Sujet Précédent Sujet Suivant

Virus

dgege13 -  
blondin777 Messages postés 6162 Statut Contributeur -
Bonjour,
infesté ca c'est sur. Tous les sympomes en meme temps. Ca a commencé par des fenetres CID et j'en suis à des alartes trojan horse donné par antivir qui reviennent sans cesse à bloquer le PC
Voici mon log Hijackthis.

Merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 11:23:40, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\goqfhyco.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\valou\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3A550E02-7F59-4B41-A1B7-D6446BA72529} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {4C1E4CCD-51C2-4060-84C3-8BC639C1F4D1} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\gebccdd.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: {bd12424a-755c-dc8b-7fa4-83f986f56afe} - {efa65f68-9f38-4af7-b8cd-c557a42421db} - C:\WINDOWS\system32\xbleybhu.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\taskbaricon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ixweygsv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nphb] "C:\PROGRA~1\Wanadoo\UTILIS~1\STEM~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab50997.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader35.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8687FE9A-D99F-4416-94C6-43B49E3039E9}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: gebccdd - C:\WINDOWS\SYSTEM32\gebccdd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\goqfhyco.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

22 réponses

Précédent
  • 1
  • 2
Réponse 21 / 22
dgege13
 
Salut, en attendant j'ai passé Combofix et depuis cela semble ok . Il a trouvé les fameuses dll et les a supprimé. Il semble rester des traces dans les registres. Qu'en penses-tu ? et encore merci pour ton aide. En fonction de ta réponse je passerai le sujet en résolu.

ComboFix 07-11-19.4 - valou 2007-11-26 22:58:21.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.184 [GMT 1:00]
Running from: C:\Documents and Settings\valou\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valou\Favoris\Online Security Guide.lnk
C:\Documents and Settings\valou\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\valou\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\valou\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk
C:\Documents and Settings\valou\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\vtsts.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 17:41 <REP> d-------- C:\Program Files\Avira
2007-11-26 15:31 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 11:39 775,832 ---hs---- C:\WINDOWS\system32\motlclen.ini
2007-11-25 10:41 775,892 ---hs---- C:\WINDOWS\system32\juyvgicj.ini
2007-11-24 14:03 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-24 14:03 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-24 14:03 <REP> d-------- C:\Program Files\DIFX
2007-11-24 14:03 <REP> d-------- C:\Documents and Settings\valou\Application Data\Nokia
2007-11-24 14:02 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-11-24 14:02 <REP> d-------- C:\Program Files\Nokia2
2007-11-24 14:02 <REP> d-------- C:\Documents and Settings\valou\Application Data\PC Suite
2007-11-24 14:02 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-11-24 14:02 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-11-24 14:02 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-11-24 14:02 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-11-24 14:02 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-11-24 08:16 775,832 ---hs---- C:\WINDOWS\system32\okfkwsvn.ini
2007-11-23 20:47 <REP> d-------- C:\Program Files\Convertisseur Pro HTML vers RTF
2007-11-22 23:18 738,306 ---hs---- C:\WINDOWS\system32\tlckufwh.ini
2007-11-22 23:16 6,575,800 --a------ C:\Temp\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_4.3.916_francais_11071.exe
2007-11-22 23:13 17,788,920 --a------ C:\Temp\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.06.00.270_anglais_10821.exe
2007-11-21 23:21 <REP> d-------- C:\sauvegarde jo
2007-11-21 20:02 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-21 14:39 <REP> d-------- C:\Documents and Settings\valou\Application Data\Grisoft
2007-11-21 14:39 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-21 12:18 <REP> d-------- C:\Program Files\CCleaner
2007-11-21 10:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-19 23:01 689,472 ---hs---- C:\WINDOWS\system32\gknytkda.ini
2007-11-19 19:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-11-19 19:08 427,520 --a------ C:\WINDOWS\WRServices.dll
2007-11-19 10:00 11,133 --a------ C:\Documents and Settings\valou\z.dat
2007-11-19 10:00 3,280 --a------ C:\Documents and Settings\valou\x.dat
2007-11-18 10:23 <REP> d-------- C:\Documents and Settings\valou\Application Data\AVS4YOU
2007-11-18 10:11 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-17 22:26 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-17 21:39 <REP> d--hs---- C:\FOUND.015
2007-11-17 19:01 120 --a------ C:\n.bat
2007-11-17 19:00 0 --a------ C:\z.dat
2007-11-17 19:00 0 --a------ C:\x.dat
2007-11-17 18:59 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-17 17:25 <REP> d-------- C:\Program Files\MPEGTOAVI
2007-11-17 16:55 <REP> d-------- C:\Program Files\plugins
2007-11-17 16:55 <REP> d-------- C:\Program Files\aviproxy
2007-11-17 07:57 <REP> d-------- C:\Documents and Settings\valou\Application Data\AVSMedia
2007-11-17 07:55 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-17 07:55 <REP> d-------- C:\Program Files\AVSMedia
2007-11-17 07:55 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-17 07:55 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-16 23:26 313,344 --a------ C:\Program Files\hjsplit.exe
2007-11-16 23:02 <REP> d-------- C:\Program Files\DVDStyler
2007-11-16 19:39 <REP> d-------- C:\savcam
2007-11-15 22:57 <REP> d-------- C:\Program Files\Ontrack
2007-11-13 09:36 <REP> d-------- C:\sauvegarde cle du 13nov2007
2007-11-06 13:15 84,544 -ra------ C:\WINDOWS\system32\drivers\v800mdm.sys
2007-11-06 13:15 77,760 -ra------ C:\WINDOWS\system32\drivers\v800mgmt.sys
2007-11-06 13:15 75,584 -ra------ C:\WINDOWS\system32\drivers\v800obex.sys
2007-11-06 13:15 52,416 -ra------ C:\WINDOWS\system32\drivers\v800bus.sys
2007-11-06 13:15 6,160 -ra------ C:\WINDOWS\system32\drivers\v800mdfl.sys
2007-11-06 13:15 6,144 -ra------ C:\WINDOWS\system32\drivers\v800cmnt.sys
2007-11-06 13:15 6,144 -ra------ C:\WINDOWS\system32\drivers\v800cm.sys
2007-11-06 13:15 5,776 -ra------ C:\WINDOWS\system32\drivers\v800whnt.sys
2007-11-06 13:15 5,776 -ra------ C:\WINDOWS\system32\drivers\v800wh.sys
2007-11-06 13:14 <REP> d-------- C:\Documents and Settings\valou\Application Data\Teleca
2007-11-06 13:13 <REP> d-------- C:\Documents and Settings\valou\Application Data\Sony Ericsson
2007-11-06 13:09 <REP> d-------- C:\Program Files\Sony Ericsson
2007-11-06 13:09 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
2007-11-06 13:09 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-10-30 09:28 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-10-30 09:28 <REP> d-------- C:\Documents and Settings\valou\Contacts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 19:13 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-21 16:15 --------- d-----w C:\Program Files\MP3 Player Utilities 3.10
2007-10-21 15:43 292 ----a-w C:\mediamp3.dat
2007-10-21 15:41 --------- d-----w C:\Program Files\MP3 Player Utilities 4.17
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-07-08 13:36 1,806,232 ----a-w C:\Documents and Settings\All Users\daemon4091-x86.exe
2007-02-15 17:25 77,448 ----a-w C:\Documents and Settings\valou\Application Data\GDIPFONTCACHEV1.DAT
2006-12-13 09:55 4,115,866 ----a-w C:\Documents and Settings\All Users\DVDx_2_5_1_setup.zip
2006-12-13 09:17 697,743 ----a-w C:\Documents and Settings\All Users\InstAviSplitC.zip
2006-12-09 20:33 8,907,760 ----a-w C:\Documents and Settings\All Users\VOB2AVI-v1.00.exe
2006-11-19 08:51 70,487 ----a-w C:\Documents and Settings\All Users\KillBox.zip
2006-11-19 08:47 613,944 ----a-w C:\Documents and Settings\All Users\blbetac.exe
2006-02-08 02:02 73,728 ----a-w C:\Documents and Settings\All Users\KillBox.exe
2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99B1C4B0-0057-49A9-B798-A81576B7FEB0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 05:00 C:\WINDOWS\system32\rundll32.exe]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25]
"LaunchApp"="Alaunch" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 17:43]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00]
"Nokia.PCSync"="C:\Program Files\Nokia2\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsts.dll

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-26 19:00:02 C:\WINDOWS\Tasks\HPpromotions photosmart 2600 series.job"
- C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 23:02:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 23:03:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 08:25
C:\ComboFix2.txt ... 2007-07-18 08:25
.
--- E O F ---
0
Réponse 22 / 22
blondin777 Messages postés 6162 Statut Contributeur 945
 
Repasses un coup de navilog et on en aura le coeur net.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses