Sujet Précédent Sujet Suivant

Desinfection échouee

Résolu
hmr81 Messages postés 25 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je viens d installer l antivirus Avira (j ai suivi les opignons positives a propos de ce logiciel).le problème c'est que il n arrive pas a desinfecter mon ordinateur d un certain trojan "TR vundo gen".je fais regulierement le scan de mon système et a chaque fois il le détecte,je le mets en quarantine pour qu il soit elimine apres le redemarage ,en vain.a part les messages d alerte frequentes me signalant ce trojan ,je coche refuser l acces ou mettre en quarantaine mais le message se repete .je ne sais pas quoi faire d autre . on dit ici que c un antivirus fiable ...

merci de me repondre
a +

10 réponses

Réponse 1 / 10
dou-l Messages postés 2871 Statut Membre 61
 
slt

Fais un scan avec cet antispyware :

Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
1
Réponse 2 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
dommage que tu n'ai pas coller un rapport antivir dans ton post!

_____________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

______________________
puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
1
hmr81 Messages postés 25 Statut Membre
 
Slt

voici le rapport apres le scan de hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:01, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {3432B41E-A143-49B9-964C-66C02D844C49} - C:\WINDOWS\system32\iifdcYSL.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96DC3D11-8D8A-4D63-962D-66B4E5B45367} - C:\WINDOWS\system32\awttrPGv.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\pmnnLdCS.dll
O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
O2 - BHO: (no name) - {E5E29CD7-557C-45D8-B4DC-4245D3275917} - C:\WINDOWS\system32\opnklkHy.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: qvdntlmw - {14108D7F-3AF9-436C-863C-8AD8921BDF02} - C:\WINDOWS\qvdntlmw.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Administrateur.STANDARD.000\lsass.exe
O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnnLdCS - C:\WINDOWS\SYSTEM32\pmnnLdCS.dll
O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - C:\WINDOWS\Installer\{3e9cda6f-5443-4727-8c98-4234e7f6db42}\ComponentVolume.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 3 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\pmllxhnx.dll
C:\WINDOWS\system32\iifdcYSL.dll
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\system32\awttrPGv.dll
C:\WINDOWS\system32\opnklkHy.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3432B41E-A143-49B9-964C-66C02D844C49}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DC3D11-8D8A-4D63-962D-66B4E5B45367}]
-[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5E29CD7-557C-45D8-B4DC-4245D3275917}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{14108D7F-3AF9-436C-863C-8AD8921BDF02}"=-
[HKEY_CLASSES_ROOT\clsid\{14108d7f-3af9-436c-863c-8ad8921bdf02}]
[HKEY_CLASSES_ROOT\qvdntlmw.1]
[HKEY_CLASSES_ROOT\qvdntlmw]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
1
hmr81 Messages postés 25 Statut Membre
 
Bonjour
voici d abord le rapport de combofix et au dessous le rapport de hijackthis:


ComboFix 08-05-07.1 - Administrateur 2008-05-08 14:43:42.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.825 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\killvund.exe
Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\system32\awttrPGv.dll
C:\WINDOWS\system32\iifdcYSL.dll
C:\WINDOWS\system32\opnklkHy.dll
C:\WINDOWS\system32\pmllxhnx.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
.

2008-05-08 00:51 . 2008-05-08 14:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
2008-04-22 04:16 . 2008-05-08 14:43 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 02:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
2008-03-25 19:02 --------- d-----w C:\Program Files\Java
2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
.

((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 12:01:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
C:\WINDOWS\system32\pmllxhnx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MalWarrior"="C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"bm"="C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" [ ]
"ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"6c2b927b"="C:\WINDOWS\system32\aukifhrw.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
"vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 14:46:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-05-08 14:50:07
ComboFix-quarantined-files.txt 2008-05-08 12:49:00
ComboFix2.txt 2008-05-07 23:07:23

Pre-Run: 7,428,075,520 octets libres
Post-Run: 7,415,410,688 octets libres

211 --- E O F --- 2008-03-24 14:20:30


maintenant le rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:17, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
hmr81 Messages postés 25 Statut Membre
 
Le rapport de nettoyage de malwarebyte's:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 731

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 96333
Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.

pour le rapport de hijack this j ai oublie de le sauvgarder ( c bete) mais j ai suivi les etapes que tu m as indiqué avec ce programme.
0
Réponse 4 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
ok

tu as MalWarrior 2007 et winSpyControl qui sont des roques (espions! ) ne pas les utiliser!!!

______________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)

O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

__________________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

_________________
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
C:\WINDOWS\system32\aukifhrw.dll
C:\WINDOWS\system32\pmllxhnx.dll
C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6c2b927b"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_____________________

Remets aussi un rapport Hijackthis et dis tes soucis
1
hmr81 Messages postés 25 Statut Membre
 
Slt

voici le rapport de scan de fraud fix ,apres le rapport de neittoyage.

SmitFraudFix v2.320

Rapport fait à 23:46:25,14, 08/05/2008
Executé à partir de C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.STANDARD.000


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.STANDARD.000\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.000\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Accton EN1207D-TX PCI Fast Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


le rapport de desinfection de fraudfix

SmitFraudFix v2.320

Rapport fait à 0:02:57,56, 09/05/2008
Executé à partir de C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
hmr81 Messages postés 25 Statut Membre
 
apres ,le nouveau rapport de combofix :
ComboFix 08-05-08.1 - Administrateur 2008-05-09 0:24:28.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.754 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
C:\WINDOWS\system32\aukifhrw.dll
C:\WINDOWS\system32\pmllxhnx.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
.

2008-05-08 23:46 . 2008-05-09 00:03 2,618 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-08 15:24 . 2008-05-08 15:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-08 00:51 . 2008-05-09 00:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
2008-04-22 04:16 . 2008-05-09 00:24 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 02:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
2008-03-25 19:02 --------- d-----w C:\Program Files\Java
2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
.

((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 22:13:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
"vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 00:27:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-05-09 0:30:41
ComboFix-quarantined-files.txt 2008-05-08 22:29:32
ComboFix2.txt 2008-05-07 23:07:23

Pre-Run: 7,347,970,048 octets libres
Post-Run: 7,336,398,848 octets libres

200 --- E O F --- 2008-03-24 14:20:30
0
hmr81 Messages postés 25 Statut Membre
 
Le rapport de malwarebyte's:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 731

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 96333
Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WinSpyControl (Rogue.WinSpyControl) -> No action taken.
C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> No action taken.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> No action taken.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> No action taken.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> No action taken.
0
hmr81 Messages postés 25 Statut Membre
 
est le rapport de desinfection de malwarebyte :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 731

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 96333
Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.

j ai oublie de sauvegarder le rapport de hijackthis,mais j ai suivi les etapes que tu m as indique avec ce logiciel
0
hmr81 Messages postés 25 Statut Membre
 
j ai fais un autre scan hijackthis que voici:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:39:27, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut faire la suite que j'avais indiquée!!!!

______________________
puis :

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_____________________

puis
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

______________________

colle ensuite un rapport antivir et un nouveau hijackhtis en le renommant cette fois
0
hmr81 Messages postés 25 Statut Membre
 
C le rapport de:
[05/08/2008, 0:25:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\VirtumundoBeGone.exe" )
[05/08/2008, 0:26:05] - User choose NOT to continue. Exiting...

[05/08/2008, 0:28:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\VirtumundoBeGone.exe" )
[05/08/2008, 0:28:19] - Detected System Information:
[05/08/2008, 0:28:19] - Windows Version: 5.1.2600, Service Pack 2
[05/08/2008, 0:28:19] - Current Username: Administrateur (Admin)
[05/08/2008, 0:28:19] - Windows is in NORMAL mode.
[05/08/2008, 0:28:20] - Searching for Browser Helper Objects:
[05/08/2008, 0:28:20] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/08/2008, 0:28:20] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
[05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
[05/08/2008, 0:28:20] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[05/08/2008, 0:28:20] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/08/2008, 0:28:20] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/08/2008, 0:28:20] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
[05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
[05/08/2008, 0:28:20] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/08/2008, 0:28:20] - BHO 8: {B3102264-D09D-4322-B625-503FBF18DD7E} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\pmnnLdCS
[05/08/2008, 0:28:20] - Found: HKLM\...\Winlogon\Notify\pmnnLdCS - This is probably Virtumundo.
[05/08/2008, 0:28:20] - Assigning {B3102264-D09D-4322-B625-503FBF18DD7E} MSEvents Object
[05/08/2008, 0:28:20] - BHO list has been changed! Starting over...
[05/08/2008, 0:28:20] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/08/2008, 0:28:20] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
[05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
[05/08/2008, 0:28:20] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[05/08/2008, 0:28:20] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/08/2008, 0:28:20] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/08/2008, 0:28:20] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
[05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
[05/08/2008, 0:28:20] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/08/2008, 0:28:20] - BHO 8: {B3102264-D09D-4322-B625-503FBF18DD7E} (MSEvents Object)
[05/08/2008, 0:28:20] - ALERT: Found MSEvents Object!
[05/08/2008, 0:28:20] - BHO 9: {b8725631-a264-450d-9989-e65f64f2e5a4} ()
[05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\pmllxhnx
[05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\pmllxhnx, continuing.
[05/08/2008, 0:28:20] - BHO 10: {E5E29CD7-557C-45D8-B4DC-4245D3275917} ()
[05/08/2008, 0:28:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:21] - Checking for HKLM\...\Winlogon\Notify\opnklkHy
[05/08/2008, 0:28:21] - Key not found: HKLM\...\Winlogon\Notify\opnklkHy, continuing.
[05/08/2008, 0:28:21] - Finished Searching Browser Helper Objects
[05/08/2008, 0:28:21] - *** Detected MSEvents Object
[05/08/2008, 0:28:21] - Trying to remove MSEvents Object...
[05/08/2008, 0:28:22] - Terminating Process: IEXPLORE.EXE
[05/08/2008, 0:28:22] - Terminating Process: RUNDLL32.EXE
[05/08/2008, 0:28:22] - Disabling Automatic Shell Restart
[05/08/2008, 0:28:22] - Terminating Process: EXPLORER.EXE
[05/08/2008, 0:28:22] - Suspending the NT Session Manager System Service
[05/08/2008, 0:28:23] - Terminating Windows NT Logon/Logoff Manager
[05/08/2008, 0:28:23] - Re-enabling Automatic Shell Restart
[05/08/2008, 0:28:23] - File to disable: C:\WINDOWS\system32\pmnnLdCS.dll
[05/08/2008, 0:28:23] - Renaming C:\WINDOWS\system32\pmnnLdCS.dll -> C:\WINDOWS\system32\pmnnLdCS.dll.vir
[05/08/2008, 0:28:24] - File successfully renamed!
[05/08/2008, 0:28:24] - Removing HKLM\...\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}
[05/08/2008, 0:28:24] - Removing HKCR\CLSID\{B3102264-D09D-4322-B625-503FBF18DD7E}
[05/08/2008, 0:28:24] - Adding Kill Bit for ActiveX for GUID: {B3102264-D09D-4322-B625-503FBF18DD7E}
[05/08/2008, 0:28:24] - Deleting ATLEvents/MSEvents Registry entries
[05/08/2008, 0:28:24] - Removing HKLM\...\Winlogon\Notify\pmnnLdCS
[05/08/2008, 0:28:24] - Searching for Browser Helper Objects:
[05/08/2008, 0:28:24] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[05/08/2008, 0:28:24] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
[05/08/2008, 0:28:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:24] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
[05/08/2008, 0:28:24] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
[05/08/2008, 0:28:24] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
[05/08/2008, 0:28:24] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/08/2008, 0:28:24] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/08/2008, 0:28:24] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
[05/08/2008, 0:28:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:25] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
[05/08/2008, 0:28:25] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
[05/08/2008, 0:28:25] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/08/2008, 0:28:25] - BHO 8: {b8725631-a264-450d-9989-e65f64f2e5a4} ()
[05/08/2008, 0:28:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:25] - Checking for HKLM\...\Winlogon\Notify\pmllxhnx
[05/08/2008, 0:28:25] - Key not found: HKLM\...\Winlogon\Notify\pmllxhnx, continuing.
[05/08/2008, 0:28:25] - BHO 9: {E5E29CD7-557C-45D8-B4DC-4245D3275917} ()
[05/08/2008, 0:28:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/08/2008, 0:28:26] - Checking for HKLM\...\Winlogon\Notify\opnklkHy
[05/08/2008, 0:28:27] - Key not found: HKLM\...\Winlogon\Notify\opnklkHy, continuing.
[05/08/2008, 0:28:27] - Finished Searching Browser Helper Objects
[05/08/2008, 0:28:27] - Finishing up...
[05/08/2008, 0:28:27] - A restart is needed.
[05/08/2008, 0:28:51] - Attempting to Restart via STOP error (Blue Screen!)

* Le rapport de combofix:
ComboFix 08-05-01.3 - Administrateur 2008-05-08 0:52:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.755 [GMT 2:00]
Endroit: D:\Amine\killvundo.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\log.txt
C:\Program Files\Helper
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\autorun.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Installer\{3e9cda6f-5443-4727-8c98-4234e7f6db42}\ComponentVolume.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\pskt.ini
C:\WINDOWS\rs.txt
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\LSYcdfii.ini
C:\WINDOWS\system32\LSYcdfii.ini2
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vGPrttwa.ini
C:\WINDOWS\system32\vGPrttwa.ini2
C:\WINDOWS\system32\wrhfikua.ini
C:\WINDOWS\system32\xirjbjpy.ini
C:\WINDOWS\system32\yHklknpo.ini
C:\WINDOWS\system32\yHklknpo.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_Network Monitor


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.

2008-05-08 00:51 . 2008-05-08 00:51 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
2008-05-03 23:34 . 2008-05-03 23:34 43,520 --a------ C:\WINDOWS\system32\pmnnLdCS.dll.vir
2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage r‚seau
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\ModŠles
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu D‚marrer
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
2008-04-22 04:16 . 2008-05-08 00:52 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 01:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
2008-03-25 19:02 --------- d-----w C:\Program Files\Java
2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3432B41E-A143-49B9-964C-66C02D844C49}]
C:\WINDOWS\system32\iifdcYSL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DC3D11-8D8A-4D63-962D-66B4E5B45367}]
C:\WINDOWS\system32\awttrPGv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
C:\WINDOWS\system32\pmllxhnx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5E29CD7-557C-45D8-B4DC-4245D3275917}]
C:\WINDOWS\system32\opnklkHy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{14108D7F-3AF9-436C-863C-8AD8921BDF02}"= "C:\WINDOWS\qvdntlmw.dll" [ ]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{14108d7f-3af9-436c-863c-8ad8921bdf02}]
[HKEY_CLASSES_ROOT\qvdntlmw.1]
[HKEY_CLASSES_ROOT\TypeLib\{C9B36848-A808-469F-B8B5-2A2D3D541F87}]
[HKEY_CLASSES_ROOT\qvdntlmw]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MalWarrior"="C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"bm"="C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" [ ]
"ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"6c2b927b"="C:\WINDOWS\system32\aukifhrw.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
"vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 00:58:30
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 344

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-08 1:07:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 23:07:13

Pre-Run: 7,437,053,952 octets libres
Post-Run: 7,471,939,584 octets libres

244 --- E O F --- 2008-03-24 14:20:30


j ai fais le scan avec vundofix mais il n a rien trouvé..
0
Réponse 6 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
cela devrait etre les derniere manip!!!

____________

mets a jour inernet explorer comme déjà mentionné
____________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Program Files\WinSpyControl\ptask.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ptask"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

___________________

verifie que antivir ne trouve rien!

si rien dans antivir c'est bon!

______________

pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWARTEBYTES ANTIMALWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
---------

aller sur le net avec firefox ou opera ou safari et non internet explorer qui est plus touché par les infections
0
hmr81 Messages postés 25 Statut Membre
 
bonjour

c le rapport de combofix:

ComboFix 08-05-08.1 - Administrateur 2008-05-09 14:36:24.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.830 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Program Files\WinSpyControl\ptask.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.

2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Malwarebytes
2008-05-09 00:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 00:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-08 23:46 . 2008-05-09 00:03 2,618 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-08 15:24 . 2008-05-08 15:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-08 00:51 . 2008-05-09 00:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
2008-04-22 04:16 . 2008-05-09 00:24 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 12:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-25 19:02 --------- d-----w C:\Program Files\Java
2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
.

((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 12:22:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
"vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
\Shell\Auto\command - printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 14:39:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-05-09 14:42:53
ComboFix-quarantined-files.txt 2008-05-09 12:41:45
ComboFix2.txt 2008-05-08 22:30:42
ComboFix3.txt 2008-05-07 23:07:23

Pre-Run: 7,280,005,120 octets libres
Post-Run: 7,268,401,152 octets libres

200 --- E O F --- 2008-03-24 14:20:30
0
hmr81 Messages postés 25 Statut Membre
 
Avira a encore detecte un troyan ,voici le rapport:

Avira AntiVir Personal
Report file date: vendredi 9 mai 2008 14:45

Scanning for 1256657 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: STANDARD

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 04/05/2008 15:19:40
AVSCAN.DLL : 8.1.1.0 53505 Bytes 04/05/2008 15:19:40
LUKE.DLL : 8.1.2.9 151809 Bytes 04/05/2008 15:19:41
LUKERES.DLL : 8.1.2.1 12033 Bytes 04/05/2008 15:19:41
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:19:41
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 14:00:03
ANTIVIR3.VDF : 7.0.4.17 72192 Bytes 08/05/2008 14:26:46
Engineversion : 8.1.0.39
AEVDF.DLL : 8.1.0.5 102772 Bytes 04/05/2008 15:19:42
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 04/05/2008 15:19:42
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 14:27:23
AERDL.DLL : 8.1.0.20 418165 Bytes 04/05/2008 15:19:42
AEPACK.DLL : 8.1.1.4 364918 Bytes 04/05/2008 15:19:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 04/05/2008 15:19:42
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 04/05/2008 15:19:42
AEHELP.DLL : 8.1.0.14 115063 Bytes 04/05/2008 15:19:41
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 14:27:20
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 14:27:11
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 14:26:57
AVWINLL.DLL : 1.0.0.7 14593 Bytes 04/05/2008 15:19:40
AVPREF.DLL : 8.0.0.1 25857 Bytes 04/05/2008 15:19:40
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 04/05/2008 15:19:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 04/05/2008 15:19:40
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 04/05/2008 15:19:40
SQLITE3.DLL : 3.3.17.1 339968 Bytes 04/05/2008 15:19:41
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 04/05/2008 15:19:41
NETNT.DLL : 8.0.0.1 7937 Bytes 04/05/2008 15:19:41
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 04/05/2008 15:19:34
RCTEXT.DLL : 8.0.32.0 86273 Bytes 04/05/2008 15:19:34

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 9 mai 2008 14:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'VIDAL.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{68F6092E-A582-48DB-945C-288631DBACD3}\RP2\A0000108.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.edw.2
[NOTE] The file was moved to '48544cbb.qua'!
Begin scan in 'D:\'


End of the scan: vendredi 9 mai 2008 15:22
Used time: 36:17 min

The scan has been done completely.

6801 Scanning directories
225470 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
225469 Files not concerned
1671 Archives were scanned
1 Warnings
1 Notes
0
Réponse 7 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok rien de grave. Il est dans ta restauration. Pour le virer désactive la restauration système puis redémarre ton ordi puis réactive là . (démarrer puis tous les programmes puis accessoire puis outils système puis restauration puis clique sur paramètre situé dans la partie gauche) . Voilà tu peux mettre résolu
0
hmr81 Messages postés 25 Statut Membre
 
d accord merci beaucoup pour ton aide et pour ta patience,c tres sympa
0
Réponse 8 / 10
hmr81 Messages postés 25 Statut Membre
 
ok je crois que mon poste n est plus infecte je te remercie
0
Réponse 9 / 10
hmr81 Messages postés 25 Statut Membre
 
c resolu merci beaucoup
0
Réponse 10 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui tu peux mettre résolu!
0

Discussions similaires

Colis shein
mlyss -
bazfile -

1 réponse
Désinfection
Pic hach -
Xileh -

9 réponses
desinfection
puce56 -
Malekal_morte- -

9 réponses
Désinfection Impossible
PaulWeller -
Utilisateur anonyme -

9 réponses
Besoin d'une désinfection
Cricrimalrande -
bazfile -

7 réponses