1676AA7F949CEEB20BD2133BB80A73B27C5A69ED7B1D478FC49832126FA7ECEC051B8724A7468ACCCC6C89E40575C09312361C9B5D2BD01D7CE0EE7566078A5AFA4C5F70FA12190AAB94A0CFA68A8FF31BEA38300AC6D4C2C07B511A889C51616461CE2ECBE8F8EDBB32BFE210951DC0EC1096CB4ABD8E78CD503D751358972183B466CEE9FBBD6363B1C4A5C526D54C3641802E77216898364D08A2536B661DECA429E4B83D2E35DC0200C46190DF4AF4A0B2BEFE450460DC65FD5FACCBF9BC0D158F2AB264C2943717B71290ED1356FCD16087654536F3FA8DDC1198B3454B1F6A8679E1EAAB15D46824811398786BF67F3034BEFC07D71DBFD9BC2021ED78B711EC5167924BAF6CF1F2"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(612)
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
    c:\windows\system32\klogon.dll

    - - - - - - - > 'lsass.exe'(668)
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

    - - - - - - - > 'explorer.exe'(3588)
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
    c:\program files\powerstrip\pshook.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\LC.dll
    c:\windows\system32\stobject.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-14 2:07:22 - La machine a redémarré [Mais lol]
    ComboFix-quarantined-files.txt 2009-02-14 01:06:17

    Avant-CF: 268,350,672,896 octets libres
    Après-CF: 268,273,475,584 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=ntkrnlmp.exe

    401 --- E O F --- 2009-02-12 21:16:37

    Je precise que U.exe est encore revenu :'(
    0
  19. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour Maillou94, il n'est pas transposable sur un autre ordinateur !

    Toujours avec toutes les protections désactivées, fais ceci :

    • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    • Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    C:\WINDOWS\winlogox.exe
    C:\WINDOWS\taskmgr.exe
    C:\U.exe

    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Microsft managr"=-
    "Window UDP Control Servic"=-

    ------------------------------------------------------------------

    • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    • Quitte le Bloc Notes

    • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
  20. Maillou94 Messages postés 22 Statut Membre
     
    ComboFix 09-02-12.03 - Mais lol 2009-02-14 2:35:06.2 - NTFSx86
    Lancé depuis: c:\documents and settings\Mais lol\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Mais lol\Bureau\CFScript.txt

    FILE ::
    C:\U.exe
    c:\windows\taskmgr.exe
    c:\windows\winlogox.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\u.exe
    c:\windows\taskmgr.exe
    c:\windows\winlogox.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-14 01:30 . 2009-02-14 01:30 <REP> d-------- C:\rsit
    2009-02-14 00:31 . 2009-02-14 00:31 579,072 --a------ c:\windows\system32\DllCache\user32.dll
    2009-02-14 00:29 . 2009-02-14 00:29 <REP> d-------- c:\windows\ERUNT
    2009-02-14 00:03 . 2009-02-14 00:41 <REP> d-------- C:\SDFix
    2009-02-13 21:31 . 2009-02-13 21:31 <REP> d-------- c:\program files\Trend Micro
    2009-02-13 00:47 . 2009-02-13 03:59 <REP> d-------- c:\program files\a-squared Free
    2009-02-12 23:21 . 2009-02-12 23:21 <REP> d-------- c:\documents and settings\Mais lol\Application Data\Malwarebytes
    2009-02-12 23:04 . 2009-02-12 23:04 <REP> d-------- c:\documents and settings\Mais lol\Application Data\teamspeak2
    2009-02-12 22:55 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-02-12 22:54 . 2009-02-12 22:54 <REP> d-------- c:\program files\Panda Security
    2009-02-12 22:48 . 2009-02-12 22:48 <REP> d-------- c:\documents and settings\Mais lol\Contacts
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage réseau
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage d'impression
    2009-02-12 22:45 . 2008-05-01 18:49 <REP> d--h----- c:\documents and settings\Mais lol\Modèles
    2009-02-12 22:45 . 2009-02-13 01:04 <REP> dr------- c:\documents and settings\Mais lol\Mes documents
    2009-02-12 22:45 . 2008-05-01 20:44 <REP> dr------- c:\documents and settings\Mais lol\Menu Démarrer
    2009-02-12 22:45 . 2009-02-12 22:45 <REP> dr------- c:\documents and settings\Mais lol\Favoris
    2009-02-12 22:45 . 2009-02-14 02:34 <REP> d-------- c:\documents and settings\Mais lol\Bureau
    2009-02-12 22:45 . 2009-02-14 01:51 <REP> d-------- c:\documents and settings\Mais lol
    2009-02-12 22:45 . 2009-02-12 22:45 244 --ah----- C:\sqmnoopt01.sqm
    2009-02-12 22:45 . 2009-02-12 22:45 232 --ah----- C:\sqmdata01.sqm
    2009-02-12 22:11 . 2009-02-12 22:16 1,374 --a------ c:\windows\imsins.BAK
    2009-02-12 22:10 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
    2009-02-12 22:10 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
    2009-02-12 22:10 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
    2009-02-12 22:10 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
    2009-02-12 22:10 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
    2009-02-12 22:10 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
    2009-02-12 22:10 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
    2009-02-12 22:10 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
    2009-02-12 22:10 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
    2009-02-12 21:08 . 2009-02-13 01:24 <REP> d-------- c:\program files\MSNFix
    2009-02-12 14:00 . 2009-02-12 14:00 <REP> d-------- c:\program files\Live-Prod
    2009-02-12 07:20 . 2009-02-12 07:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-02-12 02:22 . 2009-02-12 02:22 <REP> d-------- c:\program files\Messenger Plus! Live
    2009-02-12 02:03 . 2009-02-12 02:04 <REP> d-------- c:\program files\Windows Live
    2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
    2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
    2009-02-12 02:03 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
    2009-02-12 01:54 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
    2009-02-12 01:54 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
    2009-02-12 01:54 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
    2009-02-12 01:53 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
    2009-02-12 01:51 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
    2009-02-12 01:51 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
    2009-02-12 01:51 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
    2009-02-12 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-02-12 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-02-12 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-02-12 01:38 . 2009-02-12 01:38 <REP> d-------- c:\program files\MSECACHE
    2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-12 01:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-12 01:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-11 23:04 . 2009-02-11 23:04 <REP> d-------- c:\documents and settings\NetworkService\Bureau
    2009-02-04 19:42 . 2009-02-04 19:42 34 --a------ c:\windows\cdplayer.ini
    2009-02-04 19:28 . 2009-02-04 19:34 <REP> d-------- C:\audiograbber
    2009-02-03 13:54 . 2009-02-03 03:43 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-02-03 03:45 . 2009-02-03 03:45 <REP> d-------- c:\documents and settings\LocalService\Bureau
    2009-02-03 03:43 . 2009-02-03 03:43 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
    2009-02-03 03:40 . 2009-02-03 03:40 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
    2009-02-03 01:13 . 2009-02-03 01:13 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-03 01:12 . 2009-02-03 01:12 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
    2009-02-03 01:11 . 2009-02-03 01:11 <REP> d-------- c:\program files\Microsoft
    2009-02-03 01:05 . 2009-02-03 01:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-02-01 23:18 . 2009-02-01 23:18 <REP> d-------- C:\Logs
    2009-01-31 20:40 . 2009-01-31 20:40 <REP> d-------- c:\documents and settings\All Users\Application Data\id Software
    2009-01-30 00:57 . 2009-01-30 00:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2009-01-29 22:58 . 2009-01-31 17:46 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment
    2009-01-29 01:03 . 2009-01-29 01:03 <REP> d-------- c:\program files\CCleaner
    2009-01-28 15:14 . 2009-01-28 15:14 <REP> d-------- c:\windows\system32\LogFiles
    2009-01-28 15:14 . 2009-01-31 20:40 2,246,144 --a------ c:\windows\system32\pbsvc.exe
    2009-01-28 15:14 . 2009-02-01 00:40 189,576 --a------ c:\windows\system32\PnkBstrB.exe
    2009-01-28 15:14 . 2009-02-01 00:40 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-28 15:14 . 2009-01-31 20:44 70,968 --a------ c:\windows\system32\PnkBstrA.exe
    2009-01-18 18:43 . 2004-10-30 01:42 142,976 --a------ c:\windows\system32\DllCache\usbport.sys
    2009-01-17 16:49 . 2009-02-13 21:53 <REP> d-------- c:\program files\Steam
    2009-01-16 22:05 . 2009-02-14 02:01 97,052 --a------ c:\windows\system32\oodbs.lor
    2009-01-16 13:09 . 2009-01-16 13:09 0 --a------ c:\windows\oodcnt.INI
    2009-01-16 06:50 . 2009-01-16 06:50 <REP> d-------- c:\windows\system32\oodag
    2009-01-16 04:42 . 2009-01-16 04:42 <REP> d-------- c:\program files\OO Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 01:37 55,455,264 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-02-14 01:37 2,000,928 --sha-w c:\windows\system32\drivers\fidbox2.dat
    2009-02-14 01:01 742,880 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-02-14 01:01 188,228 --sha-w c:\windows\system32\drivers\fidbox2.idx
    2009-02-14 00:53 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2009-02-12 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-12 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-12 22:04 --------- d-----w c:\program files\Teamspeak2_RC2
    2009-02-11 16:18 --------- d-----w c:\program files\mIRC
    2009-02-04 12:43 89,601 ----a-w c:\windows\system32\drivers\klick.dat
    2009-02-04 12:43 101,287 ----a-w c:\windows\system32\drivers\klin.dat
    2009-01-31 20:06 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-25 15:44 --------- d-----w c:\program files\ma-config.com
    2009-01-25 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-16 20:15 3,594,752 ------w c:\windows\system32\DllCache\mshtml.dll
    2009-01-13 15:39 --------- d-----w c:\program files\Warcraft III
    2009-01-05 00:19 --------- d-----w c:\program files\MP4Converter
    2008-12-29 12:32 --------- d-----w c:\program files\FreeGo
    2008-12-27 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-27 15:09 --------- d-----w c:\program files\Bonjour
    2008-12-27 15:08 --------- d-----w c:\program files\QuickTime
    2008-12-27 15:07 --------- d-----w c:\program files\Apple Software Update
    2008-12-27 14:58 --------- d-----w c:\program files\Safari
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ------w c:\windows\system32\DllCache\wininet.dll
    2008-12-20 22:47 671,232 ------w c:\windows\system32\DllCache\mstime.dll
    2008-12-20 22:47 477,696 ------w c:\windows\system32\DllCache\mshtmled.dll
    2008-12-20 22:47 44,544 ------w c:\windows\system32\DllCache\pngfilt.dll
    2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
    2008-12-20 22:47 193,024 ------w c:\windows\system32\DllCache\msrating.dll
    2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
    2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
    2008-12-20 22:47 1,160,192 ------w c:\windows\system32\DllCache\urlmon.dll
    2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
    2008-12-15 22:30 --------- d-----w c:\program files\PyGrenouille
    2008-12-11 10:24 333,184 ------w c:\windows\system32\DllCache\srv.sys
    2008-12-09 18:41 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    .

    ------- Sigcheck -------

    2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe

    2007-08-06 10:51 3256832 7c56d56d6be0760ddf9a37344731bd3f c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-03 509784]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
    "nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS\[u]0/ulsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
    backup=c:\windows\pss\PyGrenouille.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
    --a------ 2005-11-23 14:04 1544192 c:\program files\D-Link\AirPlus G\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2009-01-17 16:50 1410296 c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "O&O Defrag"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24060:TCP"= 24060:TCP:BitComet 24060 TCP
    "24060:UDP"= 24060:UDP:BitComet 24060 UDP

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-03 950096]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-03 64160]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
    S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - a2free
    *Deregistered* - AegisP
    *Deregistered* - AFD
    *Deregistered* - ALG
    *Deregistered* - ANIO
    *Deregistered* - ANIWZCSdService
    *Deregistered* - Arp1394
    *Deregistered* - AudioSrv
    *Deregistered* - audstub
    *Deregistered* - AVP
    *Deregistered* - Beep
    *Deregistered* - Bonjour Service
    *Deregistered* - Browser
    *Deregistered* - Cdfs
    *Deregistered* - CryptSvc
    *Deregistered* - DcomLaunch
    *Deregistered* - Dhcp
    *Deregistered* - dmio
    *Deregistered* - dmload
    *Deregistered* - dmserver
    *Deregistered* - Dnscache
    *Deregistered* - ERSvc
    *Deregistered* - EventSystem
    *Deregistered* - FastUserSwitchingCompatibility
    *Deregistered* - Fips
    *Deregistered* - FltMgr
    *Deregistered* - Ftdisk
    *Deregistered* - Gpc
    *Deregistered* - helpsvc
    *Deregistered* - IpNat
    *Deregistered* - IPSec
    *Deregistered* - JavaQuickStarterService
    *Deregistered* - kl1
    *Deregistered* - klif
    *Deregistered* - klim5
    *Deregistered* - KSecDD
    *Deregistered* - lanmanserver
    *Deregistered* - lanmanworkstation
    *Deregistered* - Lavasoft Ad-Aware Service
    *Deregistered* - Lbd
    *Deregistered* - mnmdd
    *Deregistered* - Mouclass
    *Deregistered* - MountMgr
    *Deregistered* - MRxSmb
    *Deregistered* - Msfs
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NDIS
    *Deregistered* - NdisTapi
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - NetBIOS
    *Deregistered* - NetBT
    *Deregistered* - Netman
    *Deregistered* - Nla
    *Deregistered* - Npfs
    *Deregistered* - Ntfs
    *Deregistered* - Null
    *Deregistered* - NVSvc
    *Deregistered* - PartMgr
    *Deregistered* - pavboot
    *Deregistered* - PnkBstrA
    *Deregistered* - PptpMiniport
    *Deregistered* - PSched
    *Deregistered* - PStrip
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasMan
    *Deregistered* - RasPppoe
    *Deregistered* - Raspti
    *Deregistered* - Rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - rdpdr
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - Schedule
    *Deregistered* - Secdrv
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - Spooler
    *Deregistered* - sptd
    *Deregistered* - sr
    *Deregistered* - srservice
    *Deregistered* - Srv
    *Deregistered* - StarOpen
    *Deregistered* - stisvc
    *Deregistered* - swenum
    *Deregistered* - SysmonLog
    *Deregistered* - TapiSrv
    *Deregistered* - Tcpip
    *Deregistered* - TermDD
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - VolSnap
    *Deregistered* - Wanarp
    *Deregistered* - winmgmt
    *Deregistered* - WmiApSrv
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-03 03:43]

    2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Microsft managr - c:\windows\taskmgr.exe
    HKLM-Run-Window UDP Control Servic - winlogox.exe
    MSConfigStartUp-Microsft managr - c:\windows\taskmgr.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://postarticles.net
    uInternet Connection Wizard,ShellNext = hxxp://www.postarticles.net/
    uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    FF - ProfilePath - c:\documents and settings\Mais lol\Application Data\Mozilla\Firefox\Profiles\105thn2o.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 02:37:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="735F38CE053145D2BEB77280501600C513089CA77F579AF90913C39F765E9AAB0A3DE08E0DC92EAB19ABF887A1B954E5ADB44B02B76514451FA28D1B2F053FD51D42BEAB0489CDCEBDC402AE2327C2D3926E0DF1C72CA095D998A89B75A872403100BE82F568DE336AEA7A4EE9BB549158916FEA6F0F3C1FC8646254D3D1BE67701C11A1D3331D41801692F0EFA798963B8BC597D0C1E402200B4FA9B3D9B4BC26CD2ACB7389C8D7075641D816EF9DCC98E0A656F3CE1D58B725C6B8E7EF6724446440F90E5DA748274D3FF99C6CFB94F3A96AB6C5946CAD8BDE624FA2176FF85EC0D1D64179815AAEB1897D2B4C4C41F38EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E66739C56F2C05D95DB60FF3DFDD262872CF388E5F2E99C4D1AFAFACA30F42D2B73F5D227B40F2B9DE7D3D24DB148F32DAEC04BF0A08C7A5815AE79C44AF60D7E7E765910E6D82646A6DA40D7CF6268CC6ACE4BF9A310AD1C9D2FBAE5BD635E186BFE37A1EF395D724B2DA8EBD2C1DC03532908E37D17F80A14F639CD8D07478253733F20467110658923A3E842DAA4FC8B4805B6E69D15FA39E59579143D592F64F6DC57EB05C54F2E0DE6415C586A9C7FD758CACCA2A0D921FDC7F3D23949E561BF2732D8A641E8609297C9B17EFB61EEEEE3CC519379D5046AF6CF8BBEFFBBFC5E83017049BB0C709BF37A59627525A7AB336F14FAB19E51CDBA8C4ABAC82540CB7E12582F3CD92728B7AA40CF24C2F284E7E4CBA3FFCFDBBA9718665927858BF0A25A4BC682B646DB8DEF0949D66F3138CC855FE2BB769D6AA3A04B0EB9C344551C8C53E74745F32B82FC321F25724E90100ED0F2EAE9B32B0AA6CA7899EF617C0D120E71846C79041EC3C75C4CB5C71023FDFB60DB82CA4529BCC39BF244FC051F5AB6D59B308E9CBCCDBAC6AE161FE29DAD4130B22D799EB9B1D28E3C692E4BFA1C655C0C02F3515378931BCAB9AFE5557DD1676AA7F949CEEB20BD2133BB80A73B27C5A69ED7B1D478FC49832126FA7ECEC051B8724A7468ACCCC6C89E40575C09312361C9B5D2BD01D7CE0EE7566078A5AFA4C5F70FA12190AAB94A0CFA68A8FF31BEA38300AC6D4C2C07B511A889C51616461CE2ECBE8F8EDBB32BFE210951DC0EC1096CB4ABD8E78CD503D751358972183B466CEE9FBBD6363B1C4A5C526D54C3641802E77216898364D08A2536B661DECA429E4B83D2E35DC0200C46190DF4AF4A0B2BEFE450460DC65FD5FACCBF9BC0D158F2AB264C2943717B71290ED1356FCD16087654536F3FA8DDC1198B3454B1F6A8679E1EAAB15D46824811398786BF67F3034BEFC07D71DBFD9BC2021ED78B711EC5167924BAF6CF1F2"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(612)
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
    c:\windows\system32\klogon.dll

    - - - - - - - > 'lsass.exe'(668)
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
    .
    Heure de fin: 2009-02-14 2:39:28
    ComboFix-quarantined-files.txt 2009-02-14 01:39:25
    ComboFix2.txt 2009-02-14 01:07:25

    Avant-CF: 268 250 136 576 octets libres
    Après-CF: 268,232,462,336 octets libres

    387 --- E O F --- 2009-02-12 21:16:37
    0
  • 1
  • 2