Sujet Précédent Sujet Suivant

Énorme plantage suite à un erreur du système

Résolu/Fermé
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009 - 10 févr. 2008 à 22:30
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 - 9 mars 2008 à 15:49
Bonjour,
Mon ordinateur commence à connaître un certain problème dont il me cause beaucoup de problème, je vous explique le problème.
Environs tous les un quart d'heure, un message d'erreur apparaît :
***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)***. Inaccessible handler or device. Click this balloon to fix the problem
Et lorsque je clique dessus, il me propose de telecharger un logiciel anti-virus de première vue tout en le payant -_- . Et quand le message d'erreur apparaît mon ordi subit un énorme bug.

Voici mon Hijackthis, si quelqu'n pourrait y voir quelque chose et y trouver une réponse, je lui en serait très reconnaissant.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:20 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vhsugttdirwu.net/JEs/bwPpoESaFy_E9cxtDvyaurtsJjIDSEPR5hq/LV7y_xgylw0ao9eF2_Ui56Wb.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: (no name) - {0000DE80-AEC3-70C3-4176-CE509063E000} - (no file)
O2 - BHO: (no name) - {00534B55-3155-CA4F-B41D-0E922121D03C} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {10d5f100-b5d2-e53a-7c04-970c91cada76} - {67adac19-c079-40c7-a35e-2d5b001f5d01} - C:\WINDOWS\system32\vdmbyyxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\odjjvpmz.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\system32\WAUCLT~1.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\en8sl1l71.dll (file missing)
O20 - Winlogon Notify: odjjvpmz - C:\WINDOWS\SYSTEM32\odjjvpmz.dll
O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

47 réponses

Précédent
Réponse 21 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
2 mars 2008 à 20:56
D'accord, je suis prêt à le finir ce soir si tu es toujours libre : le rapport de combofix

ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---
0
Réponse 22 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
2 mars 2008 à 20:57
Je suis d'accord pour le finir ce soir, si tu es toujours disponible : le rapport combofix ;

ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 14:51:22
ComboFix-quarantined-files.txt 2008-03-03 19:51:06
ComboFix2.txt 2008-02-23 00:08:11
ComboFix3.txt 2008-02-20 23:29:44
ComboFix4.txt 2008-02-13 23:45:06
ComboFix5.txt 2008-02-13 00:26:42
.
2008-03-02 16:58:03 --- E O F ---


Désolé du double message, sinon j'ai oublié de répondre à l'autre question. Mon pc se porte bien, il ne lag quasiment plus jamais, plus aucun message d'erreur, fluide tout roule bien en dirait et je t'en remercie .
0
Réponse 23 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
2 mars 2008 à 21:11
Re,

1/ * Sélectionne le texte suivant :

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Edite le rapport Combofix et un nouveau rapport Hijackthis.


FillPCA
0
Réponse 24 / 47
Foud35
2 mars 2008 à 22:13
Re,

ComboFix 08-03-03.4 - User 2008-03-02 15:35:28.8 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 15:17 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]

[color=red]Files Infected - Win32.Agent.zb[/color]
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 15:55:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 16:10:43
ComboFix-quarantined-files.txt 2008-03-03 21:10:24
ComboFix2.txt 2008-03-03 19:51:25
ComboFix3.txt 2008-02-23 00:08:11
ComboFix4.txt 2008-02-20 23:29:44
ComboFix5.txt 2008-02-13 23:45:06
.
2008-03-02 20:26:25 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:12 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
2 mars 2008 à 22:16
Re,

Je me renseigne, car il y a un agent infectieux qui ne part pas.

FillPCA

Edite : peux-tu faire ceci :
* Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
* Dézippe-le sur ton bureau (Clic droit>Extraire ici).
* Double-clique sur GenProc.bat et édite le rapport généré par le programme.
* Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

FillPCA
0
Réponse 26 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
2 mars 2008 à 22:28
Re, alors voilà :

[1] GenProc 0.79 Mon 03/03/2008 : Aucune infection caractéristique trouvée !
0
Réponse 27 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
2 mars 2008 à 22:29
OK. J'ai demandé de l'aide de la part de copains.

Une question : msn fonctionne normalement ?

FillPCA
0
Réponse 28 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
2 mars 2008 à 22:36
Merci de ton aide .


Msn fonctionne fonctionne normalement, il se peut que le problème vient du fait que j'aie mal désinstaller le programme Msn discovery et que il y a un problème dessus ? Il me demande le fichier manquant pour msn discovery puis lorsque je clique sur ok il m'affiche msn normalement ? Devrai-je installer msn discovery et le dé-installer pour voir si sa corrigerai le problème ?
0
Réponse 29 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
2 mars 2008 à 22:56
Re,

On va faire ceci :
1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

Clique sur fix/réparer.

2/ * Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\Program Files\Windows Live\Messenger\msnmsgr .exe

* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

EmptyTemp

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Lance combofix normalement.

4/ Essaie Windows Live messengers et dis-moi comment ça marche.

FillPCA
0
Réponse 30 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
2 mars 2008 à 23:59
Re,

File/Folder C:\Program Files\Windows Live\Messenger\msnmsgr .exe not found.
[Custom Input]
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF153.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF1B73.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD012.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD053.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFFDB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00714.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07fa2.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 v1.0.19 log created on 03032008_170439




ComboFix 08-03-03.4 - User 2008-03-03 17:22:47.9 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-02-26 20:35 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-03 17:09 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-03 17:09 25,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-03 17:11 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-03-02 12:11 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-24 21:17 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>/code


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 17:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 17:54:39
ComboFix-quarantined-files.txt 2008-03-03 22:54:20
ComboFix2.txt 2008-03-03 21:10:47
ComboFix3.txt 2008-03-03 19:51:25
ComboFix4.txt 2008-02-23 00:08:11
ComboFix5.txt 2008-02-20 23:29:44
.
2008-03-03 22:08:55 --- E O F ---


WLM semble fonctionne normalement, il a l'air plus fluide et un brin plus rapide , l'infection est-elle toujours présente ?
0
Réponse 31 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
3 mars 2008 à 00:03
Re,

Elle apparait dans le rapport, mais je pense à un faux-positif. Je pense que c'est réglé, mais je t'apporte confirmation dès que j'ai du nouveau.

En attendant, peux-tu faire ceci ?
* Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

FillPCA
0
Réponse 32 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
3 mars 2008 à 00:23
Ça va aucun problème, je l'ai effectué :

-->- Suppression:

C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\User\Desktop\LopXpMh2: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !
0
Réponse 33 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
3 mars 2008 à 10:29
Salut,

J'ai peut-être une piste.

FillPCA

0
Réponse 34 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
4 mars 2008 à 00:43
Ah d'accord c'est une bonne nouvelle, si tu as besoin d'un coup de pouce pour recherche, tu pourrais me dire les mots-clefs principales et je chercherai sur google, puisque je ne connais pas le nom ou le type de l'infection
0
Réponse 35 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
4 mars 2008 à 21:47
Salut,

Les difficultés du nettoyage seraient apparemment liées au mode d'affichage lié à ce forum. On va se resservir de Combofix.

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Envoie-moi ce rapport soit par un serveur d'hébergement comme YousendIt ou par Email à l'adresse suivante :
ncquqtqz@trashmail.net

FillPCA
0
Réponse 36 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
5 mars 2008 à 01:39
Salut !

Voilà scan effectué et disponible ici même :

https://www.hightail.com/

Merci !
0
Réponse 37 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 mars 2008 à 09:31
bonjour,

Le format d'affichage est en effet différent !

* Sélectionne le texte suivant : 

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
C:\Program Files\Windows Live\Messenger\msnmsgr      .exe


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite ce rapport.

FillPCA
0
Réponse 38 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
5 mars 2008 à 17:11
Salut voilà le scan effectué, je l'ai aussi hebergé sur YouSendIt au cas ou il y aurait un problème :

https://www.hightail.com/

et

ComboFix 08-03-04.4 - User 2008-03-05 10:51:21.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d-------- C:\Program Files\Uniblue
2008-03-04 20:49 . 2008-03-04 20:51 <DIR> d-------- C:\Documents and Settings\User\.LocalCooling
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D}
2008-03-04 16:41 . 2008-03-04 17:16 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-03-04 13:28 . 2008-03-04 13:28 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2008-03-03 20:42 . 2008-03-03 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-03-03 20:41 . 2008-03-03 20:41 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\BoontyGames
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Boonty
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 10:27 . 2008-03-01 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat
2008-02-27 19:36 . 2008-02-27 19:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\rzgunz.com
2008-02-23 20:28 . 2008-03-03 20:48 <DIR> d-------- C:\Program Files\StepMania
2008-02-23 20:19 . 2008-02-23 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\fretsonfire
2008-02-20 18:58 . 2008-03-04 22:22 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-03-04 22:22 32,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-03-05 09:58 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 17:30 . 2008-03-03 18:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 10:35 . 2008-03-03 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-03-05 10:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 20:14 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-03-04 19:34 --------- d-----w C:\Program Files\TheTurtle
2008-03-04 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-04 15:22 --------- d-----w C:\Program Files\SnIco Edit
2008-02-04 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-04 02:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner
2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-14 10:06 21,632 ----a-w C:\WINDOWS\system32\drivers\ManyCam.sys
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_19.33.54.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-05 14:58:01 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 20:06 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 12:44 815104]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"PopUpStopperFreeEdition"=; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LocalCooling"=; "C:\Program Files\LocalCooling\localcooling.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8334:TCP"= 8334:TCP:BitComet 8334 TCP
"8334:UDP"= 8334:UDP:BitComet 8334 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-03-04 13:28]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 05:06]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-03 20:41]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 11:01:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TheTurtle\rkmt.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TheTurtle\rkmt.dll
.
Completion time: 2008-03-05 11:05:27
ComboFix2.txt 2008-03-05 00:35:43
ComboFix3.txt 2008-03-03 22:54:42
.
2008-03-05 03:21:41 --- E O F ---


Merci :)
0
Réponse 39 / 47
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 mars 2008 à 21:15
Salut,

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\WINDOWS\system32\drivers\nxsIO32.sys
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

FillPCA
0
Réponse 40 / 47
Foud35 Messages postés 21 Date d'inscription dimanche 10 février 2008 Statut Membre Dernière intervention 29 juin 2009
5 mars 2008 à 22:48
Salut rapport effectué :
Fichier nxsIO32.sys reçu le 2008.03.05 22:40:38 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.13%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.05 -
AntiVir 7.6.0.73 2008.03.05 -
Authentium 4.93.8 2008.03.04 -
Avast 4.7.1098.0 2008.03.05 -
AVG 7.5.0.516 2008.03.05 -
BitDefender 7.2 2008.03.05 -
CAT-QuickHeal 9.50 2008.03.05 -
ClamAV 0.92.1 2008.03.05 -
DrWeb 4.44.0.09170 2008.03.05 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5590 2008.03.05 -
Ewido 4.0 2008.03.05 -
FileAdvisor 1 2008.03.05 -
Fortinet 3.14.0.0 2008.03.05 -
F-Prot 4.4.2.54 2008.03.04 -
F-Secure 6.70.13260.0 2008.03.05 -
Ikarus T3.1.1.20 2008.03.05 -
Kaspersky 7.0.0.125 2008.03.05 -
McAfee 5245 2008.03.05 -
Microsoft 1.3301 2008.03.05 -
NOD32v2 2923 2008.03.05 -
Norman 5.80.02 2008.03.05 -
Panda 9.0.0.4 2008.03.05 -
Prevx1 V2 2008.03.05 -
Rising 20.34.22.00 2008.03.05 -
Sophos 4.27.0 2008.03.05 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.05 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.05 -
Webwasher-Gateway 6.6.2 2008.03.05 Win32.Malware.gen!88 (suspicious)
Information additionnelle
File size: 2208 bytes

Merci d'avance
0

Discussions similaires

Instagram "Désolé, une erreur s'est produite"
bananamilk -
cedric.masdeb -

60 réponses
Erreur vidéo inconnue sur le Freebox Player
mouhaaV2.0 -
LH -

59 réponses
Free erreur 38 : impossible d'envoyer des SMS
warnawak -
marcellou -

58 réponses
Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses