Sujet Précédent Sujet Suivant

Je suis infecté de trojan.

Slamy Messages postés 22 Statut Membre -  
 Le sioux -
Bonjour,j'y comprend plus rien j'ai eu une mauvaise surprise quand j'ai été sur internet explorer. En une fraction de seconde, j'ai été infecté d'un paquet de trojans. Mon logiciel anti-virus (Avast) a réussi en a trouver deux : Win32:Vundo@dll [Trj] dont le nom du fichier est C:\WINDOWS\SYSTEM32\NOACWEUD.DLL. Le deuxième trojant est celui-ci :win32: Trojan-gen (other).J'ai fait un scan avec HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:23, on 2008-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/worldwide/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\opnnopon.dll
O2 - BHO: (no name) - {5474E4C8-704A-48EB-9766-0B37FF9F5B6D} - C:\WINDOWS\system32\pmnmnNDU.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CBAF5409-26F0-4F8B-AE61-D83549C72378} (WebLauncher Control) - http://211.233.57.195/zeonix/NESPatch/WebLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O20 - Winlogon Notify: opnnopon - C:\WINDOWS\SYSTEM32\opnnopon.dll
O20 - Winlogon Notify: __c0084283 - C:\WINDOWS\system32\__c0084283.dat
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
Slamy Messages postés 22 Statut Membre
 
Rapport ComboFix :

ComboFix 08-05-28.1 - Owner 2008-05-28 18:35:01.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.150 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\2.tmp
C:\3.tmp
C:\4.tmp
C:\5.tmp
C:\6.tmp
C:\6EA.tmp
C:\7.tmp
C:\Documents and Settings\Owner\ftp34.dll
C:\WINDOWS\system32\1112.dat
C:\WINDOWS\system32\ansig.exe
C:\WINDOWS\system32\ftp34.dll
C:\WINDOWS\system32\spywarewarning.mht
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.tmp
C:\3.tmp
C:\4.tmp
C:\5.tmp
C:\6.tmp
C:\6EA.tmp
C:\7.tmp
C:\Documents and Settings\Owner\ftp34.dll
C:\Program Files\Lx_cats
C:\Program Files\Lx_cats\20M01853000D2C6.A00
C:\Program Files\Lx_cats\lxcfCATS.INI
C:\WINDOWS\system32\1112.dat
C:\WINDOWS\system32\ansig.exe
C:\WINDOWS\system32\ftp34.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\__c0084283.dat
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\obqnarxu.dll
C:\WINDOWS\system32\pmnmnNDU.dll
C:\WINDOWS\system32\spywarewarning.mht
C:\WINDOWS\system32\UDNnmnmp.ini
C:\WINDOWS\system32\yajfhtwt.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 17:26 . 2008-05-28 17:26 1,887,265 --a------ C:\upload_moi_YOUR-1ACFF78AAC.tar.gz
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 16:43 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 16:28 . 2008-05-28 17:12 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht
2008-05-28 16:27 . 2004-08-05 15:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-28 16:20 . 2008-05-28 16:20 5,120 --a------ C:\WINDOWS\system32\config\systemprofile\ftp34.dll
2008-05-27 21:48 . 2008-05-27 21:48 <REP> d-------- C:\_OTMoveIt
2008-05-27 21:42 . 2008-05-28 16:00 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-27 21:18 . 2008-05-28 16:35 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-05-27 16:13 . 2008-05-27 16:13 33,745 ---hs---- C:\WINDOWS\system32\duewcaon.ini
2008-05-27 16:06 . 2008-05-28 17:09 59,904 --------- C:\WINDOWS\system32\opnnopon.dll
2008-05-17 12:38 . 2004-08-05 15:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-05-16 14:55 . 2008-05-16 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-16 14:55 . 2007-04-27 11:12 78,784 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-05-15 21:08 . 2008-05-15 21:08 <REP> d-------- C:\mGame
2008-05-15 16:12 . 2008-05-15 16:12 <REP> d-------- C:\WINDOWS\system32\SolidStateNetworks
2008-05-03 14:36 . 2008-05-03 14:36 <REP> d-------- C:\Program Files\WiFiConnector

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:09 24,576 ------w C:\WINDOWS\system32\basejax32.dll
2008-05-28 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-27 21:11 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2008-05-26 01:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-16 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 18:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 18:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-25 20:08 --------- d-----w C:\Program Files\DofusArena2
2008-04-22 19:25 --------- d-----w C:\Program Files\Ankama Games
2008-04-19 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-19 03:46 --------- d-----w C:\Program Files\Creative
2008-04-19 03:45 --------- d--h--w C:\Program Files\Creative Installation Information
2008-04-17 23:49 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-14 01:07 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-14 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Dealio
2008-04-14 00:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-04-14 00:38 --------- d-----w C:\Program Files\Ahead
2008-04-14 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-14 00:37 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-04-13 17:30 --------- d-----w C:\Program Files\Fichiers communs\Creative
2008-04-12 15:53 --------- d-----w C:\Program Files\FLV Player
2008-04-12 15:30 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-04-12 15:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-04-06 03:04 --------- d-----w C:\Program Files\GUILD WARS
2008-03-31 02:28 --------- d-----w C:\Program Files\Windows Live
2008-03-31 02:28 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-30 22:53 --------- d-----w C:\Program Files\Matroska Playback Pack
2008-03-30 16:32 --------- d-----w C:\Program Files\AruaROSE
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-30 04:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 04:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-30 04:44 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 16:35 --------- d-----w C:\Program Files\Project64 1.6
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_18.06.30.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 21:16:11 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-28 22:05:47 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-28 21:16:11 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-28 22:05:48 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-28 21:16:11 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-28 22:05:47 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-28 21:16:11 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-28 22:05:48 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 16:14 68856]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-05-03 14:36:46 1073152]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Wireless-B PCI Adapter Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2007-11-03 19:12:28 4638720]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\WINDOWS\\system32\\lxcfcoms.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dofus-Arena beta 2\\DofusArena.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ankama Games\\DofusArenaBeta2\\DofusArena.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26114:TCP"= 26114:TCP:*:Disabled:SolidNetworkManager
"26114:UDP"= 26114:UDP:*:Disabled:SolidNetworkManager
"41645:TCP"= 41645:TCP:*:Disabled:SolidNetworkManager
"41645:UDP"= 41645:UDP:*:Disabled:SolidNetworkManager
"32786:TCP"= 32786:TCP:*:Disabled:SolidNetworkManager
"32786:UDP"= 32786:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-07-10 11:09]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
S3 XDva119;XDva119;C:\WINDOWS\system32\XDva119.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-23 22:46:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-27 20:21:33 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-07 02:15:02 C:\WINDOWS\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-12 03:00:00 C:\WINDOWS\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-28 00:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:37:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 18:38:31
ComboFix-quarantined-files.txt 2008-05-28 22:38:17

Pre-Run: 139,823,894,528 octets libres
Post-Run: 139,816,022,016 octets libres

191 --- E O F --- 2008-05-19 05:06:04

Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:38, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CBAF5409-26F0-4F8B-AE61-D83549C72378} (WebLauncher Control) - http://211.233.57.195/zeonix/NESPatch/WebLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
0
Réponse 22 / 28
Utilisateur anonyme
 
on va faire une deuxieme passe
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\__c0084283.dat
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\obqnarxu.dll
C:\WINDOWS\system32\pmnmnNDU.dll
C:\WINDOWS\system32\spywarewarning.mht
C:\WINDOWS\system32\UDNnmnmp.ini
C:\WINDOWS\system32\yajfhtwt.dll
D:\Autorun.inf
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc00C.dat
C:\WINDOWS\system32\perfc00C.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfh00C.dat
C:\WINDOWS\system32\perfh00C.dat

Folder::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat­ions\List]
"%windir%\\system32\\sessmgr.exe"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 23 / 28
Slamy Messages postés 22 Statut Membre
 
Rapport de ComboFix :

ComboFix 08-05-28.1 - Owner 2008-05-28 18:51:36.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.137 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\__c0084283.dat
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\obqnarxu.dll
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc00C.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfh00C.dat
C:\WINDOWS\system32\pmnmnNDU.dll
C:\WINDOWS\system32\spywarewarning.mht
C:\WINDOWS\system32\UDNnmnmp.ini
C:\WINDOWS\system32\yajfhtwt.dll
D:\Autorun.inf
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc00C.dat
C:\WINDOWS\system32\perfh009.dat
C:\WINDOWS\system32\perfh00C.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 17:26 . 2008-05-28 17:26 1,887,265 --a------ C:\upload_moi_YOUR-1ACFF78AAC.tar.gz
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 16:43 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 16:28 . 2008-05-28 17:12 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht
2008-05-28 16:27 . 2004-08-05 15:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-28 16:20 . 2008-05-28 16:20 5,120 --a------ C:\WINDOWS\system32\config\systemprofile\ftp34.dll
2008-05-27 21:48 . 2008-05-27 21:48 <REP> d-------- C:\_OTMoveIt
2008-05-27 21:42 . 2008-05-28 16:00 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-27 21:18 . 2008-05-28 16:35 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-05-27 16:13 . 2008-05-27 16:13 33,745 ---hs---- C:\WINDOWS\system32\duewcaon.ini
2008-05-27 16:06 . 2008-05-28 17:09 59,904 --------- C:\WINDOWS\system32\opnnopon.dll
2008-05-17 12:38 . 2004-08-05 15:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-05-16 14:55 . 2008-05-16 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-16 14:55 . 2007-04-27 11:12 78,784 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-05-15 21:08 . 2008-05-15 21:08 <REP> d-------- C:\mGame
2008-05-15 16:12 . 2008-05-15 16:12 <REP> d-------- C:\WINDOWS\system32\SolidStateNetworks
2008-05-03 14:36 . 2008-05-03 14:36 <REP> d-------- C:\Program Files\WiFiConnector

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:09 24,576 ------w C:\WINDOWS\system32\basejax32.dll
2008-05-28 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-27 21:11 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2008-05-26 01:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-16 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 18:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 18:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-25 20:08 --------- d-----w C:\Program Files\DofusArena2
2008-04-22 19:25 --------- d-----w C:\Program Files\Ankama Games
2008-04-19 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-19 03:46 --------- d-----w C:\Program Files\Creative
2008-04-19 03:45 --------- d--h--w C:\Program Files\Creative Installation Information
2008-04-17 23:49 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-14 01:07 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-14 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Dealio
2008-04-14 00:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-04-14 00:38 --------- d-----w C:\Program Files\Ahead
2008-04-14 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-14 00:37 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-04-13 17:30 --------- d-----w C:\Program Files\Fichiers communs\Creative
2008-04-12 15:53 --------- d-----w C:\Program Files\FLV Player
2008-04-12 15:30 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-04-12 15:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-04-06 03:04 --------- d-----w C:\Program Files\GUILD WARS
2008-03-31 02:28 --------- d-----w C:\Program Files\Windows Live
2008-03-31 02:28 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-30 22:53 --------- d-----w C:\Program Files\Matroska Playback Pack
2008-03-30 16:32 --------- d-----w C:\Program Files\AruaROSE
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-30 04:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 04:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-30 04:44 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 16:35 --------- d-----w C:\Program Files\Project64 1.6
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 16:14 68856]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-05-03 14:36:46 1073152]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Wireless-B PCI Adapter Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2007-11-03 19:12:28 4638720]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\WINDOWS\\system32\\lxcfcoms.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dofus-Arena beta 2\\DofusArena.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ankama Games\\DofusArenaBeta2\\DofusArena.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26114:TCP"= 26114:TCP:*:Disabled:SolidNetworkManager
"26114:UDP"= 26114:UDP:*:Disabled:SolidNetworkManager
"41645:TCP"= 41645:TCP:*:Disabled:SolidNetworkManager
"41645:UDP"= 41645:UDP:*:Disabled:SolidNetworkManager
"32786:TCP"= 32786:TCP:*:Disabled:SolidNetworkManager
"32786:UDP"= 32786:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-07-10 11:09]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
S3 XDva119;XDva119;C:\WINDOWS\system32\XDva119.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-23 22:46:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-27 20:21:33 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-07 02:15:02 C:\WINDOWS\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-12 03:00:00 C:\WINDOWS\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-28 00:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:53:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 18:54:54
ComboFix-quarantined-files.txt 2008-05-28 22:54:25

Pre-Run: 139,797,176,320 octets libres
Post-Run: 139,793,027,072 octets libres

159 --- E O F --- 2008-05-19 05:06:04

Rapport de HiJackTHis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:19, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CBAF5409-26F0-4F8B-AE61-D83549C72378} (WebLauncher Control) - http://211.233.57.195/zeonix/NESPatch/WebLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
0
Réponse 24 / 28
Utilisateur anonyme
 
parfait ton pc n est plus infecté

réouvre hijackthis
fais scan only
coche ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CBAF5409-26F0-4F8B-AE61-D83549C72378} (WebLauncher Control) - http://211.233.57.195/zeonix/NESPatch/WebLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

tu les coche et tu clic sur fix cheked

ensuite

internet explorer n est pas a jours telecharge et instal cette version :

