Problèmes virus, Conhook.d et "Rootkit Gen&qu
volty
-
volty -
volty -
Bonjour tout le monde.
Depuis que j'ai branché une clé USB chez un pote qui était déjà infecté par un virus (grosse connerie, je vous l'accorde), j'ai pas mal de problèmes avec le pc. D'une part l'explorer windows s'amuse à planter tout seul, Mozilla Firefox marche mal (lent et plante).
L'ordi est un peu plus lent qu'habituellement.
Une pop-up internet explorer (que je n'utilise pas) s'ouvre régulièrement, sur une page menant vers un lien miroir pour télécharger "Disquedurfacile" ou un truc du genre.
Windows Security Center me dit que j'ai un trojan nommé Conhook.d , impossible de le supprimer.
Avast me détecte un virus dans les Win32 nommé Rootkit Gen, et s'allume régulièrement pour me le rappeler.
Je suis sur un pc portable ASUS, avec VISTA dessus.
Ce que j'ai fais jusque là:
Analyse AVG antispyware
Analyse avec Spybot Search And Destroy
Analyse avec Avast (qui ne réussit toujours pas à supprimer les infections qu'il détecte)
Analyse avec le centre de sécurité windows (je suis plus à ça près^^)
Défragmentation avec JKdefrag
Analyse avec CCcleaner (qui ne semble pas voir de virus dans mon ordi)
Désinstallation et réinstallation de Mozilla Firefox (mais je l'ai peut être pas fait de manière complète, car quand je l'ai réinstallé, mes favoris et barres personnelles étaient restées intactes).
Si la pop up explorer s'est viré, j'ai toujours des alertes d'Avast et l'alerte du centre de sécurité Windows, Mozilla rame toujours autant et l'explorateur windows me fait des farces.
Que dois-je faire ?
Quel anti virus installer (ou désinstaller???) ?
Je suis allé sur d'autres sujets affichant un problème similaire mais je n'ai pas compris grand chose à tous les copier coller de codages (je suis un vrai noob dans ce genre de trucs).
Donc bref, je fais appel à vous autres, qui avez déjà eu ce problème, et tant qu'à faire, j'aimerais aussi pouvoir optimiser ma protection résidente et la qualité de vie de mon ordinateur^^.
A plus tard
Merci d'avance pour vos réponses :)
Depuis que j'ai branché une clé USB chez un pote qui était déjà infecté par un virus (grosse connerie, je vous l'accorde), j'ai pas mal de problèmes avec le pc. D'une part l'explorer windows s'amuse à planter tout seul, Mozilla Firefox marche mal (lent et plante).
L'ordi est un peu plus lent qu'habituellement.
Une pop-up internet explorer (que je n'utilise pas) s'ouvre régulièrement, sur une page menant vers un lien miroir pour télécharger "Disquedurfacile" ou un truc du genre.
Windows Security Center me dit que j'ai un trojan nommé Conhook.d , impossible de le supprimer.
Avast me détecte un virus dans les Win32 nommé Rootkit Gen, et s'allume régulièrement pour me le rappeler.
Je suis sur un pc portable ASUS, avec VISTA dessus.
Ce que j'ai fais jusque là:
Analyse AVG antispyware
Analyse avec Spybot Search And Destroy
Analyse avec Avast (qui ne réussit toujours pas à supprimer les infections qu'il détecte)
Analyse avec le centre de sécurité windows (je suis plus à ça près^^)
Défragmentation avec JKdefrag
Analyse avec CCcleaner (qui ne semble pas voir de virus dans mon ordi)
Désinstallation et réinstallation de Mozilla Firefox (mais je l'ai peut être pas fait de manière complète, car quand je l'ai réinstallé, mes favoris et barres personnelles étaient restées intactes).
Si la pop up explorer s'est viré, j'ai toujours des alertes d'Avast et l'alerte du centre de sécurité Windows, Mozilla rame toujours autant et l'explorateur windows me fait des farces.
Que dois-je faire ?
Quel anti virus installer (ou désinstaller???) ?
Je suis allé sur d'autres sujets affichant un problème similaire mais je n'ai pas compris grand chose à tous les copier coller de codages (je suis un vrai noob dans ce genre de trucs).
Donc bref, je fais appel à vous autres, qui avez déjà eu ce problème, et tant qu'à faire, j'aimerais aussi pouvoir optimiser ma protection résidente et la qualité de vie de mon ordinateur^^.
A plus tard
Merci d'avance pour vos réponses :)
A voir également:
- Problèmes virus, Conhook.d et "Rootkit Gen&qu
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Faux message virus iphone ✓ - Forum Virus
6 réponses
slt,
1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
3/
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
4/
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
5/
colle un rapport hijackthis
et dis tes soucis actuels
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
3/
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
4/
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
5/
colle un rapport hijackthis
et dis tes soucis actuels
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Salut à toi!
Les étapes 1 et 2 n'ont rien donné.
Voici les rapports avec les logiciels suivants.
Je pense qu'il y a encore le virus sur mon pc, le centre de sécurité windows me l'a encore détecté. Avast a détecté encore un virus (mais pas le même nom), je crois qu'il a réussi à le supprimer, je tente un nouvea scan demain.
Sinon Mozilla Firefox marche un peu quand il veut, j'ai pu naviguer tranquil pendant une demi heure et maintenant il rame à nouveau :/. L'explorateur de Windows bugue encore plus j'ai l'impression.
3/
[05/17/2008, 19:59:56] - VirtumundoBeGone v1.5 ( "C:\Users\Jojo volthy\Desktop\VirtumundoBeGone.exe" )
[05/17/2008, 20:00:00] - Detected System Information:
[05/17/2008, 20:00:00] - Windows Version: 6.0.6000,
[05/17/2008, 20:00:00] - Current Username: Jojo volthy (Admin)
[05/17/2008, 20:00:00] - Windows is in NORMAL mode.
[05/17/2008, 20:00:00] - Searching for Browser Helper Objects:
[05/17/2008, 20:00:00] - BHO 1: {1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\geBuVmnO
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\geBuVmnO, continuing.
[05/17/2008, 20:00:00] - BHO 2: {1F5353F8-6D09-49DC-9A6D-7C2AF63854AF} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\hgGaxvst
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\hgGaxvst, continuing.
[05/17/2008, 20:00:00] - BHO 3: {491BFC82-44DD-409B-A63D-C087DA3266F3} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 4: {4C8890BF-8DA4-420F-8C79-318AA8E7B83C} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 5: {5683C35C-8665-4519-8C29-4DC39E4BEBAC} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 6: {6870827C-5130-42AF-BE62-A12FA0BC37FA} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/17/2008, 20:00:00] - BHO 8: {9030D464-4C0
2-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/17/2008, 20:00:00] - BHO 9: {A146199B-5B00-48AC-99E0-58211C33D894} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 10: {A7E81B89-DF38-40C8-A767-6FBECB65B862} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\efcAPHYP
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\efcAPHYP, continuing.
[05/17/2008, 20:00:00] - BHO 11: {FD0FE59E-818C-4D88-97FA-0F7C4AF413B1} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - Finished Searching Browser Helper Objects
[05/17/2008, 20:00:00] - Finishing up...
[05/17/2008, 20:00:00] - Nothing found! Exiting...
4/
ComboFix 08-05-15.3 - Jojo volthy 2008-05-17 20:07:43.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1076 [GMT 2:00]
Endroit: C:\Users\Jojo volthy\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\System32\aHghknpo.ini
C:\Windows\System32\aHghknpo.ini2
C:\Windows\System32\blguidpn.ini
C:\Windows\System32\ccKkRXyb.ini
C:\Windows\System32\ccKkRXyb.ini2
C:\Windows\system32\exahjwxj.ini
C:\Windows\system32\gtgvyutj.exe
C:\Windows\system32\hjvfvour.ini
C:\Windows\system32\iukommby.ini
C:\Windows\system32\jkigehoo.ini
C:\Windows\system32\jopokttj.exe
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mimvwolg.ini
C:\Windows\system32\mnVvGOYb.ini
C:\Windows\System32\mnVvGOYb.ini2
C:\Windows\system32\mqwyjhjh.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\nxqfcvja.exe
C:\Windows\System32\OnmVuBeg.ini
C:\Windows\System32\OnmVuBeg.ini2
C:\Windows\system32\pac.txt
C:\Windows\System32\qqpoWyxx.ini
C:\Windows\System32\qqpoWyxx.ini2
C:\Windows\System32\rsBHOqru.ini
C:\Windows\System32\rsBHOqru.ini2
C:\Windows\system32\RuCIQWFe.ini
C:\Windows\System32\RuCIQWFe.ini2
C:\Windows\System32\tsvxaGgh.ini
C:\Windows\System32\tsvxaGgh.ini2
C:\Windows\System32\uvyGOqss.ini
C:\Windows\System32\uvyGOqss.ini2
C:\Windows\System32\uwFLRXbc.ini
C:\Windows\System32\uwFLRXbc.ini2
C:\Windows\System32\wkyippds.ini
C:\Windows\System32\XGPporCf.ini
C:\Windows\System32\XGPporCf.ini2
C:\Windows\system32\ydmfgcss.exe
C:\Windows\System32\yGPppXyb.ini
C:\Windows\System32\yGPppXyb.ini2
C:\Windows\system32\yhnbcsoa.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 18:05 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\OFFICEOne7
2008-05-17 15:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 13:54 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-17 13:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 12:30 --------- d-----w C:\ProgramData\Lavasoft
2008-05-17 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 12:24 --------- d-----w C:\Program Files\K-Meleon
2008-05-17 12:19 5,528,000 ----a-w C:\Users\Jojo volthy\K-Meleon1.1.5fr-FR.exe
2008-05-17 10:48 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\uTorrent
2008-05-17 10:27 --------- d-----w C:\Program Files\MAIET
2008-05-17 08:41 2,751,368 ----a-w C:\Users\Jojo volthy\ccleaner_ccleaner_2.06.567_francais_14492.exe
2008-05-17 08:41 --------- d-----w C:\Program Files\CCleaner
2008-05-17 08:34 94,403 ----a-w C:\Users\Jojo volthy\install_CCleaner_.exe
2008-05-16 20:36 --------- d-----w C:\Program Files\JkDefrag
2008-05-16 20:31 895,351 ----a-w C:\Users\Jojo volthy\JkDefrag_3.26_Fr_full.exe
2008-05-16 20:26 6,115,448 ----a-w C:\Users\Jojo volthy\Firefox Setup 2.0.0.14.exe
2008-05-16 19:37 21,364,592 ----a-w C:\Users\Jojo volthy\Lavasoft_Adaware2007_fr.exe
2008-05-16 15:25 --------- d-----w C:\Program Files\Last.fm
2008-05-14 15:52 46,296 ----a-w C:\Users\Jojo volthy\the.emperors.new.groove.(2000).eng.2cd.(3165983).zip
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 05:38 --------- d-----w C:\Program Files\winvi
2008-05-10 05:18 86,016 ----a-w C:\Users\Jojo volthy\ctfmon.exe
2008-05-10 05:18 462 ----a-w C:\Users\Jojo volthy\820.bat
2008-05-02 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 09:41 --------- d-----w C:\Program Files\Java
2008-04-24 09:40 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 10:11 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\Grisoft
2008-04-04 10:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-31 15:31 --------- d-----w C:\Program Files\VideoLAN
2008-03-31 14:18 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-28 22:04 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\dvdcss
2008-03-23 02:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-22 20:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E}]
C:\Windows\system32\geBuVmnO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5353F8-6D09-49DC-9A6D-7C2AF63854AF}]
2008-05-17 15:18 374784 --a------ C:\Windows\system32\hgGaxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{491BFC82-44DD-409B-A63D-C087DA3266F3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C8890BF-8DA4-420F-8C79-318AA8E7B83C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5683C35C-8665-4519-8C29-4DC39E4BEBAC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6870827C-5130-42AF-BE62-A12FA0BC37FA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A146199B-5B00-48AC-99E0-58211C33D894}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0FE59E-818C-4D88-97FA-0F7C4AF413B1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-21 09:32 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 15:32 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 15:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-21 10:07 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-21 10:07 37232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSServer"="C:\Windows\system32\iifcBrsQ.dll" [2008-05-10 07:18 28672]
"d8ad891a"="C:\Windows\system32\sdppiykw.dll" [2008-05-17 15:27 95232]
"BMdb9eba86"="C:\Windows\system32\pcfbrquh.dll" [2008-05-17 15:19 109568]
C:\Users\Jojo volthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-11 02:22:51 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A7E81B89-DF38-40C8-A767-6FBECB65B862}"= C:\Windows\system32\iifcBrsQ.dll [2008-05-10 07:18 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1020043157-3693544692-2271888537-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13FD4987-E858-412C-B6F6-A649D81EC956}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A89E4C51-15B0-4648-872E-1A5849EBF49F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{286CCDE0-7ABE-45FE-8C11-28BD73BF79FA}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17433FDF-2A26-4ED3-A2B6-EC4206C09C8E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{20275DD6-0687-4F1D-AE29-65A5FF6E4A16}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{EE74357F-5E6E-46BF-9662-3D6FFB3C8477}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6916FE0F-D2C4-46A8-9D2E-D1FEA990431D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57471293-71B1-43FE-8FC0-B0258CFBDBE7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60A6EF44-9154-4D5B-9FBF-27B7D034D981}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8F50E5C0-0333-4761-AA4B-D822CD884E4D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{73522192-A280-4915-8994-FD0E3A17E251}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94C28E8C-5CFC-4852-946D-90E41AE18661}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{CD963B00-7E09-4C1B-8A30-45D5BB95DF0B}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{E326354C-5657-44B7-9795-6618BED014CC}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{0379E54F-C8F7-4323-A812-3E6D38A9BCEA}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{91C1914C-BC96-4679-90AF-7CD844C49351}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{FD16748A-ED2A-41D8-BC53-57B46DDA73BA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6E50AC9E-8BA4-4EC6-980B-115C74DBF6E7}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{3C051FF9-5F92-4414-BB8C-1FCE2C720CB9}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{718FDF9B-1333-4BAC-8050-5C66421B9456}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{3586CEC6-5221-486A-90F6-1932AD259A52}D:\\world of padman\\wop.exe"= UDP:D:\world of padman\wop.exe:wop
"UDP Query User{2B84BE8E-4177-4B61-9280-26097205B264}D:\\world of padman\\wop.exe"= TCP:D:\world of padman\wop.exe:wop
"TCP Query User{273F951E-55E4-4817-A9A0-7256E938C7EB}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{BB7FBBC4-6696-4D27-8C01-B1029FC4389E}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{DBFA6A0D-8713-4639-9BE3-AE7DA7570837}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{7A33B02A-A8AE-4C73-ABD1-965751550893}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{1FC0390F-5C1E-4CF2-9FAF-32D2E1939195}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{D85099F7-777E-449C-82E1-D8C9966ACAED}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{E15D30F4-1F1B-4D00-AEC7-917A4FDBE9E8}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{87E48950-8FE9-4272-A4E7-519C43B0C6C2}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{D5F024AC-201B-4856-B277-4324DF758DE6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8CB6A584-0090-4BDB-A832-6687BD22AEE8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{85A3BAE6-C77E-42DC-BDF6-B10F6D1A72F9}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{425B0A67-C839-4E23-9368-78076F1B4406}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{6AEA874E-19E0-4014-BE98-999CE96FACD9}"= UDP:25585:BitComet 25585 TCP
"{2090E21A-AF3B-45F0-9C50-B2E643B38A88}"= TCP:25585:BitComet 25585 UDP
"{6518B568-73E9-453A-BF22-F411AE898D27}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{73D9F9EB-471E-4214-95EA-F4D0DBF0A842}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BE82B719-2850-4CE8-B135-A55E0D3C4696}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CD200E5-FAD9-49A7-820D-B510A960B1F5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{68AB5976-6F43-4F88-BC18-EF7C82FFB49E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DEF04BEA-E135-44A7-86C4-A854CE47D3C7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8960ED00-C316-4688-975E-6C868DA1692B}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0B3E0574-0F0D-4D45-B0D2-A4DEAE83B81B}C:\\ut2004\\system\\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{43692AD4-B708-45E4-AEA9-EDC60D0F652E}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{EE8BB688-0198-439C-AADD-FAF03A55A1F2}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 16:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 03:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1249e5a1-f85e-11dc-a660-001d60bb2a24}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88bc10b-1e19-11dd-bd96-806e6f6e6963}]
\shell\Auto\command - H:\Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-02 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 20:13:27
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\iifcBrsQ.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Windows\system32\sdppiykw.dll
-> C:\Windows\system32\pcfbrquh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 20:17:42 - machine was rebooted [Jojo volthy]
ComboFix-quarantined-files.txt 2008-05-17 18:17:28
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
274 --- E O F --- 2008-05-10 01:02:28
5/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:09, on 17/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\OFFICE One 7.0\program\soffice.exe
C:\Program Files\OFFICE One 7.0\program\soffice.BIN
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifcBrsQ.dll,#1
O4 - HKLM\..\Run: [BMdb9eba86] Rundll32.exe "C:\Windows\system32\jcrcuaaj.dll",s
O4 - HKLM\..\Run: [d8ad891a] rundll32.exe "C:\Windows\system32\nmsdbkuu.dll",b
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
Les étapes 1 et 2 n'ont rien donné.
Voici les rapports avec les logiciels suivants.
Je pense qu'il y a encore le virus sur mon pc, le centre de sécurité windows me l'a encore détecté. Avast a détecté encore un virus (mais pas le même nom), je crois qu'il a réussi à le supprimer, je tente un nouvea scan demain.
Sinon Mozilla Firefox marche un peu quand il veut, j'ai pu naviguer tranquil pendant une demi heure et maintenant il rame à nouveau :/. L'explorateur de Windows bugue encore plus j'ai l'impression.
3/
[05/17/2008, 19:59:56] - VirtumundoBeGone v1.5 ( "C:\Users\Jojo volthy\Desktop\VirtumundoBeGone.exe" )
[05/17/2008, 20:00:00] - Detected System Information:
[05/17/2008, 20:00:00] - Windows Version: 6.0.6000,
[05/17/2008, 20:00:00] - Current Username: Jojo volthy (Admin)
[05/17/2008, 20:00:00] - Windows is in NORMAL mode.
[05/17/2008, 20:00:00] - Searching for Browser Helper Objects:
[05/17/2008, 20:00:00] - BHO 1: {1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\geBuVmnO
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\geBuVmnO, continuing.
[05/17/2008, 20:00:00] - BHO 2: {1F5353F8-6D09-49DC-9A6D-7C2AF63854AF} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\hgGaxvst
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\hgGaxvst, continuing.
[05/17/2008, 20:00:00] - BHO 3: {491BFC82-44DD-409B-A63D-C087DA3266F3} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 4: {4C8890BF-8DA4-420F-8C79-318AA8E7B83C} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 5: {5683C35C-8665-4519-8C29-4DC39E4BEBAC} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 6: {6870827C-5130-42AF-BE62-A12FA0BC37FA} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/17/2008, 20:00:00] - BHO 8: {9030D464-4C0
2-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/17/2008, 20:00:00] - BHO 9: {A146199B-5B00-48AC-99E0-58211C33D894} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - BHO 10: {A7E81B89-DF38-40C8-A767-6FBECB65B862} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - Checking for HKLM\...\Winlogon\Notify\efcAPHYP
[05/17/2008, 20:00:00] - Key not found: HKLM\...\Winlogon\Notify\efcAPHYP, continuing.
[05/17/2008, 20:00:00] - BHO 11: {FD0FE59E-818C-4D88-97FA-0F7C4AF413B1} ()
[05/17/2008, 20:00:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/17/2008, 20:00:00] - No filename found. Continuing.
[05/17/2008, 20:00:00] - Finished Searching Browser Helper Objects
[05/17/2008, 20:00:00] - Finishing up...
[05/17/2008, 20:00:00] - Nothing found! Exiting...
4/
ComboFix 08-05-15.3 - Jojo volthy 2008-05-17 20:07:43.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1076 [GMT 2:00]
Endroit: C:\Users\Jojo volthy\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\System32\aHghknpo.ini
C:\Windows\System32\aHghknpo.ini2
C:\Windows\System32\blguidpn.ini
C:\Windows\System32\ccKkRXyb.ini
C:\Windows\System32\ccKkRXyb.ini2
C:\Windows\system32\exahjwxj.ini
C:\Windows\system32\gtgvyutj.exe
C:\Windows\system32\hjvfvour.ini
C:\Windows\system32\iukommby.ini
C:\Windows\system32\jkigehoo.ini
C:\Windows\system32\jopokttj.exe
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mimvwolg.ini
C:\Windows\system32\mnVvGOYb.ini
C:\Windows\System32\mnVvGOYb.ini2
C:\Windows\system32\mqwyjhjh.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\nxqfcvja.exe
C:\Windows\System32\OnmVuBeg.ini
C:\Windows\System32\OnmVuBeg.ini2
C:\Windows\system32\pac.txt
C:\Windows\System32\qqpoWyxx.ini
C:\Windows\System32\qqpoWyxx.ini2
C:\Windows\System32\rsBHOqru.ini
C:\Windows\System32\rsBHOqru.ini2
C:\Windows\system32\RuCIQWFe.ini
C:\Windows\System32\RuCIQWFe.ini2
C:\Windows\System32\tsvxaGgh.ini
C:\Windows\System32\tsvxaGgh.ini2
C:\Windows\System32\uvyGOqss.ini
C:\Windows\System32\uvyGOqss.ini2
C:\Windows\System32\uwFLRXbc.ini
C:\Windows\System32\uwFLRXbc.ini2
C:\Windows\System32\wkyippds.ini
C:\Windows\System32\XGPporCf.ini
C:\Windows\System32\XGPporCf.ini2
C:\Windows\system32\ydmfgcss.exe
C:\Windows\System32\yGPppXyb.ini
C:\Windows\System32\yGPppXyb.ini2
C:\Windows\system32\yhnbcsoa.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 18:05 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\OFFICEOne7
2008-05-17 15:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 13:54 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-17 13:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 12:30 --------- d-----w C:\ProgramData\Lavasoft
2008-05-17 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 12:24 --------- d-----w C:\Program Files\K-Meleon
2008-05-17 12:19 5,528,000 ----a-w C:\Users\Jojo volthy\K-Meleon1.1.5fr-FR.exe
2008-05-17 10:48 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\uTorrent
2008-05-17 10:27 --------- d-----w C:\Program Files\MAIET
2008-05-17 08:41 2,751,368 ----a-w C:\Users\Jojo volthy\ccleaner_ccleaner_2.06.567_francais_14492.exe
2008-05-17 08:41 --------- d-----w C:\Program Files\CCleaner
2008-05-17 08:34 94,403 ----a-w C:\Users\Jojo volthy\install_CCleaner_.exe
2008-05-16 20:36 --------- d-----w C:\Program Files\JkDefrag
2008-05-16 20:31 895,351 ----a-w C:\Users\Jojo volthy\JkDefrag_3.26_Fr_full.exe
2008-05-16 20:26 6,115,448 ----a-w C:\Users\Jojo volthy\Firefox Setup 2.0.0.14.exe
2008-05-16 19:37 21,364,592 ----a-w C:\Users\Jojo volthy\Lavasoft_Adaware2007_fr.exe
2008-05-16 15:25 --------- d-----w C:\Program Files\Last.fm
2008-05-14 15:52 46,296 ----a-w C:\Users\Jojo volthy\the.emperors.new.groove.(2000).eng.2cd.(3165983).zip
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 05:38 --------- d-----w C:\Program Files\winvi
2008-05-10 05:18 86,016 ----a-w C:\Users\Jojo volthy\ctfmon.exe
2008-05-10 05:18 462 ----a-w C:\Users\Jojo volthy\820.bat
2008-05-02 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 09:41 --------- d-----w C:\Program Files\Java
2008-04-24 09:40 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 10:11 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\Grisoft
2008-04-04 10:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-31 15:31 --------- d-----w C:\Program Files\VideoLAN
2008-03-31 14:18 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-28 22:04 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\dvdcss
2008-03-23 02:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-22 20:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E}]
C:\Windows\system32\geBuVmnO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5353F8-6D09-49DC-9A6D-7C2AF63854AF}]
2008-05-17 15:18 374784 --a------ C:\Windows\system32\hgGaxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{491BFC82-44DD-409B-A63D-C087DA3266F3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C8890BF-8DA4-420F-8C79-318AA8E7B83C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5683C35C-8665-4519-8C29-4DC39E4BEBAC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6870827C-5130-42AF-BE62-A12FA0BC37FA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A146199B-5B00-48AC-99E0-58211C33D894}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0FE59E-818C-4D88-97FA-0F7C4AF413B1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-21 09:32 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 15:32 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 15:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-21 10:07 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-21 10:07 37232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSServer"="C:\Windows\system32\iifcBrsQ.dll" [2008-05-10 07:18 28672]
"d8ad891a"="C:\Windows\system32\sdppiykw.dll" [2008-05-17 15:27 95232]
"BMdb9eba86"="C:\Windows\system32\pcfbrquh.dll" [2008-05-17 15:19 109568]
C:\Users\Jojo volthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-11 02:22:51 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A7E81B89-DF38-40C8-A767-6FBECB65B862}"= C:\Windows\system32\iifcBrsQ.dll [2008-05-10 07:18 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1020043157-3693544692-2271888537-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13FD4987-E858-412C-B6F6-A649D81EC956}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A89E4C51-15B0-4648-872E-1A5849EBF49F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{286CCDE0-7ABE-45FE-8C11-28BD73BF79FA}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17433FDF-2A26-4ED3-A2B6-EC4206C09C8E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{20275DD6-0687-4F1D-AE29-65A5FF6E4A16}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{EE74357F-5E6E-46BF-9662-3D6FFB3C8477}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6916FE0F-D2C4-46A8-9D2E-D1FEA990431D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57471293-71B1-43FE-8FC0-B0258CFBDBE7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60A6EF44-9154-4D5B-9FBF-27B7D034D981}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8F50E5C0-0333-4761-AA4B-D822CD884E4D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{73522192-A280-4915-8994-FD0E3A17E251}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94C28E8C-5CFC-4852-946D-90E41AE18661}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{CD963B00-7E09-4C1B-8A30-45D5BB95DF0B}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{E326354C-5657-44B7-9795-6618BED014CC}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{0379E54F-C8F7-4323-A812-3E6D38A9BCEA}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{91C1914C-BC96-4679-90AF-7CD844C49351}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{FD16748A-ED2A-41D8-BC53-57B46DDA73BA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6E50AC9E-8BA4-4EC6-980B-115C74DBF6E7}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{3C051FF9-5F92-4414-BB8C-1FCE2C720CB9}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{718FDF9B-1333-4BAC-8050-5C66421B9456}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{3586CEC6-5221-486A-90F6-1932AD259A52}D:\\world of padman\\wop.exe"= UDP:D:\world of padman\wop.exe:wop
"UDP Query User{2B84BE8E-4177-4B61-9280-26097205B264}D:\\world of padman\\wop.exe"= TCP:D:\world of padman\wop.exe:wop
"TCP Query User{273F951E-55E4-4817-A9A0-7256E938C7EB}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{BB7FBBC4-6696-4D27-8C01-B1029FC4389E}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{DBFA6A0D-8713-4639-9BE3-AE7DA7570837}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{7A33B02A-A8AE-4C73-ABD1-965751550893}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{1FC0390F-5C1E-4CF2-9FAF-32D2E1939195}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{D85099F7-777E-449C-82E1-D8C9966ACAED}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{E15D30F4-1F1B-4D00-AEC7-917A4FDBE9E8}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{87E48950-8FE9-4272-A4E7-519C43B0C6C2}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{D5F024AC-201B-4856-B277-4324DF758DE6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8CB6A584-0090-4BDB-A832-6687BD22AEE8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{85A3BAE6-C77E-42DC-BDF6-B10F6D1A72F9}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{425B0A67-C839-4E23-9368-78076F1B4406}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{6AEA874E-19E0-4014-BE98-999CE96FACD9}"= UDP:25585:BitComet 25585 TCP
"{2090E21A-AF3B-45F0-9C50-B2E643B38A88}"= TCP:25585:BitComet 25585 UDP
"{6518B568-73E9-453A-BF22-F411AE898D27}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{73D9F9EB-471E-4214-95EA-F4D0DBF0A842}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BE82B719-2850-4CE8-B135-A55E0D3C4696}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CD200E5-FAD9-49A7-820D-B510A960B1F5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{68AB5976-6F43-4F88-BC18-EF7C82FFB49E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DEF04BEA-E135-44A7-86C4-A854CE47D3C7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8960ED00-C316-4688-975E-6C868DA1692B}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0B3E0574-0F0D-4D45-B0D2-A4DEAE83B81B}C:\\ut2004\\system\\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{43692AD4-B708-45E4-AEA9-EDC60D0F652E}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{EE8BB688-0198-439C-AADD-FAF03A55A1F2}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 16:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 03:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1249e5a1-f85e-11dc-a660-001d60bb2a24}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88bc10b-1e19-11dd-bd96-806e6f6e6963}]
\shell\Auto\command - H:\Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-02 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 20:13:27
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\iifcBrsQ.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Windows\system32\sdppiykw.dll
-> C:\Windows\system32\pcfbrquh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 20:17:42 - machine was rebooted [Jojo volthy]
ComboFix-quarantined-files.txt 2008-05-17 18:17:28
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
274 --- E O F --- 2008-05-10 01:02:28
5/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:09, on 17/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\OFFICE One 7.0\program\soffice.exe
C:\Program Files\OFFICE One 7.0\program\soffice.BIN
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifcBrsQ.dll,#1
O4 - HKLM\..\Run: [BMdb9eba86] Rundll32.exe "C:\Windows\system32\jcrcuaaj.dll",s
O4 - HKLM\..\Run: [d8ad891a] rundll32.exe "C:\Windows\system32\nmsdbkuu.dll",b
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
analyse ce fichier sur virus total et si infécté tu le vire: https://www.virustotal.com/gui/
C:\Users\Jojo volthy\the.emperors.new.groove.(2000).eng.2cd.(3165983).zip
___________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\iifcBrsQ.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\system32\sdppiykw.dll
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\geBuVmnO.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\system32\nmsdbkuu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5353F8-6D09-49DC-9A6D-7C2AF63854AF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{491BFC82-44DD-409B-A63D-C087DA3266F3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C8890BF-8DA4-420F-8C79-318AA8E7B83C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5683C35C-8665-4519-8C29-4DC39E4BEBAC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6870827C-5130-42AF-BE62-A12FA0BC37FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A146199B-5B00-48AC-99E0-58211C33D894}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0FE59E-818C-4D88-97FA-0F7C4AF413B1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"d8ad891a"=-
"BMdb9eba86"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
C:\Users\Jojo volthy\the.emperors.new.groove.(2000).eng.2cd.(3165983).zip
___________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\iifcBrsQ.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\system32\sdppiykw.dll
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\geBuVmnO.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\system32\nmsdbkuu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E94663B-AFB2-40C6-AC33-F6A6FB4ED39E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5353F8-6D09-49DC-9A6D-7C2AF63854AF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{491BFC82-44DD-409B-A63D-C087DA3266F3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C8890BF-8DA4-420F-8C79-318AA8E7B83C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5683C35C-8665-4519-8C29-4DC39E4BEBAC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6870827C-5130-42AF-BE62-A12FA0BC37FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A146199B-5B00-48AC-99E0-58211C33D894}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0FE59E-818C-4D88-97FA-0F7C4AF413B1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"d8ad891a"=-
"BMdb9eba86"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
voilà les nouveaux rapports.
Je ne sais pas encore si ça a vraiment "marché", tout semble bien fonctionner mais il faut voir à long terme. Le scan de Kaspersky ne m'a pas vraiment apporté grand chose, il n'a du moins rien détecté.
J'ai supprimé le fichier que tu m'as dit d'analyser, dans tous les cas il ne me sert plus.
Mozilla a l'air de bien marcher, on verra à la longue.
rapports
Combofix
ComboFix 08-05-15.3 - Jojo volthy 2008-05-18 11:30:33.2 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1024 [GMT 2:00]
Endroit: C:\Users\Jojo volthy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jojo volthy\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\geBuVmnO.dll
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\iifcBrsQ.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\system32\nmsdbkuu.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\system32\sdppiykw.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\System32\jtbrjupg.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nmsdbkuu.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\System32\xdqlwfqf.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:26 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\uTorrent
2008-05-18 09:26 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-18 09:19 375,808 ----a-w C:\Windows\System32\nnnkLcYr.dll
2008-05-17 20:52 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\OFFICEOne7
2008-05-17 19:38 95,232 ------w C:\Windows\System32\gpujrbtj.dll
2008-05-17 19:24 118,784 ----a-w C:\Windows\System32\vikwfmwu.dll
2008-05-17 19:22 109,568 ----a-w C:\Windows\System32\xtjuxnqa.dll
2008-05-17 19:18 109,568 ----a-w C:\Windows\System32\jymbkttx.dll
2008-05-17 19:09 95,232 ------w C:\Windows\System32\fqfwlqdx.dll
2008-05-17 18:23 --------- d-----w C:\Program Files\Trend Micro
2008-05-17 15:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 15:47 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-17 14:54 374,784 ----a-w C:\Windows\System32\ssqOGyvu.dll
2008-05-17 13:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 12:30 --------- d-----w C:\ProgramData\Lavasoft
2008-05-17 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 12:24 --------- d-----w C:\Program Files\K-Meleon
2008-05-17 12:19 5,528,000 ----a-w C:\Users\Jojo volthy\K-Meleon1.1.5fr-FR.exe
2008-05-17 11:58 109,568 ----a-w C:\Windows\System32\pckslnsj.dll
2008-05-17 11:57 374,784 ----a-w C:\Windows\System32\opnkhgHa.dll
2008-05-17 10:42 109,568 ----a-w C:\Windows\System32\ywligsrk.dll
2008-05-17 10:41 374,784 ----a-w C:\Windows\System32\fCropPGX.dll
2008-05-17 08:41 2,751,368 ----a-w C:\Users\Jojo volthy\ccleaner_ccleaner_2.06.567_francais_14492.exe
2008-05-17 08:41 --------- d-----w C:\Program Files\CCleaner
2008-05-17 08:34 94,403 ----a-w C:\Users\Jojo volthy\install_CCleaner_.exe
2008-05-16 20:39 108,544 ----a-w C:\Windows\System32\ajbvltps.dll
2008-05-16 20:38 375,296 ----a-w C:\Windows\System32\byXppPGy.dll
2008-05-16 20:36 --------- d-----w C:\Program Files\JkDefrag
2008-05-16 20:31 895,351 ----a-w C:\Users\Jojo volthy\JkDefrag_3.26_Fr_full.exe
2008-05-16 20:26 6,115,448 ----a-w C:\Users\Jojo volthy\Firefox Setup 2.0.0.14.exe
2008-05-16 19:37 21,364,592 ----a-w C:\Users\Jojo volthy\Lavasoft_Adaware2007_fr.exe
2008-05-16 18:36 108,544 ----a-w C:\Windows\System32\aagbhxru.dll
2008-05-16 18:35 375,296 ----a-w C:\Windows\System32\bYOGvVnm.dll
2008-05-16 18:30 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-16 15:28 375,296 ----a-w C:\Windows\System32\eFWQICuR.dll
2008-05-16 15:28 108,544 ----a-w C:\Windows\System32\acwxtxkd.dll
2008-05-16 15:25 --------- d-----w C:\Program Files\Last.fm
2008-05-15 15:43 108,544 ----a-w C:\Windows\System32\yppnbimm.dll
2008-05-14 17:56 108,096 ----a-w C:\Windows\System32\ouaryuyr.dll
2008-05-14 17:23 94,208 ----a-w C:\Windows\System32\iylbcgtm.dll
2008-05-14 17:17 374,272 ----a-w C:\Windows\System32\byXRkKcc.dll
2008-05-14 17:17 108,032 ----a-w C:\Windows\System32\kuwhghnx.dll
2008-05-14 15:13 108,096 ----a-w C:\Windows\System32\ritugwjx.dll
2008-05-13 19:44 109,632 ----a-w C:\Windows\System32\txusnrhe.dll
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 23:07 109,056 ----a-w C:\Windows\System32\ysmhouvb.dll
2008-05-11 20:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-05-10 17:29 110,080 ----a-w C:\Windows\System32\wfnbwrkm.dll
2008-05-10 05:38 --------- d-----w C:\Program Files\winvi
2008-05-10 05:18 86,016 ----a-w C:\Users\Jojo volthy\ctfmon.exe
2008-05-10 05:18 462 ----a-w C:\Users\Jojo volthy\820.bat
2008-05-10 05:18 28,672 ----a-w C:\Windows\System32\byXNgfGW.dll
2008-05-03 17:30 47,104 ----a-w C:\Windows\System32\KMVIDC32.DLL
2008-05-02 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 09:41 --------- d-----w C:\Program Files\Java
2008-04-24 09:40 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 10:11 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\Grisoft
2008-04-04 10:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-31 15:31 --------- d-----w C:\Program Files\VideoLAN
2008-03-31 14:18 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-28 22:04 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\dvdcss
2008-03-23 02:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-22 20:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-21 12:04 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-15 17:36 202,240 ----a-w C:\Windows\System32\BE KIND REWIND.scr
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-21 09:32 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 15:32 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 15:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-21 10:07 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-21 10:07 37232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
C:\Users\Jojo volthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-11 02:22:51 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1020043157-3693544692-2271888537-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13FD4987-E858-412C-B6F6-A649D81EC956}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A89E4C51-15B0-4648-872E-1A5849EBF49F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{286CCDE0-7ABE-45FE-8C11-28BD73BF79FA}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17433FDF-2A26-4ED3-A2B6-EC4206C09C8E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{20275DD6-0687-4F1D-AE29-65A5FF6E4A16}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{EE74357F-5E6E-46BF-9662-3D6FFB3C8477}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6916FE0F-D2C4-46A8-9D2E-D1FEA990431D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57471293-71B1-43FE-8FC0-B0258CFBDBE7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60A6EF44-9154-4D5B-9FBF-27B7D034D981}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8F50E5C0-0333-4761-AA4B-D822CD884E4D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{73522192-A280-4915-8994-FD0E3A17E251}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94C28E8C-5CFC-4852-946D-90E41AE18661}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{CD963B00-7E09-4C1B-8A30-45D5BB95DF0B}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{E326354C-5657-44B7-9795-6618BED014CC}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{0379E54F-C8F7-4323-A812-3E6D38A9BCEA}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{91C1914C-BC96-4679-90AF-7CD844C49351}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{FD16748A-ED2A-41D8-BC53-57B46DDA73BA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6E50AC9E-8BA4-4EC6-980B-115C74DBF6E7}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{3C051FF9-5F92-4414-BB8C-1FCE2C720CB9}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{718FDF9B-1333-4BAC-8050-5C66421B9456}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{3586CEC6-5221-486A-90F6-1932AD259A52}D:\\world of padman\\wop.exe"= UDP:D:\world of padman\wop.exe:wop
"UDP Query User{2B84BE8E-4177-4B61-9280-26097205B264}D:\\world of padman\\wop.exe"= TCP:D:\world of padman\wop.exe:wop
"TCP Query User{273F951E-55E4-4817-A9A0-7256E938C7EB}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{BB7FBBC4-6696-4D27-8C01-B1029FC4389E}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{DBFA6A0D-8713-4639-9BE3-AE7DA7570837}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{7A33B02A-A8AE-4C73-ABD1-965751550893}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{1FC0390F-5C1E-4CF2-9FAF-32D2E1939195}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{D85099F7-777E-449C-82E1-D8C9966ACAED}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{E15D30F4-1F1B-4D00-AEC7-917A4FDBE9E8}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{87E48950-8FE9-4272-A4E7-519C43B0C6C2}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{D5F024AC-201B-4856-B277-4324DF758DE6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8CB6A584-0090-4BDB-A832-6687BD22AEE8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{85A3BAE6-C77E-42DC-BDF6-B10F6D1A72F9}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{425B0A67-C839-4E23-9368-78076F1B4406}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{6AEA874E-19E0-4014-BE98-999CE96FACD9}"= UDP:25585:BitComet 25585 TCP
"{2090E21A-AF3B-45F0-9C50-B2E643B38A88}"= TCP:25585:BitComet 25585 UDP
"{6518B568-73E9-453A-BF22-F411AE898D27}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{73D9F9EB-471E-4214-95EA-F4D0DBF0A842}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BE82B719-2850-4CE8-B135-A55E0D3C4696}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CD200E5-FAD9-49A7-820D-B510A960B1F5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{68AB5976-6F43-4F88-BC18-EF7C82FFB49E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DEF04BEA-E135-44A7-86C4-A854CE47D3C7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8960ED00-C316-4688-975E-6C868DA1692B}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0B3E0574-0F0D-4D45-B0D2-A4DEAE83B81B}C:\\ut2004\\system\\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{43692AD4-B708-45E4-AEA9-EDC60D0F652E}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{EE8BB688-0198-439C-AADD-FAF03A55A1F2}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 16:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 03:04]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 12:40]
S2 Personal Firewall;Personal Firewall;C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe []
S3 OPFSVC;OPFSVC;C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 10:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\Windows\system32\DRIVERS\se2Funic.sys [2006-11-10 10:55]
S3 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 08:42]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 07:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1249e5a1-f85e-11dc-a660-001d60bb2a24}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88bc10b-1e19-11dd-bd96-806e6f6e6963}]
\shell\Auto\command - H:\Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-02 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 11:37:20
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Jojo volthy\AppData\Local\Temp\~DF4790.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF48D1.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF7DEE.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF7E36.tmp
Scan termin‚ avec succŠs
Les fichiers cach‚s: 4
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 11:41:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 09:41:13
ComboFix2.txt 2008-05-17 18:17:43
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
291 --- E O F --- 2008-05-10 01:02:28
hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:39, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
Je ne sais pas encore si ça a vraiment "marché", tout semble bien fonctionner mais il faut voir à long terme. Le scan de Kaspersky ne m'a pas vraiment apporté grand chose, il n'a du moins rien détecté.
J'ai supprimé le fichier que tu m'as dit d'analyser, dans tous les cas il ne me sert plus.
Mozilla a l'air de bien marcher, on verra à la longue.
rapports
Combofix
ComboFix 08-05-15.3 - Jojo volthy 2008-05-18 11:30:33.2 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.1024 [GMT 2:00]
Endroit: C:\Users\Jojo volthy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jojo volthy\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\geBuVmnO.dll
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\iifcBrsQ.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\system32\nmsdbkuu.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\system32\sdppiykw.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\hgGaxvst.dll
C:\Windows\system32\jcrcuaaj.dll
C:\Windows\System32\jtbrjupg.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nmsdbkuu.dll
C:\Windows\system32\pcfbrquh.dll
C:\Windows\System32\xdqlwfqf.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 09:26 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\uTorrent
2008-05-18 09:26 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-18 09:19 375,808 ----a-w C:\Windows\System32\nnnkLcYr.dll
2008-05-17 20:52 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\OFFICEOne7
2008-05-17 19:38 95,232 ------w C:\Windows\System32\gpujrbtj.dll
2008-05-17 19:24 118,784 ----a-w C:\Windows\System32\vikwfmwu.dll
2008-05-17 19:22 109,568 ----a-w C:\Windows\System32\xtjuxnqa.dll
2008-05-17 19:18 109,568 ----a-w C:\Windows\System32\jymbkttx.dll
2008-05-17 19:09 95,232 ------w C:\Windows\System32\fqfwlqdx.dll
2008-05-17 18:23 --------- d-----w C:\Program Files\Trend Micro
2008-05-17 15:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 15:47 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-17 14:54 374,784 ----a-w C:\Windows\System32\ssqOGyvu.dll
2008-05-17 13:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-17 12:30 --------- d-----w C:\ProgramData\Lavasoft
2008-05-17 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 12:24 --------- d-----w C:\Program Files\K-Meleon
2008-05-17 12:19 5,528,000 ----a-w C:\Users\Jojo volthy\K-Meleon1.1.5fr-FR.exe
2008-05-17 11:58 109,568 ----a-w C:\Windows\System32\pckslnsj.dll
2008-05-17 11:57 374,784 ----a-w C:\Windows\System32\opnkhgHa.dll
2008-05-17 10:42 109,568 ----a-w C:\Windows\System32\ywligsrk.dll
2008-05-17 10:41 374,784 ----a-w C:\Windows\System32\fCropPGX.dll
2008-05-17 08:41 2,751,368 ----a-w C:\Users\Jojo volthy\ccleaner_ccleaner_2.06.567_francais_14492.exe
2008-05-17 08:41 --------- d-----w C:\Program Files\CCleaner
2008-05-17 08:34 94,403 ----a-w C:\Users\Jojo volthy\install_CCleaner_.exe
2008-05-16 20:39 108,544 ----a-w C:\Windows\System32\ajbvltps.dll
2008-05-16 20:38 375,296 ----a-w C:\Windows\System32\byXppPGy.dll
2008-05-16 20:36 --------- d-----w C:\Program Files\JkDefrag
2008-05-16 20:31 895,351 ----a-w C:\Users\Jojo volthy\JkDefrag_3.26_Fr_full.exe
2008-05-16 20:26 6,115,448 ----a-w C:\Users\Jojo volthy\Firefox Setup 2.0.0.14.exe
2008-05-16 19:37 21,364,592 ----a-w C:\Users\Jojo volthy\Lavasoft_Adaware2007_fr.exe
2008-05-16 18:36 108,544 ----a-w C:\Windows\System32\aagbhxru.dll
2008-05-16 18:35 375,296 ----a-w C:\Windows\System32\bYOGvVnm.dll
2008-05-16 18:30 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-16 15:28 375,296 ----a-w C:\Windows\System32\eFWQICuR.dll
2008-05-16 15:28 108,544 ----a-w C:\Windows\System32\acwxtxkd.dll
2008-05-16 15:25 --------- d-----w C:\Program Files\Last.fm
2008-05-15 15:43 108,544 ----a-w C:\Windows\System32\yppnbimm.dll
2008-05-14 17:56 108,096 ----a-w C:\Windows\System32\ouaryuyr.dll
2008-05-14 17:23 94,208 ----a-w C:\Windows\System32\iylbcgtm.dll
2008-05-14 17:17 374,272 ----a-w C:\Windows\System32\byXRkKcc.dll
2008-05-14 17:17 108,032 ----a-w C:\Windows\System32\kuwhghnx.dll
2008-05-14 15:13 108,096 ----a-w C:\Windows\System32\ritugwjx.dll
2008-05-13 19:44 109,632 ----a-w C:\Windows\System32\txusnrhe.dll
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 23:07 109,056 ----a-w C:\Windows\System32\ysmhouvb.dll
2008-05-11 20:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-05-10 17:29 110,080 ----a-w C:\Windows\System32\wfnbwrkm.dll
2008-05-10 05:38 --------- d-----w C:\Program Files\winvi
2008-05-10 05:18 86,016 ----a-w C:\Users\Jojo volthy\ctfmon.exe
2008-05-10 05:18 462 ----a-w C:\Users\Jojo volthy\820.bat
2008-05-10 05:18 28,672 ----a-w C:\Windows\System32\byXNgfGW.dll
2008-05-03 17:30 47,104 ----a-w C:\Windows\System32\KMVIDC32.DLL
2008-05-02 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 09:41 --------- d-----w C:\Program Files\Java
2008-04-24 09:40 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 10:11 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\Grisoft
2008-04-04 10:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-31 15:31 --------- d-----w C:\Program Files\VideoLAN
2008-03-31 14:18 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-28 22:04 --------- d-----w C:\Users\Jojo volthy\AppData\Roaming\dvdcss
2008-03-23 02:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-22 20:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-21 12:04 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-15 17:36 202,240 ----a-w C:\Windows\System32\BE KIND REWIND.scr
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-21 09:32 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 15:32 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 15:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-21 10:07 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-10-21 10:07 37232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
C:\Users\Jojo volthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-11 02:22:51 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 10:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 09:01:50 734872]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1020043157-3693544692-2271888537-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13FD4987-E858-412C-B6F6-A649D81EC956}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A89E4C51-15B0-4648-872E-1A5849EBF49F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{286CCDE0-7ABE-45FE-8C11-28BD73BF79FA}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17433FDF-2A26-4ED3-A2B6-EC4206C09C8E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{20275DD6-0687-4F1D-AE29-65A5FF6E4A16}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{EE74357F-5E6E-46BF-9662-3D6FFB3C8477}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6916FE0F-D2C4-46A8-9D2E-D1FEA990431D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57471293-71B1-43FE-8FC0-B0258CFBDBE7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60A6EF44-9154-4D5B-9FBF-27B7D034D981}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8F50E5C0-0333-4761-AA4B-D822CD884E4D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{73522192-A280-4915-8994-FD0E3A17E251}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94C28E8C-5CFC-4852-946D-90E41AE18661}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{CD963B00-7E09-4C1B-8A30-45D5BB95DF0B}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{E326354C-5657-44B7-9795-6618BED014CC}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{0379E54F-C8F7-4323-A812-3E6D38A9BCEA}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{91C1914C-BC96-4679-90AF-7CD844C49351}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{FD16748A-ED2A-41D8-BC53-57B46DDA73BA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6E50AC9E-8BA4-4EC6-980B-115C74DBF6E7}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{3C051FF9-5F92-4414-BB8C-1FCE2C720CB9}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{718FDF9B-1333-4BAC-8050-5C66421B9456}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{3586CEC6-5221-486A-90F6-1932AD259A52}D:\\world of padman\\wop.exe"= UDP:D:\world of padman\wop.exe:wop
"UDP Query User{2B84BE8E-4177-4B61-9280-26097205B264}D:\\world of padman\\wop.exe"= TCP:D:\world of padman\wop.exe:wop
"TCP Query User{273F951E-55E4-4817-A9A0-7256E938C7EB}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{BB7FBBC4-6696-4D27-8C01-B1029FC4389E}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{DBFA6A0D-8713-4639-9BE3-AE7DA7570837}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{7A33B02A-A8AE-4C73-ABD1-965751550893}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{1FC0390F-5C1E-4CF2-9FAF-32D2E1939195}C:\\program files\\maiet\\gunz\\gunz.exe"= UDP:C:\program files\maiet\gunz\gunz.exe:Gunz
"UDP Query User{D85099F7-777E-449C-82E1-D8C9966ACAED}C:\\program files\\maiet\\gunz\\gunz.exe"= TCP:C:\program files\maiet\gunz\gunz.exe:Gunz
"TCP Query User{E15D30F4-1F1B-4D00-AEC7-917A4FDBE9E8}D:\\urban terror\\iourbanterror.exe"= UDP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{87E48950-8FE9-4272-A4E7-519C43B0C6C2}D:\\urban terror\\iourbanterror.exe"= TCP:D:\urban terror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{D5F024AC-201B-4856-B277-4324DF758DE6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8CB6A584-0090-4BDB-A832-6687BD22AEE8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{85A3BAE6-C77E-42DC-BDF6-B10F6D1A72F9}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{425B0A67-C839-4E23-9368-78076F1B4406}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"{6AEA874E-19E0-4014-BE98-999CE96FACD9}"= UDP:25585:BitComet 25585 TCP
"{2090E21A-AF3B-45F0-9C50-B2E643B38A88}"= TCP:25585:BitComet 25585 UDP
"{6518B568-73E9-453A-BF22-F411AE898D27}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{73D9F9EB-471E-4214-95EA-F4D0DBF0A842}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BE82B719-2850-4CE8-B135-A55E0D3C4696}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CD200E5-FAD9-49A7-820D-B510A960B1F5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{68AB5976-6F43-4F88-BC18-EF7C82FFB49E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DEF04BEA-E135-44A7-86C4-A854CE47D3C7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8960ED00-C316-4688-975E-6C868DA1692B}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0B3E0574-0F0D-4D45-B0D2-A4DEAE83B81B}C:\\ut2004\\system\\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{43692AD4-B708-45E4-AEA9-EDC60D0F652E}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{EE8BB688-0198-439C-AADD-FAF03A55A1F2}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 16:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 03:04]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 12:40]
S2 Personal Firewall;Personal Firewall;C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe []
S3 OPFSVC;OPFSVC;C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Fbus.sys [2006-11-10 10:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 10:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\Windows\system32\DRIVERS\se2Funic.sys [2006-11-10 10:55]
S3 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 08:42]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 07:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1249e5a1-f85e-11dc-a660-001d60bb2a24}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88bc10b-1e19-11dd-bd96-806e6f6e6963}]
\shell\Auto\command - H:\Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-02 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 11:37:20
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Jojo volthy\AppData\Local\Temp\~DF4790.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF48D1.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF7DEE.tmp
C:\Users\Jojo volthy\AppData\Local\Temp\~DF7E36.tmp
Scan termin‚ avec succŠs
Les fichiers cach‚s: 4
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 11:41:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 09:41:13
ComboFix2.txt 2008-05-17 18:17:43
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
291 --- E O F --- 2008-05-10 01:02:28
hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:39, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________
recolle ensuite un rapport combofix
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________
recolle ensuite un rapport combofix
