PC infecté par trojans

Résolu
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   -  
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Jeudi dernier, j'ai eu une alerte d'AVAST qui a détecté Trojan-Gen.
Impossible de le mettre en quarantaine comme préconisé.
J'ai cliqué sur "supprimé" mais il est revenu.
Le PC devenait super lent, à l'allumage, il mettait 3 heures à afficher le menu démarrer et les icônes du bureau. Pas moyen de me connecter à internet non plus.
En mode sans échec, j'ai lancé un scan et avast m'annonçait 1 trojan/virus.
A chaque fois je les supprimais mais d'autres revenaient. Voici la liste :
- win32 : alureon-cy
- html : skintime-a
- win32 : walivun [trj]
- win32 : alureon - da

Hier soir, au lancement d'avast (toujours en mode sans échec), après "avast test le mémoire de travail", j'ai eu le message "la mémoire est infectée".
En mode sans échec, j'ai supprimé des fichiers téléchargés la semaine dernières, certainement à l'origine des trojans.

Aujourd'hui, je le rallume, et le menu démarrer s'affiche de suite, les icônes aussi, j'ai pu de suite me connecter à internet.

J'aimerais bien avoir votre aide pour vérifier ce qu'il y a vraiment comme trojans sur mon PC et les supprimer définitivement.

Je viens de faire un scan Hijackthis.
Merci d'avance de votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:36, on 29/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {1FC82A8C-54E6-4A4F-AADD-2CD4B3E88DEF} - \
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

32 réponses

Précédent
  • 1
  • 2
Réponse 21 / 32
Narco!4 Messages postés 2385 Date d'inscription   Statut Contributeur Dernière intervention   467
 
oui;)
0
Réponse 22 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
Merci Narco, je le ferais demain matin, je ne peux plus rester en ligne ce soir !

@ +
0
Réponse 23 / 32
Narco!4 Messages postés 2385 Date d'inscription   Statut Contributeur Dernière intervention   467
 
ok
0
Réponse 24 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
Voilà tout est fait !

RAPPORT TOOLBAR :

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 03/10/05 17:00:55 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090929-0] 4.8.1351 (Not Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:76 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 30/09/2009|11:25 )
C:\WINDOWS\iun6002.exe

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\Prefetch\DEALIOKIT1-STUB-0.EXE-0B9BE12B.pf
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGSKIT.EXE-38523AE6.pf
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Administrateur) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(HP_Propriétaire) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} => freecorder
(HP_Propriétaire) - {7E7165E2-0767-448c-852F-5FA8714F2C37} => plainoldfavorites
(HP_Propriétaire) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(HP_Propriétaire) - {ff356687-aa08-463d-a46c-11c451824939} => redcats_blue
(HP_Propriétaire) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} => freecorder
(HP_Propriétaire) - {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} => walnut
(HP_Propriétaire) - {7E7165E2-0767-448c-852F-5FA8714F2C37} => plainoldfavorites
(HP_Propriétaire) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(HP_Propriétaire) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd
(HP_Propriétaire) - {ff356687-aa08-463d-a46c-11c451824939} => redcats_blue


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
"Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 30/09/2009|11:27 - Option : [2]

-----------\\ Fin du rapport a 11:27:33,68

RAPPORT COMBOFIX :

ComboFix 09-09-29.02 - HP_Propriétaire 30/09/2009 11:31.3.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.246 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 ))))))))))))))))))))))))))))))))))))
.

2009-09-30 09:25 . 2009-09-30 09:27 -------- d-----w- C:\ToolBar SD
2009-09-29 20:49 . 2009-03-16 16:36 23552 ----a-w- c:\windows\system32\uniq.exe
2009-09-29 20:49 . 2009-03-16 16:36 79360 ----a-w- c:\windows\system32\regex2.dll
2009-09-29 20:48 . 2009-03-16 16:36 140288 ----a-w- c:\windows\system32\pcre3.dll
2009-09-29 20:48 . 2009-03-16 16:36 103424 ----a-w- c:\windows\system32\libintl3.dll
2009-09-29 20:48 . 2009-03-16 16:36 898048 ----a-w- c:\windows\system32\libiconv2.dll
2009-09-29 20:47 . 2009-09-29 19:54 147456 ----a-w- c:\windows\system32\HP_Propriétaire_CM.exe
2009-09-29 20:47 . 2009-06-09 17:34 453632 ----a-w- c:\windows\system32\GetVersion.exe
2009-09-29 20:47 . 2009-05-20 10:05 287232 ----a-w- c:\windows\system32\curl.exe
2009-09-29 19:53 . 2009-09-29 20:52 -------- d-----w- C:\GenProc
2009-09-29 19:51 . 2009-09-29 19:51 1755220 ----a-w- C:\GenProc2.631.exe
2009-09-29 17:04 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 17:04 . 2009-09-29 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 17:04 . 2009-09-29 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-29 17:04 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 17:02 . 2009-09-29 17:02 4045528 ----a-w- c:\program files\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.exe
2009-09-26 06:18 . 2009-09-26 06:18 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
2009-09-25 17:50 . 2009-09-25 17:50 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-09-25 16:22 . 2009-09-25 16:22 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-09-24 22:35 . 2009-09-24 22:35 -------- d-sh--w- c:\documents and settings\Administrateur\IECompatCache
2009-09-24 22:32 . 2009-09-24 22:32 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-09-24 19:46 . 2009-09-24 21:23 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-24 17:12 . 2009-09-24 17:12 -------- d-----w- c:\windows\system32\QuickTime
2009-09-24 16:24 . 2009-09-24 16:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-24 16:21 . 2009-09-24 16:21 -------- d-----w- C:\spoolerlogs
2009-09-24 16:18 . 2009-09-24 16:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-16 19:03 . 2009-09-16 19:03 -------- d-----w- c:\program files\Microsoft
2009-09-16 19:03 . 2009-09-16 19:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-09 09:22 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 21:17 . 2009-09-06 21:17 8104160 ----a-w- c:\program files\Firefox Setup 3.5.2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 09:19 . 2008-06-20 16:45 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-27 17:06 . 2006-04-11 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-16 19:05 . 2007-09-10 18:15 -------- d-----w- c:\program files\Windows Live
2009-09-16 19:04 . 2005-09-17 10:04 -------- d-----w- c:\program files\MSN Messenger
2009-09-11 16:19 . 2006-04-11 10:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-08 19:48 . 2005-08-03 08:43 -------- d-----w- c:\program files\VideoLAN
2009-08-29 19:48 . 2006-05-10 09:45 -------- d-----w- c:\program files\Fichiers communs\Labtec
2009-08-29 19:47 . 2009-03-03 11:11 -------- d-----w- c:\program files\CCleaner
2009-08-20 21:11 . 2004-11-23 21:26 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-20 21:11 . 2004-11-23 21:26 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-20 21:06 . 2009-08-20 21:06 -------- d-----w- c:\program files\MSBuild
2009-08-20 21:06 . 2009-08-20 21:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2009-02-25 10:05 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-25 10:05 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-25 10:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-25 10:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-25 10:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-25 10:05 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-25 10:05 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-25 10:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-25 10:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 21:06 . 2009-08-09 21:06 -------- d-----w- c:\program files\Orange
2009-08-09 21:05 . 2009-08-09 21:05 6746581 ----a-w- c:\program files\3.7.1.91_Player Orange 3.7.1.91 FR - PROD.exe
2009-08-08 15:03 . 2009-08-08 14:59 -------- d-----w- c:\program files\OrangeHSS
2009-08-08 15:02 . 2005-05-08 08:53 -------- d-----w- c:\program files\Securitoo
2009-08-08 14:56 . 2009-08-08 14:56 -------- d-----w- c:\program files\Fichiers communs\France Telecom
2009-08-05 09:00 . 2004-08-05 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:03 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 18:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-08-05 18:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 08:49 . 2009-07-03 08:46 10053112 ----a-w- c:\program files\picasa3-setup.exe
2009-06-03 09:50 . 2009-06-03 09:50 2808 ----a-w- c:\program files\moncertificat.p12
2009-05-08 10:47 . 2009-05-08 10:47 318904 ----a-w- c:\program files\windows-media-player-firefox-plugin_windows_media_player_firefox_plugin_1.0.0.8_anglais_35439.exe
2009-04-29 21:18 . 2009-04-29 21:16 6842976 ----a-w- c:\program files\Thunderbird Setup 2.0.0.21.exe
2009-04-27 15:54 . 2009-04-27 15:53 1502423 ----a-w- c:\program files\DC3Setup_33.zip
2009-04-22 14:47 . 2009-04-22 14:47 573051 ----a-w- c:\program files\lame3.98a11.zip
2009-03-25 10:02 . 2008-07-17 19:31 31381288 ----a-w- c:\program files\setupfre.exe
2009-03-24 17:10 . 2009-03-24 17:03 15615488 ----a-w- c:\program files\20050816162816765_PIMS_File_Manager.exe
2009-03-14 09:19 . 2009-03-14 09:17 5110862 ----a-w- c:\program files\capturino2.exe
2009-03-03 11:08 . 2009-03-03 11:07 3184816 ----a-w- c:\program files\ccsetup217.exe
2008-12-04 19:38 . 2008-12-04 19:38 607640 ----a-w- c:\program files\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe
2008-11-26 13:35 . 2008-11-26 13:32 4594616 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-11-24 18:16 . 2008-12-06 19:44 3397533 ----a-w- c:\program files\NXSetup_Vista(x86).exe
2008-11-13 08:32 . 2008-11-13 08:32 22380328 ----a-w- c:\program files\SkypeSetup.exe
2008-09-20 17:13 . 2008-09-20 17:13 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2008-07-20 20:30 . 2008-07-20 20:30 9258851 ----a-w- c:\program files\Gestionnaire_internetHD.exe
2007-12-29 20:38 . 2007-12-29 20:38 3252981 ----a-w- c:\program files\vdownloader_vdownloader_v0.61_anglais_38422.zip
2007-06-15 09:25 . 2007-06-08 09:28 1882020 ----a-w- c:\program files\PhotoFiltre.zip
2007-03-20 14:41 . 2009-01-22 17:47 5626929 ------w- c:\program files\USBSETUP98.EXE
2006-03-15 17:56 . 2006-03-15 17:56 1587114 ----a-w- c:\program files\pf-setup.exe
2005-10-18 12:39 . 2005-10-18 12:39 3315767 ----a-w- c:\program files\install_instanttimezone.exe
2005-10-06 11:16 . 2005-10-06 11:16 528024 ----a-w- c:\program files\eCarteBleue-Credit-Lyonnais-CLEO.exe
2005-09-26 10:21 . 2005-09-26 10:21 10485977 ----a-w- c:\program files\UGA50t_F.exe
2005-09-18 19:17 . 2005-09-18 19:17 4592776 ----a-w- c:\program files\MsgPlus-354.exe
2005-09-17 10:03 . 2005-09-17 10:02 9333960 ----a-w- c:\program files\Install_MSN_Messenger.EXE
2005-05-18 08:40 . 2005-05-18 08:39 2932224 ----a-w- c:\program files\FRENCHZ11.EXE
2002-06-20 21:25 . 2007-12-07 18:35 1822848 ----a-r- c:\program files\InstMsiW.exe
2002-06-20 21:25 . 2007-12-07 18:35 1709160 ----a-r- c:\program files\InstMsiA.exe
2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-06-01 10:54 . 2005-06-01 10:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-08-20 19:11 2215960 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FC82A8C-54E6-4A4F-AADD-2CD4B3E88DEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-08-20 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-08-20 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-02-16 319488]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InstantTimeZone.lnk
backup=c:\windows\pss\InstantTimeZone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [13/05/2005 16:39 11264]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/02/2009 12:05 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/02/2009 12:05 20560]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [25/08/2007 20:05 19034]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2005 00:33 24544]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.duxet.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} - hxxp://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\rld0urg5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\rld0urg5.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicdclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 11:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-09-30 11:44
ComboFix-quarantined-files.txt 2009-09-30 09:44
ComboFix2.txt 2009-09-30 09:15

Avant-CF: 82 002 350 080 octets libres
Après-CF: 81 960 521 728 octets libres

211 --- E O F --- 2009-09-17 20:07


RAPPORT HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:50, on 30/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {1FC82A8C-54E6-4A4F-AADD-2CD4B3E88DEF} - \
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
J'ai refait ces étapes !

NOUVEAU RAPPORT COMBOFIX :

ComboFix 09-09-29.02 - HP_Propriétaire 30/09/2009 13:10.5.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.503.302 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 ))))))))))))))))))))))))))))))))))))
.

2009-09-30 09:25 . 2009-09-30 09:27 -------- d-----w- C:\ToolBar SD
2009-09-29 20:49 . 2009-03-16 16:36 23552 ----a-w- c:\windows\system32\uniq.exe
2009-09-29 20:49 . 2009-03-16 16:36 79360 ----a-w- c:\windows\system32\regex2.dll
2009-09-29 20:48 . 2009-03-16 16:36 140288 ----a-w- c:\windows\system32\pcre3.dll
2009-09-29 20:48 . 2009-03-16 16:36 103424 ----a-w- c:\windows\system32\libintl3.dll
2009-09-29 20:48 . 2009-03-16 16:36 898048 ----a-w- c:\windows\system32\libiconv2.dll
2009-09-29 20:47 . 2009-09-29 19:54 147456 ----a-w- c:\windows\system32\HP_Propriétaire_CM.exe
2009-09-29 20:47 . 2009-06-09 17:34 453632 ----a-w- c:\windows\system32\GetVersion.exe
2009-09-29 20:47 . 2009-05-20 10:05 287232 ----a-w- c:\windows\system32\curl.exe
2009-09-29 19:53 . 2009-09-30 10:17 -------- d-----w- C:\GenProc
2009-09-29 19:51 . 2009-09-29 19:51 1755220 ----a-w- C:\GenProc2.631.exe
2009-09-29 17:04 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 17:04 . 2009-09-29 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 17:04 . 2009-09-29 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-29 17:04 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 17:02 . 2009-09-29 17:02 4045528 ----a-w- c:\program files\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.exe
2009-09-26 06:18 . 2009-09-26 06:18 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
2009-09-25 17:50 . 2009-09-25 17:50 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-09-25 16:22 . 2009-09-25 16:22 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-09-24 22:35 . 2009-09-24 22:35 -------- d-sh--w- c:\documents and settings\Administrateur\IECompatCache
2009-09-24 22:32 . 2009-09-24 22:32 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-09-24 19:46 . 2009-09-24 21:23 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-24 17:12 . 2009-09-24 17:12 -------- d-----w- c:\windows\system32\QuickTime
2009-09-24 16:24 . 2009-09-24 16:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-24 16:21 . 2009-09-24 16:21 -------- d-----w- C:\spoolerlogs
2009-09-24 16:18 . 2009-09-24 16:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-16 19:03 . 2009-09-16 19:03 -------- d-----w- c:\program files\Microsoft
2009-09-16 19:03 . 2009-09-16 19:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-09 09:22 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 21:17 . 2009-09-06 21:17 8104160 ----a-w- c:\program files\Firefox Setup 3.5.2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 11:05 . 2008-06-20 16:45 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-27 17:06 . 2006-04-11 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-16 19:05 . 2007-09-10 18:15 -------- d-----w- c:\program files\Windows Live
2009-09-16 19:04 . 2005-09-17 10:04 -------- d-----w- c:\program files\MSN Messenger
2009-09-11 16:19 . 2006-04-11 10:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-08 19:48 . 2005-08-03 08:43 -------- d-----w- c:\program files\VideoLAN
2009-08-29 19:48 . 2006-05-10 09:45 -------- d-----w- c:\program files\Fichiers communs\Labtec
2009-08-29 19:47 . 2009-03-03 11:11 -------- d-----w- c:\program files\CCleaner
2009-08-20 21:11 . 2004-11-23 21:26 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-20 21:11 . 2004-11-23 21:26 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-20 21:06 . 2009-08-20 21:06 -------- d-----w- c:\program files\MSBuild
2009-08-20 21:06 . 2009-08-20 21:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2009-02-25 10:05 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-25 10:05 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-25 10:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-25 10:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-25 10:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-25 10:05 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-25 10:05 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-25 10:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-25 10:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 21:06 . 2009-08-09 21:06 -------- d-----w- c:\program files\Orange
2009-08-09 21:05 . 2009-08-09 21:05 6746581 ----a-w- c:\program files\3.7.1.91_Player Orange 3.7.1.91 FR - PROD.exe
2009-08-08 15:03 . 2009-08-08 14:59 -------- d-----w- c:\program files\OrangeHSS
2009-08-08 15:02 . 2005-05-08 08:53 -------- d-----w- c:\program files\Securitoo
2009-08-08 14:56 . 2009-08-08 14:56 -------- d-----w- c:\program files\Fichiers communs\France Telecom
2009-08-05 09:00 . 2004-08-05 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:03 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 18:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-08-05 18:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 08:49 . 2009-07-03 08:46 10053112 ----a-w- c:\program files\picasa3-setup.exe
2009-06-03 09:50 . 2009-06-03 09:50 2808 ----a-w- c:\program files\moncertificat.p12
2009-05-08 10:47 . 2009-05-08 10:47 318904 ----a-w- c:\program files\windows-media-player-firefox-plugin_windows_media_player_firefox_plugin_1.0.0.8_anglais_35439.exe
2009-04-29 21:18 . 2009-04-29 21:16 6842976 ----a-w- c:\program files\Thunderbird Setup 2.0.0.21.exe
2009-04-27 15:54 . 2009-04-27 15:53 1502423 ----a-w- c:\program files\DC3Setup_33.zip
2009-04-22 14:47 . 2009-04-22 14:47 573051 ----a-w- c:\program files\lame3.98a11.zip
2009-03-25 10:02 . 2008-07-17 19:31 31381288 ----a-w- c:\program files\setupfre.exe
2009-03-24 17:10 . 2009-03-24 17:03 15615488 ----a-w- c:\program files\20050816162816765_PIMS_File_Manager.exe
2009-03-14 09:19 . 2009-03-14 09:17 5110862 ----a-w- c:\program files\capturino2.exe
2009-03-03 11:08 . 2009-03-03 11:07 3184816 ----a-w- c:\program files\ccsetup217.exe
2008-12-04 19:38 . 2008-12-04 19:38 607640 ----a-w- c:\program files\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe
2008-11-26 13:35 . 2008-11-26 13:32 4594616 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-11-24 18:16 . 2008-12-06 19:44 3397533 ----a-w- c:\program files\NXSetup_Vista(x86).exe
2008-11-13 08:32 . 2008-11-13 08:32 22380328 ----a-w- c:\program files\SkypeSetup.exe
2008-09-20 17:13 . 2008-09-20 17:13 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2008-07-20 20:30 . 2008-07-20 20:30 9258851 ----a-w- c:\program files\Gestionnaire_internetHD.exe
2007-12-29 20:38 . 2007-12-29 20:38 3252981 ----a-w- c:\program files\vdownloader_vdownloader_v0.61_anglais_38422.zip
2007-06-15 09:25 . 2007-06-08 09:28 1882020 ----a-w- c:\program files\PhotoFiltre.zip
2007-03-20 14:41 . 2009-01-22 17:47 5626929 ------w- c:\program files\USBSETUP98.EXE
2006-03-15 17:56 . 2006-03-15 17:56 1587114 ----a-w- c:\program files\pf-setup.exe
2005-10-18 12:39 . 2005-10-18 12:39 3315767 ----a-w- c:\program files\install_instanttimezone.exe
2005-10-06 11:16 . 2005-10-06 11:16 528024 ----a-w- c:\program files\eCarteBleue-Credit-Lyonnais-CLEO.exe
2005-09-26 10:21 . 2005-09-26 10:21 10485977 ----a-w- c:\program files\UGA50t_F.exe
2005-09-18 19:17 . 2005-09-18 19:17 4592776 ----a-w- c:\program files\MsgPlus-354.exe
2005-09-17 10:03 . 2005-09-17 10:02 9333960 ----a-w- c:\program files\Install_MSN_Messenger.EXE
2005-05-18 08:40 . 2005-05-18 08:39 2932224 ----a-w- c:\program files\FRENCHZ11.EXE
2002-06-20 21:25 . 2007-12-07 18:35 1822848 ----a-r- c:\program files\InstMsiW.exe
2002-06-20 21:25 . 2007-12-07 18:35 1709160 ----a-r- c:\program files\InstMsiA.exe
2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-06-01 10:54 . 2005-06-01 10:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-08-20 19:11 2215960 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FC82A8C-54E6-4A4F-AADD-2CD4B3E88DEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-08-20 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-08-20 2215960]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-02-16 319488]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InstantTimeZone.lnk
backup=c:\windows\pss\InstantTimeZone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [13/05/2005 16:39 11264]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/02/2009 12:05 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/02/2009 12:05 20560]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [25/08/2007 20:05 19034]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2005 00:33 24544]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.duxet.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} - hxxp://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\rld0urg5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\rld0urg5.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicdclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 13:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-09-30 13:23
ComboFix-quarantined-files.txt 2009-09-30 11:23
ComboFix2.txt 2009-09-30 11:03
ComboFix3.txt 2009-09-30 09:44
ComboFix4.txt 2009-09-30 09:15

Avant-CF: 81 945 354 240 octets libres
Après-CF: 81 903 747 072 octets libres

209 --- E O F --- 2009-09-17 20:07


NOUVEAU RAPPORT HIJACKTHIS /

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:56, on 30/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {1FC82A8C-54E6-4A4F-AADD-2CD4B3E88DEF} - \
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 26 / 32
Narco!4 Messages postés 2385 Date d'inscription   Statut Contributeur Dernière intervention   467
 
dans C:\windows\system32

supprime ces fichiers

curl.exe
GetVersion.exe
grep.exe
HP_Propriétaire_CM.exe
libiconv2.dll
libintl3.dll
mbr.exe
pcre3.dll
regex2.dll
sed.exe
swreg.exe
uniq.exe

dans C:\windows\
GenProc2.631.exe

et le dossier
C:\GenProc

Télécharge GenProc http://www.genproc.com/GenProc.exe sur ton bureau
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

0
Réponse 27 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
Rapport GenProc 2.633 [1] - 30/09/2009 à 21:50:54
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]

~~ CM DISK ERROR ~~

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes en cliquant sur OUI. Patiente. Au message "ComboFix a détecté que la 'console de récupération Windows' n'existe pas sur ce PC", clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message "La console de récupération a été installée avec succès", clique impérativement sur NON pour quitter le programme (ferme également le rapport CF-RC.txt qui s'est ouvert)


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** HP_Propriétaire *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.633 30/09/2009 à 21:51:10
TDSS:le 30/09/2009 à 21:52:34 PFROP gasfky*

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 21:52:58 ~~
0
Réponse 28 / 32
Narco!4 Messages postés 2385 Date d'inscription   Statut Contributeur Dernière intervention   467
 
ok,

dans C:\GenProc\outil\

clique droit sur supprime.bat
modifier
accepte

efface cette ligne

"%outil%\Tdss.txt" (qui se trouve vers la fin)
ferme supprime.bat enregistre les modif.

lance genproc par le raccourci sur ton bureau, double clique dessus
quand genproc à fini, poste le contenu de C:\GenProc\outil\Tdss.txt
0
Réponse 29 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager
PendingFileRenameOperations REG_MULTI_SZ \??\C:\test0123\0\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\0
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 22:28:19
Windows 5.1.2600 Service Pack 3

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f607ac36]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f60ab4b6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkyvbqekcfx]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\gasfkymwivxjcn.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkyvbqekcfx\main]
"aid"="10616"
"sid"="0"
"cmddelay"=dword:00003840

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gasfkyvbqekcfx\modules]
"gasfkyrk.sys"="\systemroot\system32\drivers\gasfkymwivxjcn.sys"
"gasfkycmd.dll"="\systemroot\system32\gasfkyejwbfasw.dll"
"gasfkylog.dat"="\systemroot\system32\gasfkyjjklyxmh.dat"
"gasfkywsp.dll"="\systemroot\system32\gasfkyktndppmt.dll"
"gasfky.dat"="\systemroot\system32\gasfkytpdfxnra.dat"
"gasfkywsp8.dll"="\systemroot\system32\gasfkyngelswlx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f607ac36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f60ab4b6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011f607ac36]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011f60ab4b6]

scanning hidden registry entries ...

scan completed successfully
hidden services: 0


Je reconnais la-dedans un des fichiers qui était annoncé par avast comme étant infecté : system32\gasfkyngelswlx.dll
0
Réponse 30 / 32
Narco!4 Messages postés 2385 Date d'inscription   Statut Contributeur Dernière intervention   467
 
---> Télécharge Gmer http://www2.gmer.net/gmer.zip sur ton Bureau.

---> Extrais le contenu de l'archive puis renomme gmer.exe en tib.exe (Le .exe n'est pas forcément visible).
sur ton burreau

---> Double-clique sur tib.exe.

---> si tu as un message warning
comme celui la
http://www.genproc.com/gmer.JPG
clique non puis save, et enregistre sur ton Bureau "gmer.txt".

---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
0
Réponse 31 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
Narco,

Je t'ai envoyé un mp avec ce que j'obtiens !
0
Réponse 32 / 32
connors Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   3
 
Narco, as-tu recu mon message ?

Est-ce qu'il me reste quelque chose à faire ?
0