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

ensuite :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility

tu n as pas de parefeu :

pare-feu gratuits

télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/
désactivé les parties filtrage web et antivirus de ZA ! C'est important

ou

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/

ou

ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225

ensuite :

telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien

ensuite fais registre

fais chercher les erreures

ensuite fais corriger les erreures

repete l opération jusqu a ce qu il trouve rien

et pour finir refais un scan hijackthis et poste moi le rapport stp

A demain on finira gentiment bonne nuit et bonne lecture ciao
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
Slamy Messages postés 22 Statut Membre
 
Merci beaucoup, tu es génial! J'ai une question par exemple, comment je fait pour supprimer le logiciel WinAntivirusPro, il est encore là, mais pas actif, il ne reste que le .exe. Voilà le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:51, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 26 / 28
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe

Folder::
C:\Program Files\WinAntivirusPro3.8

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 27 / 28
Slamy Messages postés 22 Statut Membre
 
Ok merci beaucoup! Sur ce je vais aller dormir, à demain! Voilà les rapports :

Rapport de ComboFix :

ComboFix 08-05-28.1 - Owner 2008-05-28 22:21:21.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT -4:00]
Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 19:53 . 2008-05-28 19:53 2,396 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-28 19:41 . 2008-05-28 19:41 <REP> d-------- C:\Program Files\Sunbelt Software
2008-05-28 19:36 . 2008-05-28 19:36 <REP> d-------- C:\Program Files\Avira
2008-05-28 19:36 . 2008-05-28 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 19:26 . 2008-05-28 19:26 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-28 19:23 . 2008-05-28 19:25 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-28 19:15 . 2008-03-01 08:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-28 19:15 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-28 19:15 . 2007-03-08 01:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-28 19:15 . 2008-03-01 08:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-28 19:15 . 2008-03-01 08:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-28 19:15 . 2008-03-01 08:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-28 19:15 . 2008-03-01 08:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-28 19:15 . 2008-03-01 08:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-28 19:15 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-28 17:26 . 2008-05-28 17:26 1,887,265 --a------ C:\upload_moi_YOUR-1ACFF78AAC.tar.gz
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 16:43 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 16:43 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 16:28 . 2008-05-28 17:12 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht
2008-05-28 16:27 . 2004-08-05 15:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-28 16:20 . 2008-05-28 16:20 5,120 --a------ C:\WINDOWS\system32\config\systemprofile\ftp34.dll
2008-05-27 21:48 . 2008-05-27 21:48 <REP> d-------- C:\_OTMoveIt
2008-05-27 21:42 . 2008-05-28 16:00 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-27 21:18 . 2008-05-28 16:35 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
2008-05-27 16:13 . 2008-05-27 16:13 33,745 ---hs---- C:\WINDOWS\system32\duewcaon.ini
2008-05-17 12:38 . 2004-08-05 15:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-05-16 14:55 . 2008-05-16 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-16 14:55 . 2007-04-27 11:12 78,784 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-05-15 21:08 . 2008-05-15 21:08 <REP> d-------- C:\mGame
2008-05-15 16:12 . 2008-05-15 16:12 <REP> d-------- C:\WINDOWS\system32\SolidStateNetworks
2008-05-03 14:36 . 2008-05-03 14:36 <REP> d-------- C:\Program Files\WiFiConnector

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-27 21:11 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2008-05-26 01:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-16 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 18:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-16 18:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-25 20:08 --------- d-----w C:\Program Files\DofusArena2
2008-04-22 19:25 --------- d-----w C:\Program Files\Ankama Games
2008-04-19 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-19 03:46 --------- d-----w C:\Program Files\Creative
2008-04-19 03:45 --------- d--h--w C:\Program Files\Creative Installation Information
2008-04-17 23:49 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-14 01:07 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-14 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Dealio
2008-04-14 00:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2008-04-14 00:38 --------- d-----w C:\Program Files\Ahead
2008-04-14 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-14 00:37 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-04-13 17:30 --------- d-----w C:\Program Files\Fichiers communs\Creative
2008-04-12 15:53 --------- d-----w C:\Program Files\FLV Player
2008-04-12 15:30 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-04-12 15:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-04-06 03:04 --------- d-----w C:\Program Files\GUILD WARS
2008-03-31 02:28 --------- d-----w C:\Program Files\Windows Live
2008-03-31 02:28 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-30 22:53 --------- d-----w C:\Program Files\Matroska Playback Pack
2008-03-30 16:32 --------- d-----w C:\Program Files\AruaROSE
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-30 04:50 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-30 04:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 04:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-30 04:44 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 16:35 --------- d-----w C:\Program Files\Project64 1.6
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_18.06.30.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 22:01:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 23:49:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-05 19:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 19:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 19:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 19:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 19:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 19:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 19:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 19:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 19:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 19:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 19:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 19:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 19:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 19:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 19:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 19:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 19:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 19:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 19:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-10-27 23:20:20 32,368 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2006-10-27 23:18:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 19:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 19:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2006-10-27 06:44:06 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-17 16:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2006-10-17 16:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2006-10-27 19:09:58 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2006-10-17 16:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2006-10-27 06:44:04 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2006-10-27 06:44:36 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2006-10-27 06:44:42 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2006-10-27 06:42:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2006-09-06 04:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2006-10-17 16:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2006-10-27 06:44:46 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2006-10-27 19:09:58 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2006-10-27 06:44:08 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2006-10-17 16:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2006-10-27 06:44:12 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2006-10-17 17:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2006-10-27 19:09:58 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2006-10-27 19:09:58 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2006-10-27 19:09:58 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2006-10-27 19:09:58 3,577,856 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2006-10-27 19:09:58 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2006-10-17 17:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2006-10-27 19:09:58 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2006-10-17 17:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 16:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2006-10-17 17:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2006-10-27 19:09:58 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2006-10-27 19:09:58 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2006-10-27 19:09:58 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll.000
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll.000
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 14:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 14:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2008-05-28 23:41:15 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-05-28 23:41:15 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-05-28 23:41:15 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-05 19:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2006-10-27 06:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 19:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-05 19:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2006-10-27 06:44:26 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-05 19:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-05-12 06:18:58 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-10-27 19:09:58 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-05 19:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2006-10-17 16:44:36 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-05 19:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-05 19:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-05 19:00:00 221,696 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-05 19:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-05 19:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2006-10-17 17:04:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-05 19:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2006-10-17 17:06:00 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2006-10-27 19:09:58 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-05 19:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-05 19:00:00 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2006-10-27 06:44:26 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-05 19:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-05 19:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2006-10-17 16:57:58 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-10-27 06:44:08 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2006-10-17 17:00:00 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-05 19:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2006-10-17 17:05:10 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-05 19:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2006-10-17 16:56:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-05 19:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-10-17 16:28:56 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-05 19:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2006-10-27 19:09:58 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-05 19:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-05 19:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2006-10-27 19:09:58 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2006-10-27 19:09:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2004-08-05 19:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2004-08-05 19:00:00 281,600 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-01-21 22:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 22:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 17:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 14:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 14:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 14:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 19:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 19:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 19:00:00 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 19:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 19:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-05 19:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2006-10-17 17:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-10-27 19:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-05 19:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 19:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2006-10-27 06:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2006-10-27 19:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-05 19:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2006-10-17 16:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2006-10-27 06:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-10-17 17:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-05 19:00:00 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2006-10-17 17:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2008-05-09 18:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2006-10-17 16:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-05 19:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2006-10-17 16:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 19:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2006-10-17 16:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 19:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2006-10-27 19:09:58 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 21:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 12:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 19:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-05 19:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-10-27 19:09:58 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-05 19:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 19:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-10-17 17:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 16:14 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-05-03 14:36:46 1073152]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Wireless-B PCI Adapter Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2007-11-03 19:12:28 4638720]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\WINDOWS\\system32\\lxcfcoms.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dofus-Arena beta 2\\DofusArena.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ankama Games\\DofusArenaBeta2\\DofusArena.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26114:TCP"= 26114:TCP:*:Disabled:SolidNetworkManager
"26114:UDP"= 26114:UDP:*:Disabled:SolidNetworkManager
"41645:TCP"= 41645:TCP:*:Disabled:SolidNetworkManager
"41645:UDP"= 41645:UDP:*:Disabled:SolidNetworkManager
"32786:TCP"= 32786:TCP:*:Disabled:SolidNetworkManager
"32786:UDP"= 32786:UDP:*:Disabled:SolidNetworkManager

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-07-10 11:09]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
S3 XDva119;XDva119;C:\WINDOWS\system32\XDva119.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - FWDRV
*Newly Created Service* - KHIPS
*Newly Created Service* - SPF4
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-23 22:46:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-27 20:21:33 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-07 02:15:02 C:\WINDOWS\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-12 03:00:00 C:\WINDOWS\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-28 00:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 22:25:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 22:28:14
ComboFix-quarantined-files.txt 2008-05-29 02:28:06

Pre-Run: 139,145,764,864 octets libres
Post-Run: 139,135,418,368 octets libres

469 --- E O F --- 2008-05-19 05:06:04

Rapport de HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:26, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 28 / 28
Utilisateur anonyme
 
_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.

? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses