Pb avec Trojandownloader.sx - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 32
torpimer Messages postés 23 Statut Membre
 
Rapport Combofix

ComboFix 08-03-25.4 - Remi 2008-03-27 17:56:26.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1035 [GMT 1:00]
Endroit: C:\Documents and Settings\Remi\Bureau\Cheval de Troie\killbagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 14:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-27 14:14 . 2008-03-27 14:15 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-03-27 13:29 . 2008-03-27 13:29 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-27 13:26 . 2008-03-27 13:28 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-27 13:13 . 2008-03-27 13:14 <REP> d-------- C:\Documents and Settings\Remi\Application Data\PC-Cleaner
2008-03-27 13:12 . 2008-03-27 14:17 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-27 13:08 . 2008-03-27 13:08 <REP> d-------- C:\Documents and Settings\Remi\.housecall6.6
2008-03-27 13:07 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-27 13:07 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-27 13:07 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-27 13:07 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-27 13:07 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-27 13:07 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-27 13:07 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-27 13:07 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-27 13:07 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-27 13:05 . 2008-03-27 13:28 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-27 13:00 . 2008-03-27 13:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-27 13:00 . 2008-03-27 13:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 22:40 . 2008-03-26 23:09 <REP> d-------- C:\Program Files\Lopxp
2008-03-26 22:38 . 2008-03-26 22:38 <REP> d-------- C:\_OTMoveIt
2008-03-26 22:30 . 2008-03-26 22:30 98,304 --a------ C:\WINDOWS\system32\fgzqhizw.exe
2008-03-26 22:13 . 2008-03-26 22:17 <REP> d-------- C:\Program Files\Navilog1
2008-03-26 22:07 . 2008-03-26 22:07 98,304 --a------ C:\WINDOWS\system32\ynwluzgx.exe
2008-03-26 20:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-26 20:39 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-26 20:39 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-26 20:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-26 20:33 . 2008-03-26 20:33 <REP> d-------- C:\Program Files\Trend Micro
2008-03-26 09:06 . 2008-03-26 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\kggqbxnu
2008-03-25 19:31 . 2008-03-26 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\idoxefyx
2008-03-19 13:05 . 2008-03-19 13:05 <REP> d-------- C:\Program Files\AVIcodec
2008-03-17 09:49 . 2008-03-27 08:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 09:49 . 2008-03-17 09:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 18:43 . 2008-03-12 18:51 <REP> d-------- C:\Program Files\DVDFab Express
2008-03-07 12:59 . 2008-03-26 22:29 <REP> d-------- C:\Program Files\free-downloads.net
2008-03-07 12:59 . 2008-03-07 12:59 <REP> d-------- C:\Program Files\Alcohol Soft
2008-03-07 12:57 . 2008-03-07 12:57 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:02 --------- d-----w C:\Documents and Settings\Remi\Application Data\Skype
2008-03-24 08:42 --------- d-----w C:\Program Files\Akakliké 2
2008-03-22 21:19 --------- d-----w C:\Program Files\Java
2008-03-22 17:02 --------- d-----w C:\Documents and Settings\Remi\Application Data\Azureus
2008-03-19 12:26 --------- d-----w C:\Program Files\Azureus
2008-02-18 12:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-14 18:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 19:09 --------- d-----w C:\Program Files\TomTom HOME 2
2008-01-30 18:59 --------- d-----w C:\Program Files\Canon
2008-01-30 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-27 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-09 17:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-25 09:17 20,744 ----a-w C:\Documents and Settings\Remi\Application Data\GDIPFONTCACHEV1.DAT
2007-04-12 18:27 92,064 ----a-w C:\Documents and Settings\Remi\mqdmmdm.sys
2007-04-12 18:27 9,232 ----a-w C:\Documents and Settings\Remi\mqdmmdfl.sys
2007-04-12 18:27 79,328 ----a-w C:\Documents and Settings\Remi\mqdmserd.sys
2007-04-12 18:27 66,656 ----a-w C:\Documents and Settings\Remi\mqdmbus.sys
2007-04-12 18:27 6,208 ----a-w C:\Documents and Settings\Remi\mqdmcmnt.sys
2007-04-12 18:27 5,936 ----a-w C:\Documents and Settings\Remi\mqdmwhnt.sys
2007-04-12 18:27 4,048 ----a-w C:\Documents and Settings\Remi\mqdmcr.sys
2007-04-12 18:27 25,600 ----a-w C:\Documents and Settings\Remi\usbsermptxp.sys
2007-04-12 18:27 22,768 ----a-w C:\Documents and Settings\Remi\usbsermpt.sys
2006-11-18 12:06 81,920 ----a-w C:\Documents and Settings\Remi\Application Data\ezpinst.exe
2006-11-18 12:06 47,360 ----a-w C:\Documents and Settings\Remi\Application Data\pcouffin.sys
2001-11-23 11:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-03-26_22.09.50.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 23:09:19 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-19 23:09:19 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-19 23:09:21 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-12-07 01:07:03 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-19 23:09:27 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-19 23:09:54 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-19 23:09:27 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-19 23:09:27 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-09-28 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-19 23:09:27 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-19 23:09:27 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-19 23:09:27 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-19 23:09:27 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-19 23:09:54 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-19 23:09:28 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-19 23:09:30 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-19 23:09:58 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-12-07 14:37:06 3,080,192 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-19 23:08:26 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-09-28 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-19 23:09:36 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-10-27 18:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2006-10-27 18:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-19 23:09:46 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-12-07 01:07:05 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-19 23:09:46 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-19 23:09:47 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-12-07 01:07:05 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2006-10-27 01:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2006-10-27 14:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2006-10-17 11:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2006-10-27 01:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2006-10-27 01:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2006-10-27 01:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2006-10-27 01:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2006-09-05 23:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2006-10-17 11:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2006-10-27 01:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2006-10-27 14:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2006-10-27 01:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2006-10-17 11:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2006-10-27 01:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2006-10-27 14:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2006-10-27 14:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2006-10-27 14:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2006-10-27 14:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2006-10-27 14:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2006-10-27 14:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2006-10-27 14:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2006-10-27 14:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2006-10-27 14:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
+ 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
+ 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
+ 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll.000
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000
+ 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-19 23:09:19 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-19 23:09:19 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2006-10-27 01:44:26 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-10-17 12:03:56 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-12-21 10:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-10-27 14:09:58 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-10-17 11:44:36 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-09-28 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 12:04:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 12:06:00 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2006-10-27 14:09:58 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-10-27 01:44:26 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2006-10-17 11:57:58 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-27 01:44:08 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2006-10-17 12:00:00 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-10-17 12:05:10 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-10-17 11:56:10 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-12-07 14:37:06 3,080,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-08 09:38:36 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-10-17 11:28:56 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2001-09-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2006-10-27 14:09:58 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 01:07:05 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2006-10-27 14:09:58 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2006-10-27 14:09:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 01:07:05 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-12-07 01:07:03 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 01:07:04 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-19 23:09:54 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-19 23:09:27 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-19 23:09:27 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2001-09-28 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-19 23:09:27 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-19 23:09:27 81,920 ------w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 12:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 01:07:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-19 23:09:27 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-19 23:09:27 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-19 23:09:28 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-03-26 21:07:07 224,471 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-03-27 15:20:09 224,476 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-12-07 01:07:04 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 12:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 01:07:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-19 23:09:30 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 12:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-19 23:09:58 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 11:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-12-07 14:37:06 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 01:07:04 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-19 23:08:26 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-09-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-27 14:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-12-07 01:07:04 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 01:07:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-19 23:09:36 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-12-07 01:07:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-19 23:09:46 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 01:07:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-19 23:09:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-27 14:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-19 23:09:47 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-19 23:09:47 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-12-07 01:07:05 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-03-27 15:20:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5cc.dat
+ 2008-03-27 15:20:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-23 13:14 67128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20 361832]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-02-22 12:22 216520]
"sojaowmh"="C:\WINDOWS\system32\ynwluzgx.exe" [2008-03-26 22:07 98304]
"wtdqqcul"="C:\WINDOWS\system32\fgzqhizw.exe" [2008-03-26 22:30 98304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16 631364]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 13:14:51 67128]
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2006-06-30 11:29:20 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-26 01:00]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-20 00:09]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 08:07]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c68a48cc-8ed2-11db-8c15-000c7660404d}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 17:57:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-27 17:58:21
ComboFix-quarantined-files.txt 2008-03-27 16:58:12
ComboFix2.txt 2008-03-26 21:10:05
.
2008-03-12 20:35:41 --- E O F ---
0
Réponse 22 / 32
torpimer Messages postés 23 Statut Membre
 
En travaillant, une fenêtre apparait et me dit:
Warning your computer may have critical errors in windows registry system§

Et dans la barre des tâches apparait un triangle jaune et quand je clique dessus une fenêtre internet apparait l'adresse suivante http://antispyware-reviews.biz/?wmid=4663&pwebmid=R3n1c2Bg8A
0
Réponse 23 / 32
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
analyse ce fichier sur virus total et si infécté tu le rajoute dans la citation otmovit:
https://www.virustotal.com/gui/

C:\WINDOWS\system32\fgzqhizw.exe

___________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\PC-Cleaner

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________

colle uhn scan en ligne et dis tes soucis actuels
0
Réponse 24 / 32
torpimer Messages postés 23 Statut Membre
 
Effectivement le fichier C:\WINDOWS\system32\fgzqhizw.exe était infesté donc je l'ai ajouté dans moveit voici le rapport.


C:\WINDOWS\system32\fgzqhizw.exe moved successfully.
C:\Program Files\PC-Cleaner\com moved successfully.
C:\Program Files\PC-Cleaner moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_190324

Rapport Combox fait dans la foulée

ComboFix 08-03-25.4 - Remi 2008-03-27 19:06:51.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1029 [GMT 1:00]
Endroit: C:\Documents and Settings\Remi\Bureau\Cheval de Troie\killbagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 14:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-27 14:14 . 2008-03-27 14:15 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-03-27 13:29 . 2008-03-27 13:29 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-27 13:26 . 2008-03-27 13:28 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-27 13:13 . 2008-03-27 13:14 <REP> d-------- C:\Documents and Settings\Remi\Application Data\PC-Cleaner
2008-03-27 13:08 . 2008-03-27 13:08 <REP> d-------- C:\Documents and Settings\Remi\.housecall6.6
2008-03-27 13:07 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-27 13:07 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-27 13:07 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-27 13:07 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-27 13:07 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-27 13:07 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-27 13:07 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-27 13:07 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-27 13:07 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-27 13:05 . 2008-03-27 13:28 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-27 13:00 . 2008-03-27 13:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-27 13:00 . 2008-03-27 13:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 22:40 . 2008-03-26 23:09 <REP> d-------- C:\Program Files\Lopxp
2008-03-26 22:38 . 2008-03-26 22:38 <REP> d-------- C:\_OTMoveIt
2008-03-26 22:13 . 2008-03-26 22:17 <REP> d-------- C:\Program Files\Navilog1
2008-03-26 22:07 . 2008-03-26 22:07 98,304 --a------ C:\WINDOWS\system32\ynwluzgx.exe
2008-03-26 20:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-26 20:39 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-26 20:39 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-26 20:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-26 20:33 . 2008-03-26 20:33 <REP> d-------- C:\Program Files\Trend Micro
2008-03-26 09:06 . 2008-03-26 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\kggqbxnu
2008-03-25 19:31 . 2008-03-26 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\idoxefyx
2008-03-19 13:05 . 2008-03-19 13:05 <REP> d-------- C:\Program Files\AVIcodec
2008-03-17 09:49 . 2008-03-27 18:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 09:49 . 2008-03-17 09:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 18:43 . 2008-03-12 18:51 <REP> d-------- C:\Program Files\DVDFab Express
2008-03-07 12:59 . 2008-03-26 22:29 <REP> d-------- C:\Program Files\free-downloads.net
2008-03-07 12:59 . 2008-03-07 12:59 <REP> d-------- C:\Program Files\Alcohol Soft
2008-03-07 12:57 . 2008-03-07 12:57 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:02 --------- d-----w C:\Documents and Settings\Remi\Application Data\Skype
2008-03-24 08:42 --------- d-----w C:\Program Files\Akakliké 2
2008-03-22 21:19 --------- d-----w C:\Program Files\Java
2008-03-22 17:02 --------- d-----w C:\Documents and Settings\Remi\Application Data\Azureus
2008-03-19 12:26 --------- d-----w C:\Program Files\Azureus
2008-02-18 12:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-14 18:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 19:09 --------- d-----w C:\Program Files\TomTom HOME 2
2008-01-30 18:59 --------- d-----w C:\Program Files\Canon
2008-01-30 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-27 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-09 17:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-25 09:17 20,744 ----a-w C:\Documents and Settings\Remi\Application Data\GDIPFONTCACHEV1.DAT
2007-04-12 18:27 92,064 ----a-w C:\Documents and Settings\Remi\mqdmmdm.sys
2007-04-12 18:27 9,232 ----a-w C:\Documents and Settings\Remi\mqdmmdfl.sys
2007-04-12 18:27 79,328 ----a-w C:\Documents and Settings\Remi\mqdmserd.sys
2007-04-12 18:27 66,656 ----a-w C:\Documents and Settings\Remi\mqdmbus.sys
2007-04-12 18:27 6,208 ----a-w C:\Documents and Settings\Remi\mqdmcmnt.sys
2007-04-12 18:27 5,936 ----a-w C:\Documents and Settings\Remi\mqdmwhnt.sys
2007-04-12 18:27 4,048 ----a-w C:\Documents and Settings\Remi\mqdmcr.sys
2007-04-12 18:27 25,600 ----a-w C:\Documents and Settings\Remi\usbsermptxp.sys
2007-04-12 18:27 22,768 ----a-w C:\Documents and Settings\Remi\usbsermpt.sys
2006-11-18 12:06 81,920 ----a-w C:\Documents and Settings\Remi\Application Data\ezpinst.exe
2006-11-18 12:06 47,360 ----a-w C:\Documents and Settings\Remi\Application Data\pcouffin.sys
2001-11-23 11:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-23 13:14 67128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20 361832]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-02-22 12:22 216520]
"sojaowmh"="C:\WINDOWS\system32\ynwluzgx.exe" [2008-03-26 22:07 98304]
"wtdqqcul"="C:\WINDOWS\system32\fgzqhizw.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16 631364]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 13:14:51 67128]
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2006-06-30 11:29:20 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-26 01:00]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-20 00:09]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 08:07]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c68a48cc-8ed2-11db-8c15-000c7660404d}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 19:07:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-27 19:08:17
ComboFix-quarantined-files.txt 2008-03-27 18:08:03
ComboFix2.txt 2008-03-27 16:58:21
ComboFix3.txt 2008-03-26 21:10:05
.
2008-03-12 20:35:41 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
analyse aussi ceci sur virus total et vire aussi avec otmovit
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\fr-fr
C:\WINDOWS\system32\ynwluzgx.exe
C:\Documents and Settings\All Users\Application Data\kggqbxnu
C:\Documents and Settings\All Users\Application Data\idoxefyx

_______

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\Remi\Application Data\PC-Cleaner

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________
vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit
_________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
_________
recolle un hijakchits et dis tes soucis
0
Réponse 26 / 32
torpimer Messages postés 23 Statut Membre
 
J'ai fait le nécessaire pour moveit mais j'ai oublié de poster le rapport. Cependant tout été ok.

Je suis en train de faire un scan en ligne via bitdefender.

Pour info j'ai essayé panda mais avast m'a signalé une alerte virus donc je viens de l'arrêter.

Je poste le rapport dès que possible.

Cependant la liaison wifi étant mauvaise ce soir pour moi, l'analyse risque d'être interrompue.

A part cela plus aucun problème actuellement.

A bientôt
0
Réponse 27 / 32
torpimer Messages postés 23 Statut Membre
 
A priori impec Merci beaucoup

BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Mar 27, 2008 - 21:17:25

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;

Statistiques

Temps
00:35:54

Fichiers
79407

Directoires
7577

Secteurs de boot
5

Archives
1344

Paquets programmes
9706

Résultats

Virus identifiés
0

Fichiers infectés
0

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
0

Info sur les moteurs

Définition virus
1035557

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
41

Unpack des plugins
7

E-mail plugins
6

Système plugins
5

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

Aucun virus trouvé.
0
Réponse 28 / 32
torpimer Messages postés 23 Statut Membre
 
Rapport Hijackthis et pour l'instant rien d'anormal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:13:11, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.10.12:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [sojaowmh] C:\WINDOWS\system32\ynwluzgx.exe
O4 - HKCU\..\Run: [wtdqqcul] C:\WINDOWS\system32\fgzqhizw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{461DF2C7-3FCB-45E2-85B9-ACC2E2241B0C}: NameServer = 194.2.0.20,194.2.0.50
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 29 / 32
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu avais viré ces lignes avec otmovit?
si c'est pas le cas fait le

fix ces lignes
O4 - HKCU\..\Run: [sojaowmh] C:\WINDOWS\system32\ynwluzgx.exe
O4 - HKCU\..\Run: [wtdqqcul] C:\WINDOWS\system32\fgzqhizw.exe

_______

refais hijakchtis , si absente c'est bon!!!

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 30 / 32
torpimer Messages postés 23 Statut Membre
 
j'ai viré C:\WINDOWS\system32\ynwluzgx.exe qui était resté sur mon PC.

Rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:04, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.10.12:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{461DF2C7-3FCB-45E2-85B9-ACC2E2241B0C}: NameServer = 194.2.0.20,194.2.0.50
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 31 / 32
torpimer Messages postés 23 Statut Membre
 
Pour l'instant plus de problème.

Merci beaucoup pour l'aide apportée pour mon pb.

Bon vent et merci encore.

J'installe le nécessaire pour éviter de nouvelles intrusions.
0
Réponse 32 / 32
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
ok tout est bon

bonne suite
0
Précédent
  • 1
  • 2