Win32:Tratbho
ludo
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
bonjour
je suis infecté par ce virus
Pouvez vous me venir en aide ?
merci
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bmanuqku.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\wvurrpq.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 20:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 09:13 . 2008-01-06 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 18:55 . 2008-01-05 18:55 <REP> d-------- C:\Program Files\XoftSpySE
2008-01-05 13:39 . 2008-01-05 13:39 <REP> d--hs---- C:\FOUND.019
2008-01-05 09:44 . 2008-01-05 09:44 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-04 18:34 . 2008-01-04 18:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-03 22:22 . 2008-01-03 22:22 <REP> d-------- C:\Program Files\Alwil Software
2008-01-03 22:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-03 22:22 . 2008-01-03 22:22 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 22:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-03 22:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-03 22:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-03 22:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-03 22:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-03 22:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-01 19:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 20:12 . 2007-12-31 20:12 <REP> d-------- C:\Program Files\Best_Security_Tips
2007-12-29 21:54 . 1997-09-05 15:53 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2007-12-29 21:54 . 1997-09-11 10:45 27,136 --a------ C:\WINDOWS\system32\WAVMIX16.DLL
2007-12-29 21:54 . 1997-09-05 15:53 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2007-12-29 21:48 . 2007-12-29 21:48 <REP> d-------- C:\TOMBRAID
2007-12-29 18:06 . 2007-12-29 18:06 <REP> d--hs---- C:\FOUND.018
2007-12-08 10:46 . 2007-12-08 10:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 10:46 . 2007-12-08 10:46 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 12:39 56,550 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_05_09_46_36_small.dmp.zip
2008-01-03 19:18 57,343 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_03_19_57_04_small.dmp.zip
2007-11-25 15:09 6,893,415 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 20:19 --------- d-----w C:\Program Files\Shareaza
2007-11-10 20:19 --------- d-----w C:\Documents and Settings\MAES\Application Data\Shareaza
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 08:57 1,353,016 ----a-w C:\WINDOWS\system32\vete.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-05 10:02 61,095 ------w C:\WINDOWS\Internet Logs\showbiz_2nd_2007_05_01_09_35_50_small.dmp.zip
2006-07-02 15:47 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D5F5EDE-254E-46FE-8548-AC90C0319B16}]
C:\WINDOWS\system32\jkkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2007-12-31 20:22 1502232 --a------ C:\Program Files\Best_Security_Tips\tbBes1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{DA30EFF8-CCC6-4162-A20D-67402A26A215}
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBes1.dll [2007-12-31 20:22 1502232]
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 04:47 7311360]
"nwiz"="nwiz.exe" [2005-11-11 04:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 04:47 86016]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [ ]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [ ]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [ ]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [ ]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [ ]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 12:20]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 21:06:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
.
Completion time: 2008-01-07 21:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 20:08:48
.
2007-12-12 10:45:15 --- E O F ---
je suis infecté par ce virus
Pouvez vous me venir en aide ?
merci
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bmanuqku.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\wvurrpq.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 20:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 09:13 . 2008-01-06 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 18:55 . 2008-01-05 18:55 <REP> d-------- C:\Program Files\XoftSpySE
2008-01-05 13:39 . 2008-01-05 13:39 <REP> d--hs---- C:\FOUND.019
2008-01-05 09:44 . 2008-01-05 09:44 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-04 18:34 . 2008-01-04 18:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-03 22:22 . 2008-01-03 22:22 <REP> d-------- C:\Program Files\Alwil Software
2008-01-03 22:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-03 22:22 . 2008-01-03 22:22 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 22:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-03 22:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-03 22:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-03 22:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-03 22:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-03 22:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-01 19:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 20:12 . 2007-12-31 20:12 <REP> d-------- C:\Program Files\Best_Security_Tips
2007-12-29 21:54 . 1997-09-05 15:53 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2007-12-29 21:54 . 1997-09-11 10:45 27,136 --a------ C:\WINDOWS\system32\WAVMIX16.DLL
2007-12-29 21:54 . 1997-09-05 15:53 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2007-12-29 21:48 . 2007-12-29 21:48 <REP> d-------- C:\TOMBRAID
2007-12-29 18:06 . 2007-12-29 18:06 <REP> d--hs---- C:\FOUND.018
2007-12-08 10:46 . 2007-12-08 10:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 10:46 . 2007-12-08 10:46 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 12:39 56,550 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_05_09_46_36_small.dmp.zip
2008-01-03 19:18 57,343 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_01_03_19_57_04_small.dmp.zip
2007-11-25 15:09 6,893,415 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 20:19 --------- d-----w C:\Program Files\Shareaza
2007-11-10 20:19 --------- d-----w C:\Documents and Settings\MAES\Application Data\Shareaza
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 08:57 1,353,016 ----a-w C:\WINDOWS\system32\vete.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-05 10:02 61,095 ------w C:\WINDOWS\Internet Logs\showbiz_2nd_2007_05_01_09_35_50_small.dmp.zip
2006-07-02 15:47 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D5F5EDE-254E-46FE-8548-AC90C0319B16}]
C:\WINDOWS\system32\jkkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2007-12-31 20:22 1502232 --a------ C:\Program Files\Best_Security_Tips\tbBes1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{DA30EFF8-CCC6-4162-A20D-67402A26A215}
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBes1.dll [2007-12-31 20:22 1502232]
[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 04:47 7311360]
"nwiz"="nwiz.exe" [2005-11-11 04:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 04:47 86016]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [ ]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [ ]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [ ]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [ ]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [ ]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 12:20]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 21:06:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
.
Completion time: 2008-01-07 21:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 20:08:48
.
2007-12-12 10:45:15 --- E O F ---
1 réponse
bonsoir
et ne poste pas de doublon si possible.
as tu fait autre chose que de passer combo stp ?
* Télécharge HijackThis et poste le rapport stp
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
* Lance un scan "do a system scan & save a logfile" puis copie colle le rapport généré ici
et ne poste pas de doublon si possible.
as tu fait autre chose que de passer combo stp ?
* Télécharge HijackThis et poste le rapport stp
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
* Lance un scan "do a system scan & save a logfile" puis copie colle le rapport généré ici
