Virus Virtumonde (rapport hijackthis) - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 24
guigui134
 
Ha bah salut finalement ca ces terminer plus rapidement que prévu sauf que j'ai pas pu poster avant.. Alors voila bitdefender

BitDefender Online Scanner

Scan report generated at: Thu, Feb 21, 2008 - 13:09:10

Scan path: C:\;D:\;

Statistics

Time

03:11:43

Files

977621

Folders

26902

Boot Sectors

2

Archives

5656

Packed Files

67630

Results

Identified Viruses

1

Infected Files

2

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

2

Engines Info

Virus Definitions

982714

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Windows\System32\klhleaey.dll

Infected with: Trojan.Vundo.DZC

C:\Windows\System32\klhleaey.dll

Deleted

C:\Windows\System32\xynprcwd.dll

Infected with: Trojan.Vundo.DZC

C:\Windows\System32\xynprcwd.dll

Deleted

Et je poste dans un autre message le hijackthis
0
Réponse 22 / 24
guigui134
 
Voici le dernier rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:21, on 2008-02-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Windows\mixer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Users\Proprietaire\Desktop\ChatViewer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\CCM.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {1C989676-A9A4-402A-89FE-9D26E2C0481D} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {536974A3-4821-4C16-A313-597557CAD947} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56875E49-4A7A-4E14-9E71-BB7A07A13FDE} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7D4A6800-AD98-46EE-BB37-5A67E9C0E7D1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 23 / 24
green day Messages postés 26319 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
 
Salut

très bien poste un nouveau rapport combo stp

++
0
Réponse 24 / 24
guigui134
 
Oops j'suis pas allé en mode sans échec J'envoie quand meme le rapport vous m'en redonnerez des nouvelles

ComboFix 08-02-20.2 - Proprietaire 2008-02-24 22:06:18.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1361 [GMT -5:00]
Endroit: C:\Users\Proprietaire\Desktop\Logiciel\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 22:24 --------- d-----w C:\Program Files\Steam
2008-02-21 12:37 --------- d-----w C:\Users\Proprietaire\AppData\Roaming\Grisoft
2008-02-21 12:37 --------- d-----w C:\ProgramData\Grisoft
2008-02-21 12:30 --------- d-----w C:\Program Files\CCleaner
2008-02-21 00:03 --------- d-----w C:\Program Files\Winamp
2008-02-20 23:15 --------- d-----w C:\Program Files\Echovoice
2008-02-20 16:19 --------- d-----w C:\Program Files\LcdStudio
2008-02-20 15:34 --------- d-----w C:\Program Files\World of Warcraft
2008-02-20 15:12 --------- d-----w C:\ProgramData\Logitech
2008-02-20 15:12 --------- d-----w C:\Program Files\Logitech
2008-02-20 08:24 174 --sha-w C:\Program Files\desktop.ini
2008-02-20 08:17 --------- d-----w C:\Program Files\Windows Mail
2008-02-20 08:17 --------- d-----w C:\Program Files\Windows Defender
2008-02-20 08:17 --------- d-----w C:\Program Files\Windows Calendar
2008-02-20 08:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-20 08:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-20 08:05 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-20 08:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-20 08:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-20 08:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-20 08:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-20 08:05 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-20 08:05 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-20 08:05 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-20 08:05 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-20 08:05 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-20 08:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-20 08:04 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-02-20 08:04 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-02-20 08:04 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-02-20 08:04 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-02-20 08:04 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-02-20 08:04 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-02-20 08:04 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-02-20 08:04 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-02-20 08:04 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-02-19 17:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-19 17:24 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-02-19 17:24 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-02-19 17:24 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-02-19 17:24 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-19 17:24 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-19 17:23 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-02-19 17:23 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-02-19 17:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-02-19 17:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-02-19 17:20 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-02-19 17:20 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-19 17:20 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-02-19 17:20 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-02-19 17:20 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-02-19 17:20 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-19 17:20 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-02-19 17:20 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-02-19 17:20 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-02-19 17:20 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-02-19 17:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-19 17:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-19 17:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-19 17:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-19 17:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-19 17:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-19 17:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-19 17:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-19 17:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-19 17:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-02-19 17:17 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-19 17:17 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-19 17:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-19 17:15 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-19 17:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-19 17:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-19 17:15 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-19 17:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-19 17:14 633,856 ----a-w C:\Windows\System32\user32.dll
2008-02-19 17:14 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-02-19 17:14 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-02-19 17:14 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-02-19 17:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-19 17:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-19 17:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 17:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 17:12 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-02-19 16:16 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-02-19 16:16 --------- d-----w C:\Program Files\PCI Audio Applications
2008-02-19 16:11 --------- d-----w C:\Program Files\C-Media
2008-02-19 13:02 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-19 13:02 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-19 13:02 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-19 13:02 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-19 12:59 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-19 12:59 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-19 12:59 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-19 12:58 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-19 12:58 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-19 12:56 --------- d-sh--w C:\ProgramData\Modèles
2008-02-19 12:56 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-19 12:56 --------- d-sh--w C:\ProgramData\Favoris
2008-02-19 12:56 --------- d-sh--w C:\ProgramData\Bureau
2008-02-19 12:56 --------- d-sh--w C:\Program Files\Fichiers communs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C989676-A9A4-402A-89FE-9D26E2C0481D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 15:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{536974A3-4821-4C16-A313-597557CAD947}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56875E49-4A7A-4E14-9E71-BB7A07A13FDE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4A6800-AD98-46EE-BB37-5A67E9C0E7D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 09:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
{A057A204-BACC-4D26-8287-79A187E26987}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-19 12:15 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58 495616]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 04:45 49664]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 21:49 1266936]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-20 03:08 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"VX1000"="C:\Windows\vVX1000.exe" [2007-04-10 16:46 709992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 01:15 631362]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"C-Media Mixer"="Mixer.exe" [2004-08-10 23:44 1228800 C:\Windows\mixer.exe]
"CmPCIaudio"="CMICNFG3.CPL" []
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 18:30 1687824]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 19:08 2094352]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 16:52 53248]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Users\Proprietaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-14 17:55:45 106496]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-30 21:02:36 2880336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk

[HKLM\~\startupfolder\C:^Users^Proprietaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SM.lnk]
backup=C:\Windows\pss\SM.lnk.Startup
backupExtension=.Startup
path=C:\Users\Proprietaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SM.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 07:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-01-08 22:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 17:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 17:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 09:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 17:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 17:31]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 09:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 16:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-01-30 10:11]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-14 19:54]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 16:46]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 HDDTService;HDD Temperature;C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 14:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{618d802c-e3ac-11db-8477-806e6f6e6963}]
\shell\AutoRun\command - D:\demo32.exe

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 06:28:25 C:\Windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job"
- C:\Windows\vVX1000.exe
"2507-04-21 18:45:37 C:\Windows\Tasks\User_Feed_Synchronization-{76DE0A83-C550-467A-A559-218C50487C21}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 22:12:52
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-02-24 22:14:16
ComboFix-quarantined-files.txt 2008-02-25 03:14:11
ComboFix2.txt 2008-02-20 20:39:32
.
2008-02-21 23:10:19 --- E O F ---
0
Précédent
  • 1
  • 2

Discussions similaires

Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses