Cheval de troie Win32/Olmarik

Résolu
arno83600 Messages postés 101 Statut Membre -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,

Je suis embêté avec un virus situé dans ma mémoire vive, Win32/Olmarik cheval de troie.

Il s'affiche dès que j'envoie un scan sur nod32, et je ne sais pas comment faire pour le faire disparaitre...

D'autre part, je ne sais pas si ça a un rapport, mais dès que je clique sur un lien sur le net, j'ai souvent une fenêtre intempestive intitulée http:// thefeedyard........... ect qui s'affiche...
Quelqu'un peut il m'aider?

Merci.

88 réponses

Précédent
Réponse 41 / 88
arno83600 Messages postés 101 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Loulou at 2009-10-14 01:56:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 9 GB (12%) free of 74 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:56:40, on 14/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Loulou\Bureau\RSIT.exe
C:\Program Files\trend micro\Loulou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Loulou\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: StartupFaster (User 'SYSTEM')
O4 - .DEFAULT Startup: StartupFaster (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\ComboFix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 42 / 88
arno83600 Messages postés 101 Statut Membre 1
 
me laisse pas tomber destrio, merci...
0
Réponse 43 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
As-tu essayé de faire ComboFix en mode sans échec ?
0
Réponse 44 / 88
arno83600 Messages postés 101 Statut Membre 1
 
je peux pas accéder au mode sans échec... je sais pas pourquoi, mais quand je veux le mettre en sans échec, il redémarre en boucle...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Essaie de réparer le mode sans échec grâce à ceci :
https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
0
Réponse 46 / 88
h4ck3r Messages postés 32 Statut Membre
 
tu trouve ou se trouve cette cheval de troie et tu copie la adresse
apres tu ouvre bloc-notes
tu ecrire erase ici tu coller tu enregiste sous mais la fichier doit ce termine par .cmd tu le enregiste a la burea
puis tu le ouvre
0
Réponse 47 / 88
arno83600 Messages postés 101 Statut Membre 1
 
Voici le rapport safebootkeyrepair

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys
0
Réponse 48 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Réessaie le mode sans échec.
0
arno83600
 
J'ai réussi à lancer le mode sans échec et donc combofix aussi, voici le rapport :

ComboFix 09-10-13.01 - Loulou 14/10/2009 20:49.1.1 - FAT32x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1766 [GMT 2:00]
Lancé depuis: c:\documents and settings\Loulou\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\Loulou\Application Data\inst.exe
c:\documents and settings\Loulou\ntuser.dll
c:\documents and settings\Louloute.LEANA\ntuser.dll
c:\documents and settings\Nana\ntuser.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\006944DA
c:\program files\Need2Find\bar\Cache\00694854
c:\program files\Need2Find\bar\Cache\006A53F8
c:\program files\Need2Find\bar\Cache\006A56D6
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\Installer\1692fd.msp
c:\windows\Installer\16933b.msp
c:\windows\Installer\8ae146a.msi
c:\windows\Installer\8ae146d.msi
c:\windows\Installer\ab09195.msp
c:\windows\Installer\bd358f.msp
c:\windows\system32\api.dat
c:\windows\system32\calc.dll
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\Drivers\irvqiqpu.sys
c:\windows\system32\Drivers\wwbs.sys
c:\windows\system32\Drivers\yafvgo.sys
c:\windows\system32\geyekrdipbfoli.dll
c:\windows\system32\geyekrjxvkgpjb.dll
c:\windows\system32\geyekrmqbwwbxx.dat
c:\windows\system32\geyekrmylyxuwu.dll
c:\windows\system32\geyekrnopphxlt.dll
c:\windows\system32\geyekrogkndpbq.dll
c:\windows\system32\geyekrpfrnsxvu.dll
c:\windows\system32\geyekrqjnnstcb.dat
c:\windows\system32\geyekrrsbnyslv.dll
c:\windows\system32\geyekryrmreuqk.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_geyekrjnpalaau
-------\Service_Boonty Games
-------\Service_geyekrjnpalaau


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-14 au 2009-10-14 ))))))))))))))))))))))))))))))))))))
.

2009-10-14 16:41 . 2009-10-14 16:41 -------- d-----w- C:\FOUND.004
2009-10-14 16:34 . 2009-10-14 16:34 280 ----a-w- c:\windows\system32\drivers\wbfzvpih.dat
2009-10-13 23:56 . 2009-10-13 23:56 -------- d-----w- C:\rsit
2009-10-13 22:06 . 2009-10-13 22:06 -------- d-----w- C:\_OTM
2009-10-13 08:15 . 2009-10-13 08:15 -------- d-----w- c:\program files\trend micro
2009-10-12 22:46 . 2009-10-12 22:46 -------- d-----w- c:\documents and settings\Loulou\Local Settings\Application Data\ESET
2009-10-12 17:26 . 2009-10-12 17:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-29 13:25 . 2009-09-29 13:25 -------- d-----w- c:\documents and settings\Louloute.LEANA\Local Settings\Application Data\Nokia
2009-09-29 13:05 . 2009-09-29 13:05 -------- d-----w- c:\documents and settings\Loulou\Local Settings\Application Data\IsolatedStorage
2009-09-29 13:01 . 2009-09-29 13:01 -------- d-----w- c:\windows\Globalization
2009-09-29 13:01 . 2009-09-29 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-09-29 10:02 . 2003-05-21 23:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-09-16 14:07 . 2009-09-16 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-09-16 13:52 . 2009-09-16 13:53 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2009-09-16 13:52 . 2009-09-16 13:52 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-09-16 13:52 . 2009-09-16 13:52 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-16 13:52 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-09-16 13:52 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-09-16 13:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-09-16 13:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-09-16 13:52 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-09-16 13:52 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-16 13:52 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-16 13:52 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-09-15 11:13 . 2009-09-15 11:13 -------- d-----w- c:\documents and settings\Loulou\Application Data\KC Softwares

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 18:46 . 2007-12-20 12:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-14 16:35 . 2005-01-23 10:37 89966 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-14 16:35 . 2005-01-23 10:37 522232 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-01 13:05 . 2009-10-01 13:05 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-29 12:50 . 2009-09-29 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-25 05:36 . 2008-04-14 10:00 671232 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:36 . 2008-04-14 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 14:02 . 2009-09-16 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-16 14:02 . 2009-09-16 14:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-11 14:18 . 2008-04-14 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-06-13 14:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-06-13 14:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:01 . 2008-04-14 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2008-04-14 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2008-04-14 10:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2008-04-13 17:07 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-17 19:03 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:16 . 2008-04-14 10:00 1440768 ----a-w- c:\windows\system32\query.dll
2006-12-30 03:47 . 2006-12-30 03:47 54 ----a-w- c:\program files\inc1.bat
2006-12-30 03:47 . 2006-12-30 03:47 41 ----a-w- c:\program files\sleep.bat
2006-07-18 12:41 . 2006-06-17 16:32 1019094 --sha-r- c:\program files\serial.tde
2006-05-28 15:46 . 2006-05-28 15:45 397306 --sha-r- c:\program files\wunauclt.zip
2006-05-28 15:46 . 2006-05-28 15:45 397306 --sha-r- c:\program files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Loulou\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Loulou\Menu D‚marrer\Programmes\D‚marrage\StartupFaster
StartupFaster.ini [2009-9-18 0]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Loulou^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Loulou\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loulou^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=c:\documents and settings\Loulou\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=c:\windows\pss\TribalWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\EMULE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Set up\\KONAMI\\Pes 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Set up\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Set up\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Set up\\Call of suarez\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Set up\\Call of Duty 5\\CoDWaW.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [14/04/2008 12:00 149376]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
S3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys --> c:\windows\system32\DRIVERS\axvdkbus.sys [?]
S3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys --> c:\windows\system32\DRIVERS\axvodka.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 14:46 216232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16/09/2009 15:52 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16/09/2009 15:52 8320]
S3 SQTECH9150;Mini Cam;c:\windows\system32\drivers\Capt9150.sys [16/03/2006 23:24 47087]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
FF - ProfilePath - c:\documents and settings\Loulou\Application Data\Mozilla\Firefox\Profiles\8aq1uwge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-calc - c:\docume~1\LOCALS~1\ntuser.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 20:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,20,4e,31,e6,5d,f6,34,f5,2c,4d,a1,f8,51,98,27,93,d0,0f,5a,8f,a7,62,
7e,c1,e8,98,0a,a2,2d,4f,45,65,83,46,bf,d4,c1,c3,24,0c,1a,b6,aa,95,97,f1,2f,\
"??"=hex:98,f0,3c,cb,79,50,51,2e,a8,fb,f4,a2,7a,39,58,59

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\Software\SecuROM\License information*]
"datasecu"=hex:55,38,66,bc,6d,a9,12,9d,93,45,1c,aa,da,6b,bb,22,07,28,d6,66,85,
1f,16,d4,8e,cf,c8,b3,ee,cc,8d,17,3d,04,bf,71,4d,19,fb,a7,13,87,a6,d7,97,14,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\CDBURNERXP\NMSACCESSU.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-10-14 20:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-14 18:58

Avant-CF: 8 820 588 544 octets libres
Après-CF: 8 902 082 560 octets libres

272 --- E O F --- 2009-10-14 16:35
0
Réponse 49 / 88
arno83600 Messages postés 101 Statut Membre 1
 
et je fais comment pour trouver l'adresse d'un cheval de troie?

Je regarde les pages jaunes?
0
Réponse 50 / 88
Utilisateur anonyme
 
Salut ,


• Télécharge UsbFix Serveur1 Serveur2 sur ton bureau .

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur "UsbFix.exe" présent sur ton bureau .

• Choisis l'option F pour français et tape sur [entrée] .

• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

• Laisse travailler l'outil.

Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 51 / 88
arno83600 Messages postés 101 Statut Membre 1
 
J'ai réussi à lancer le mode sans échec et donc combofix aussi, voici le rapport :

ComboFix 09-10-13.01 - Loulou 14/10/2009 20:49.1.1 - FAT32x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1766 [GMT 2:00]
Lancé depuis: c:\documents and settings\Loulou\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\Loulou\Application Data\inst.exe
c:\documents and settings\Loulou\ntuser.dll
c:\documents and settings\Louloute.LEANA\ntuser.dll
c:\documents and settings\Nana\ntuser.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\006944DA
c:\program files\Need2Find\bar\Cache\00694854
c:\program files\Need2Find\bar\Cache\006A53F8
c:\program files\Need2Find\bar\Cache\006A56D6
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\Installer\1692fd.msp
c:\windows\Installer\16933b.msp
c:\windows\Installer\8ae146a.msi
c:\windows\Installer\8ae146d.msi
c:\windows\Installer\ab09195.msp
c:\windows\Installer\bd358f.msp
c:\windows\system32\api.dat
c:\windows\system32\calc.dll
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\Drivers\irvqiqpu.sys
c:\windows\system32\Drivers\wwbs.sys
c:\windows\system32\Drivers\yafvgo.sys
c:\windows\system32\geyekrdipbfoli.dll
c:\windows\system32\geyekrjxvkgpjb.dll
c:\windows\system32\geyekrmqbwwbxx.dat
c:\windows\system32\geyekrmylyxuwu.dll
c:\windows\system32\geyekrnopphxlt.dll
c:\windows\system32\geyekrogkndpbq.dll
c:\windows\system32\geyekrpfrnsxvu.dll
c:\windows\system32\geyekrqjnnstcb.dat
c:\windows\system32\geyekrrsbnyslv.dll
c:\windows\system32\geyekryrmreuqk.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_geyekrjnpalaau
-------\Service_Boonty Games
-------\Service_geyekrjnpalaau


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-14 au 2009-10-14 ))))))))))))))))))))))))))))))))))))
.

2009-10-14 16:41 . 2009-10-14 16:41 -------- d-----w- C:\FOUND.004
2009-10-14 16:34 . 2009-10-14 16:34 280 ----a-w- c:\windows\system32\drivers\wbfzvpih.dat
2009-10-13 23:56 . 2009-10-13 23:56 -------- d-----w- C:\rsit
2009-10-13 22:06 . 2009-10-13 22:06 -------- d-----w- C:\_OTM
2009-10-13 08:15 . 2009-10-13 08:15 -------- d-----w- c:\program files\trend micro
2009-10-12 22:46 . 2009-10-12 22:46 -------- d-----w- c:\documents and settings\Loulou\Local Settings\Application Data\ESET
2009-10-12 17:26 . 2009-10-12 17:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-29 13:25 . 2009-09-29 13:25 -------- d-----w- c:\documents and settings\Louloute.LEANA\Local Settings\Application Data\Nokia
2009-09-29 13:05 . 2009-09-29 13:05 -------- d-----w- c:\documents and settings\Loulou\Local Settings\Application Data\IsolatedStorage
2009-09-29 13:01 . 2009-09-29 13:01 -------- d-----w- c:\windows\Globalization
2009-09-29 13:01 . 2009-09-29 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-09-29 10:02 . 2003-05-21 23:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-09-16 14:07 . 2009-09-16 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-09-16 13:52 . 2009-09-16 13:53 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2009-09-16 13:52 . 2009-09-16 13:52 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-09-16 13:52 . 2009-09-16 13:52 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-16 13:52 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-09-16 13:52 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-09-16 13:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-09-16 13:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-09-16 13:52 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-09-16 13:52 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-16 13:52 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-16 13:52 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-09-15 11:13 . 2009-09-15 11:13 -------- d-----w- c:\documents and settings\Loulou\Application Data\KC Softwares

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 18:46 . 2007-12-20 12:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-14 16:35 . 2005-01-23 10:37 89966 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-14 16:35 . 2005-01-23 10:37 522232 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-01 13:05 . 2009-10-01 13:05 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-29 12:50 . 2009-09-29 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-25 05:36 . 2008-04-14 10:00 671232 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:36 . 2008-04-14 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 14:02 . 2009-09-16 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-16 14:02 . 2009-09-16 14:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-11 14:18 . 2008-04-14 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-06-13 14:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-06-13 14:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:04 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:01 . 2008-04-14 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:09 . 2009-08-20 13:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2008-04-14 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2008-04-14 10:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2008-04-13 17:07 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-17 19:03 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:16 . 2008-04-14 10:00 1440768 ----a-w- c:\windows\system32\query.dll
2006-12-30 03:47 . 2006-12-30 03:47 54 ----a-w- c:\program files\inc1.bat
2006-12-30 03:47 . 2006-12-30 03:47 41 ----a-w- c:\program files\sleep.bat
2006-07-18 12:41 . 2006-06-17 16:32 1019094 --sha-r- c:\program files\serial.tde
2006-05-28 15:46 . 2006-05-28 15:45 397306 --sha-r- c:\program files\wunauclt.zip
2006-05-28 15:46 . 2006-05-28 15:45 397306 --sha-r- c:\program files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Loulou\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Loulou\Menu D‚marrer\Programmes\D‚marrage\StartupFaster
StartupFaster.ini [2009-9-18 0]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

c:\documents and settings\Louloute.LEANA\Menu D‚marrer\Programmes\D‚marrage\
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
scandisk.dll [2009-10-13 25088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Loulou^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Loulou\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loulou^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=c:\documents and settings\Loulou\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=c:\windows\pss\TribalWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\EMULE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Set up\\KONAMI\\Pes 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Set up\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Set up\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Set up\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Set up\\Call of suarez\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Set up\\Call of Duty 5\\CoDWaW.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [14/04/2008 12:00 149376]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
S3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys --> c:\windows\system32\DRIVERS\axvdkbus.sys [?]
S3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys --> c:\windows\system32\DRIVERS\axvodka.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 14:46 216232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16/09/2009 15:52 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16/09/2009 15:52 8320]
S3 SQTECH9150;Mini Cam;c:\windows\system32\drivers\Capt9150.sys [16/03/2006 23:24 47087]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
FF - ProfilePath - c:\documents and settings\Loulou\Application Data\Mozilla\Firefox\Profiles\8aq1uwge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-calc - c:\docume~1\LOCALS~1\ntuser.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 20:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,20,4e,31,e6,5d,f6,34,f5,2c,4d,a1,f8,51,98,27,93,d0,0f,5a,8f,a7,62,
7e,c1,e8,98,0a,a2,2d,4f,45,65,83,46,bf,d4,c1,c3,24,0c,1a,b6,aa,95,97,f1,2f,\
"??"=hex:98,f0,3c,cb,79,50,51,2e,a8,fb,f4,a2,7a,39,58,59

[HKEY_USERS\S-1-5-21-2598347441-2510179093-2904694970-1006\Software\SecuROM\License information*]
"datasecu"=hex:55,38,66,bc,6d,a9,12,9d,93,45,1c,aa,da,6b,bb,22,07,28,d6,66,85,
1f,16,d4,8e,cf,c8,b3,ee,cc,8d,17,3d,04,bf,71,4d,19,fb,a7,13,87,a6,d7,97,14,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\CDBURNERXP\NMSACCESSU.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-10-14 20:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-14 18:58

Avant-CF: 8 820 588 544 octets libres
Après-CF: 8 902 082 560 octets libres

272 --- E O F --- 2009-10-14 16:35
0
Réponse 52 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
https://forums.commentcamarche.net/forum/affich-14736234-cheval-de-troie-win32-olmarik?page=3#49
0
Réponse 53 / 88
arno83600 Messages postés 101 Statut Membre 1
 
pourquoi tu m'envoies ce lien?
0
Réponse 54 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Pour que tu fasses la manip' avec UsbFix.
0
Réponse 55 / 88
arno83600 Messages postés 101 Statut Membre 1
 
Voici le rapport usbfix :


############################## | UsbFix V6.042 |

User : Loulou (Administrateurs) # LEANA
Update on 14/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:00:37 | 14/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | Updated ]

A:\ -> Disque amovible
C:\ -> Disque fixe local # 72,31 Go (8,32 Go free) [ACER] # FAT32
D:\ -> Disque fixe local # 72,8 Go (2,99 Go free) [ACERDATA] # FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 4,34 Go (4,31 Go free) [Secours] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible
T:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |


################## | ! Fin du rapport # UsbFix V6.042 ! |
0
Réponse 56 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur UsbFix présent sur ton Bureau.

--> Choisis l'option 2 (Suppression).

--> Ton Bureau disparaîtra et le PC redémarrera.

--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
0
Réponse 57 / 88
arno83600 Messages postés 101 Statut Membre 1
 
Voici le rapport usbfix, par contre, il n'y a pas eu de redémarrage du pc, c'est normal?


############################## | UsbFix V6.042 |

User : Loulou (Administrateurs) # LEANA
Update on 14/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:07:43 | 14/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | Updated ]

A:\ -> Disque amovible
C:\ -> Disque fixe local # 72,31 Go (8,32 Go free) [ACER] # FAT32
D:\ -> Disque fixe local # 72,8 Go (2,99 Go free) [ACERDATA] # FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 4,34 Go (4,31 Go free) [Secours] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible
T:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[25/07/2009 14:18|--ah-----|268] C:\sqmdata01.sqm
[14/04/2008 12:00|-rahs----|4952] C:\Bootfont.bin
[14/04/2008 12:00|-rahs----|47564] C:\NTDETECT.COM
[13/10/2009 15:44|-rahs----|286] C:\boot.ini
[?|?|?] C:\hiberfil.sys
[23/01/2005 11:58|--a------|0] C:\CONFIG.SYS
[23/01/2005 12:12|--a------|50] C:\AUTOEXEC.BAT
[23/01/2005 11:58|-rahs----|0] C:\IO.SYS
[23/01/2005 11:58|-rahs----|0] C:\MSDOS.SYS
[25/07/2009 14:18|--ah-----|244] C:\sqmnoopt01.sqm
[16/08/2009 11:26|--ah-----|232] C:\sqmdata02.sqm
[16/08/2009 11:26|--ah-----|244] C:\sqmnoopt02.sqm
[16/08/2009 19:08|--ah-----|244] C:\sqmnoopt03.sqm
[16/08/2009 19:08|--ah-----|268] C:\sqmdata03.sqm
[31/08/2009 20:00|--ah-----|244] C:\sqmnoopt04.sqm
[31/08/2009 20:00|--ah-----|268] C:\sqmdata04.sqm
[07/06/2009 10:51|--ah-----|244] C:\sqmnoopt05.sqm
[07/06/2009 10:51|--ah-----|232] C:\sqmdata05.sqm
[07/06/2009 20:18|--ah-----|244] C:\sqmnoopt06.sqm
[07/06/2009 20:18|--ah-----|232] C:\sqmdata06.sqm
[08/06/2009 06:07|--ah-----|244] C:\sqmnoopt07.sqm
[08/06/2009 06:07|--ah-----|232] C:\sqmdata07.sqm
[08/06/2009 11:30|--ah-----|244] C:\sqmnoopt08.sqm
[08/06/2009 11:30|--ah-----|232] C:\sqmdata08.sqm
[09/06/2009 09:06|--ah-----|244] C:\sqmnoopt09.sqm
[09/06/2009 09:06|--ah-----|268] C:\sqmdata09.sqm
[09/06/2009 14:48|--ah-----|244] C:\sqmnoopt10.sqm
[09/06/2009 14:48|--ah-----|268] C:\sqmdata10.sqm
[23/06/2009 14:35|--ah-----|244] C:\sqmnoopt11.sqm
[23/06/2009 14:35|--ah-----|232] C:\sqmdata11.sqm
[23/06/2009 19:07|--ah-----|244] C:\sqmnoopt12.sqm
[23/06/2009 19:07|--ah-----|232] C:\sqmdata12.sqm
[24/06/2009 10:30|--ah-----|244] C:\sqmnoopt13.sqm
[24/06/2009 10:30|--ah-----|268] C:\sqmdata13.sqm
[08/07/2009 16:29|--ah-----|244] C:\sqmnoopt14.sqm
[08/07/2009 16:29|--ah-----|232] C:\sqmdata14.sqm
[09/07/2009 00:23|--ah-----|244] C:\sqmnoopt15.sqm
[?|?|?] C:\pagefile.sys
[14/10/2009 20:58|--a------|16963] C:\ComboFix.txt
[09/07/2009 00:23|--ah-----|232] C:\sqmdata15.sqm
[23/07/2009 13:29|--ah-----|244] C:\sqmnoopt16.sqm
[23/07/2009 21:23|--ah-----|244] C:\sqmnoopt17.sqm
[23/07/2009 13:29|--ah-----|232] C:\sqmdata16.sqm
[23/07/2009 21:23|--ah-----|232] C:\sqmdata17.sqm
[24/07/2009 11:29|--ah-----|244] C:\sqmnoopt18.sqm
[24/07/2009 11:29|--ah-----|232] C:\sqmdata18.sqm
[24/07/2009 11:49|--ah-----|244] C:\sqmnoopt19.sqm
[24/07/2009 11:49|--ah-----|232] C:\sqmdata19.sqm
[24/11/2007 15:44|--a------|25] C:\dhnp.ist
[10/10/2007 16:00|--a------|1930] C:\InstallHelper.log
[18/01/2009 15:23|--a------|861] C:\narc_Log.txt
[28/10/2007 00:39|--a------|45333] C:\PokerStars.log.1
[03/11/2007 00:21|--a------|109410] C:\PokerStars.log.0
[23/10/2008 15:53|--a------|356] C:\drmHeader.bin
[14/04/2008 12:00|-rahs----|252240] C:\ntldr
[13/06/2009 15:04|--a------|3914] C:\rapport.txt
[03/08/2004 23:00|--a------|263488] C:\cmldr
[01/10/2009 15:12|--a------|216] C:\Boot.bak
[07/11/2007 08:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 08:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 08:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.3082.dll
[07/11/2007 08:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 08:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 08:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 08:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 08:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 08:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 08:00|--a------|17734] C:\eula.3082.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 08:00|--a------|118] C:\eula.1041.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 08:00|--a------|1110] C:\globdata.ini
[07/11/2007 08:00|--a------|843] C:\install.ini
[07/11/2007 08:12|--a------|232960] C:\VC_RED.MSI
[07/11/2007 08:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 08:09|--a------|1442522] C:\VC_RED.cab
[14/10/2009 01:18|--a------|409] C:\TCleaner1.txt
[14/10/2009 01:39|--a------|347] C:\TCleaner.txt
[13/10/2009 23:22|--a------|7302] C:\Ad-Report-CLEAN[1].log
[14/10/2009 23:08|--a------|6921] C:\UsbFix.txt
[14/10/2009 20:36|--a------|14636] C:\SAFEBOOT_REPAIR.TXT
[07/06/2006 03:27|--a------|213414] C:\AnalysisLog.sr0
[24/07/2009 14:19|--ah-----|244] C:\sqmnoopt00.sqm
[24/07/2009 14:19|--ah-----|232] C:\sqmdata00.sqm
[11/10/2006 18:19|--a------|277] C:\DV.txt
[14/10/2009 09:28|--ahs----|2145894400] D:\pagefile.sys
[05/01/2009 12:00|---hs----|14789] D:\Folder.jpg
[05/01/2009 12:00|---hs----|2940] D:\AlbumArtSmall.jpg
[15/10/2006 13:25|--ahs----|8192] D:\Thumbs.db

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## | ! Fin du rapport # UsbFix V6.042 ! |
0
Réponse 58 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Nous avons bien avancé.

--> Désinstalle UsbFix.

--> Refais un scan RSIT et poste le rapport log.
0
Réponse 59 / 88
arno83600 Messages postés 101 Statut Membre 1
 
pour désinstaller usbfix, je le supprime du bureau, c'est tout?
0
Réponse 60 / 88
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Choisis l'option 5 d'UsbFix ;)
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses