Vundofix

Résolu
Gautier -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
J'ai lu et suivi un certain nombre de forum, mais ce virus réapparait a chaque fois.
Même avec le logiciel VundoFix, il ne trouve rien, même en mode sans échec.
J’ai fais plusieurs scan avec Avast, Visual dual scan, Spybot, WinSOS et Malwarebytes’.
J’ai essayé les sites tell que; panda ou kaspersky mais ils ne trouvent rien ou bien il ne propose pas de solution aux erreurs trouvé ( j’ai pas mal de ralentissement quand j’ouvre des pages et surtout quand je joue, perte de fps etc …)

Malwarebytes trouve bien des fichiers, mais quand je les supprime, ils réapparaissent :-(

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 799

Type de recherche: Examen complet (C:\|)
Eléments examinés: 163261
Temps écoulé: 2 hour(s), 19 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166557.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166561.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166562.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166563.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166564.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166565.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166566.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166567.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166568.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166571.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{E71C1438-EC78-40C8-8C2D-B8F0BB2AA5AD}\RP486\A0166579.exe (Trojan.Vundo) -> No action taken.

Autrement j’ai le log de Hijackthis mais je n’y vois pas grand-chose.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Je ne vois pas et comprend pas grand chose à travers toutes ses lignes, si quelqu’un pouvait m’aider ce serait super, parce que je galère avec mon PC.

Merci de vous intéressez à mon problème.
Configuration: Windows XP
Internet Explorer 7.0

18 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Pour malwarebytes se sont tes points de restauration qu'il faudra supprimer plus tard après ta désinfection.

    1/ Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    Ensuite clique sur "Fix checked"

    2/ Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    EmptyTemp

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

    3/ Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
    ==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    ==> Un nouveau dossier chercher va être créé DiagHelp
    ==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    ==> Une fenêtre va s'ouvrir, choisis l'option 1
    ==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
    ==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    ==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    ==> A nouveau menu Edition / copier
    ==> Dans un nouveau message ici, faire un clic droit / coller
    @+

    0
  2. Gautier
     
    DiagHelp version v1.4 - http://www.malekal.com
    excute le 30/05/2008 à 20:27:59,65

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->30/05/2008 20:27:32
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->30/05/2008 20:27:22
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->30/05/2008 20:26:41
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->30/05/2008 20:26:24
    C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->30/05/2008 20:26:24
    C:\WINDOWS\prefetch\GIGAGET.EXE-308053F3.pf -->30/05/2008 20:26:00
    C:\WINDOWS\prefetch\GIGAGETSHELL.EXE-0E6FA342.pf -->30/05/2008 20:25:57
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->30/05/2008 20:24:26
    C:\WINDOWS\prefetch\HIJACKTHIS.EXE-143941B9.pf -->30/05/2008 20:24:24
    C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf -->30/05/2008 20:15:05

    C:\WINDOWS\System32\drivers\fidbox.dat -->30/05/2008 20:20:51
    C:\WINDOWS\System32\drivers\fidbox.idx -->30/05/2008 14:06:14
    C:\WINDOWS\System32\drivers\mbamcatchme.sys -->30/05/2008 01:06:40
    C:\WINDOWS\System32\drivers\mbam.sys -->30/05/2008 01:06:36
    C:\WINDOWS\System32\drivers\hamachi.sys -->24/05/2008 16:22:08
    C:\WINDOWS\System32\drivers\PnkBstrK.sys -->23/05/2008 14:10:35
    C:\WINDOWS\System32\drivers\sptd.sys -->19/05/2008 21:47:22

    C:\WINDOWS\System32\wpa.dbl -->30/05/2008 18:38:01
    C:\WINDOWS\System32\vsconfig.xml -->30/05/2008 17:50:46
    C:\WINDOWS\System32\nvapps.xml -->29/05/2008 21:57:52
    C:\WINDOWS\System32\perfh00C.dat -->28/05/2008 07:19:29
    C:\WINDOWS\System32\perfh009.dat -->28/05/2008 07:19:29
    C:\WINDOWS\System32\perfc00C.dat -->28/05/2008 07:19:29
    C:\WINDOWS\System32\perfc009.dat -->28/05/2008 07:19:29
    C:\WINDOWS\System32\PerfStringBackup.INI -->28/05/2008 07:19:28
    C:\WINDOWS\System32\spupdwxp.log -->28/05/2008 07:17:40
    C:\WINDOWS\System32\FNTCACHE.DAT -->28/05/2008 07:16:46
    C:\WINDOWS\System32\winsock.dll -->23/05/2008 22:45:02
    C:\WINDOWS\System32\PnkBstrB.exe -->23/05/2008 14:10:25
    C:\WINDOWS\System32\PnkBstrA.exe -->23/05/2008 14:10:18
    C:\WINDOWS\System32\CONFIG.NT -->17/05/2008 16:19:46
    C:\WINDOWS\System32\aswBoot.exe -->16/05/2008 01:24:43
    C:\WINDOWS\System32\AVASTSS.scr -->16/05/2008 01:12:36
    C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
    C:\WINDOWS\System32\nvudisp.exe -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvnt4cpl.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvmccsrs.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvmccs.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvexpbar.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvcuda.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvcpluir.dll -->03/05/2008 05:46:00
    C:\WINDOWS\System32\nvcplui.exe -->03/05/2008 05:46:00

    C:\WINDOWS\WindowsUpdate.log -->30/05/2008 18:43:02
    C:\WINDOWS\setupapi.log -->30/05/2008 18:31:43
    C:\WINDOWS\0.log -->30/05/2008 17:51:14
    C:\WINDOWS\wiadebug.log -->30/05/2008 17:51:06
    C:\WINDOWS\wiaservc.log -->30/05/2008 17:50:58
    C:\WINDOWS\bootstat.dat -->30/05/2008 17:50:40
    C:\WINDOWS\win.ini -->30/05/2008 14:30:44
    C:\WINDOWS\system.ini -->30/05/2008 14:30:44
    C:\WINDOWS\SchedLgU.Txt -->30/05/2008 14:06:00
    C:\WINDOWS\NeroDigital.ini -->30/05/2008 13:41:44
    C:\WINDOWS\setupact.log -->29/05/2008 17:34:41
    C:\WINDOWS\DPINST.LOG -->28/05/2008 10:32:30
    C:\WINDOWS\wmsetup.log -->28/05/2008 09:54:43
    C:\WINDOWS\OEWABLog.txt -->28/05/2008 07:19:04
    C:\WINDOWS\spupdsvc.log -->28/05/2008 07:18:15

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1428
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
    0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
    0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
    0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0x3a000 C:\WINDOWS\system32\Hook.dll
    0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
    0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    0x04570000 0x1b0000 3.00.0000.0005 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
    0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
    0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x04830000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
    0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
    0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
    0x03580000 0x19000 2.10.0006.0001 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
    0x05670000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
    0x01650000 0xb000 7.00.0470.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
    0x04b20000 0x2e000 C:\Program Files\WinRAR\rarext.dll
    0x019f0000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x061b0000 0x836000 6.14.0011.6230 C:\WINDOWS\system32\nvcpl.dll
    0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
    0x014e0000 0x45000 6.14.0011.6230 C:\WINDOWS\system32\NVRSFR.DLL
    0x01530000 0x5a000 6.14.0011.6230 C:\WINDOWS\system32\nvapi.dll
    0x033c0000 0x73000 6.14.0010.11116 C:\WINDOWS\system32\nvshell.dll
    0x015a0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    0x03f10000 0x41000 2.03.0000.0011 C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    0x069f0000 0x1e2000 2.10.0001.0001 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
    0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 1320
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01360000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\WINDOWS\system32

    14/04/2008 04:33 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 92 922 335 232 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\WINDOWS\Downloaded Program Files

    30/05/2008 18:31 <REP> .
    30/05/2008 18:31 <REP> ..
    23/05/2008 22:20 <REP> CONFLICT.1
    28/04/2007 11:42 65 desktop.ini
    25/07/2002 18:13 24 576 dwusplay.dll
    25/07/2002 18:13 196 608 dwusplay.exe
    30/05/2008 16:09 1 570 hardwaredetection.inf
    11/08/2005 16:30 417 792 isusweb.dll
    08/08/2006 11:45 576 kavwebscan.inf
    20/06/2006 15:44 117 560 PURen-us.dll
    09/01/2007 08:30 110 592 PURfr-fr.dll
    27/03/2007 16:00 5 021 swflash.inf
    07/01/2008 19:29 23 600 tvichw32.sys
    10 fichier(s) 897 960 octets

    Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

    23/05/2008 22:20 <REP> .
    23/05/2008 22:20 <REP> ..
    02/08/2007 12:31 67 456 PURen-us.dll
    06/08/2007 13:10 68 992 PURfr-fr.dll
    2 fichier(s) 136 448 octets

    Total des fichiers listés :
    12 fichier(s) 1 034 408 octets
    5 Rép(s) 92 922 335 232 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Disabled:LaunchPad"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
    "C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe"="C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe:*:Enabled:Jouer à TmNationsForever"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Enabled:etqwded.exe"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
    "C:\\Program Files\\Winsos\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableRegistryTools"=dword:00000000
    "HideLegacyLogonScripts"=dword:00000000
    "HideLogoffScripts"=dword:00000000
    "RunLogonScriptSync"=dword:00000001
    "RunStartupScriptSync"=dword:00000000
    "HideStartupScripts"=dword:00000000

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.antispywareupdates.net
    127.0.0.1 antispywareupdates.net
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 client.exeupdate.com
    127.0.0.1 www.eupdatepage.com
    127.0.0.1 eupdatepage.com
    127.0.0.1 www.exeupdate.com
    127.0.0.1 exeupdate.com
    127.0.0.1 www.hotwinupdates.com
    127.0.0.1 hotwinupdates.com
    127.0.0.1 www.lavasoftupdate.com
    127.0.0.1 lavasoftupdate.com
    127.0.0.1 www.malwarewipeupdate.com
    127.0.0.1 malwarewipeupdate.com
    127.0.0.1 www.msupdate.net
    127.0.0.1 msupdate.net
    127.0.0.1 www.msupdater.net
    127.0.0.1 msupdater.net
    127.0.0.1 www.necessaryupdates.com
    127.0.0.1 necessaryupdates.com
    127.0.0.1 newupdates.lzio.com
    127.0.0.1 redirect.msupdate.net
    127.0.0.1 search.keyword.exeupdate.com
    127.0.0.1 www.securityupdatesite.com
    127.0.0.1 securityupdatesite.com
    127.0.0.1 settings.updatemysettings.com
    127.0.0.1 www.spyaxeupdate.com
    127.0.0.1 spyaxeupdate.com
    127.0.0.1 www.spyfalconupdate.com
    127.0.0.1 spyfalconupdate.com
    127.0.0.1 www.systemupdates.net
    127.0.0.1 systemupdates.net
    127.0.0.1 trial.updates.winsoftware.com
    127.0.0.1 update.680180.net
    127.0.0.1 update.shareaza.com
    127.0.0.1 www.updatemysettings.com
    127.0.0.1 updatemysettings.com
    127.0.0.1 updates.spywarequake.com
    127.0.0.1 www.urgentsystemupdate.biz
    127.0.0.1 urgentsystemupdate.biz
    127.0.0.1 www.urgentsystemupdate.com
    127.0.0.1 urgentsystemupdate.com
    127.0.0.1 windupdates.com
    127.0.0.1 www.pandaantivirus-2007.com
    127.0.0.1 pandaantivirus-2007.com
    127.0.0.1 www.pandadownload-now.com
    127.0.0.1 pandadownload-now.com
    127.0.0.1 www.panda-hq.com
    127.0.0.1 panda-hq.com
    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-30 20:28:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    144 - svchost.exe
    488 - svchost.exe
    568 - svchost.exe
    580 - vsmon.exe
    728 - X10nets.exe
    1084 - nvsvc32.exe
    1296 - csrss.exe
    1320 - winlogon.exe
    1364 - services.exe
    1376 - lsass.exe
    1400 - svchost.exe
    1428 - explorer.exe
    1496 - WiFiStation.exe
    1536 - svchost.exe
    1596 - svchost.exe
    1748 - ashServ.exe
    1832 - HPZIPM12.EXE
    1872 - PnkBstrA.exe
    1888 - PnkBstrB.exe
    2728 - 9wifi.exe
    2844 - ashMaiSv.exe
    2884 - ashWebSv.exe
    2900 - zlclient.exe
    3044 - GoogleToolbarNo
    3152 - iexplore.exe
    3532 - svchost.exe
    3716 - cmd.exe

    Total number of processes = 28
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntkrnlpa.exe
    806E4000 - \WINDOWS\system32\hal.dll
    BADA8000 - \WINDOWS\system32\KDCOM.DLL
    BACB8000 - \WINDOWS\system32\BOOTVID.dll
    BA6A7000 - spae.sys
    BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
    BA68F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    BA660000 - ACPI.sys
    BA64F000 - pci.sys
    BA8A8000 - isapnp.sys
    BAE70000 - pciide.sys
    BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    BADAC000 - viaide.sys
    BA8B8000 - MountMgr.sys
    BA630000 - ftdisk.sys
    BAB30000 - PartMgr.sys
    BAB38000 - videX32.sys
    BA8C8000 - ViBus.sys
    BA8D8000 - VolSnap.sys
    BA618000 - atapi.sys
    BA8E8000 - ViPrt.sys
    BA8F8000 - disk.sys
    BA908000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    BA5F8000 - fltmgr.sys
    BA5E6000 - sr.sys
    BAB40000 - xfilt.sys
    BA918000 - PxHelp20.sys
    BA5CF000 - KSecDD.sys
    BA542000 - Ntfs.sys
    BA515000 - NDIS.sys
    BA928000 - uagp35.sys
    BAB48000 - viaagp1.sys
    BA501000 - srescan.sys
    BA4EE000 - sfvfs02.sys
    BAB50000 - sfhlp02.sys
    BA4DC000 - sfdrv01.sys
    BA4C2000 - Mup.sys
    BAD70000 - \SystemRoot\system32\DRIVERS\tunmp.sys
    BAA78000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    B9AF4000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
    B9AE0000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    BAA88000 - \SystemRoot\system32\DRIVERS\imapi.sys
    BAA98000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    BAAA8000 - \SystemRoot\system32\DRIVERS\redbook.sys
    B9ABD000 - \SystemRoot\system32\DRIVERS\ks.sys
    BABD8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    B9A99000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    BADBE000 - \SystemRoot\System32\Drivers\vulfnth.sys
    BABE0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    BABE8000 - \SystemRoot\system32\DRIVERS\fetnd5.sys
    B9A71000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
    B9A0C000 - \SystemRoot\System32\Drivers\a761ob9n.SYS
    B99BB000 - \SystemRoot\system32\DRIVERS\serial.sys
    BA496000 - \SystemRoot\system32\DRIVERS\serenum.sys
    B99A7000 - \SystemRoot\system32\DRIVERS\parport.sys
    BADCA000 - \SystemRoot\System32\Drivers\x10hid.sys
    BAAB8000 - \SystemRoot\System32\Drivers\HIDCLASS.SYS
    BAC38000 - \SystemRoot\System32\Drivers\HIDPARSE.SYS
    BAFE9000 - \SystemRoot\system32\DRIVERS\audstub.sys
    BA968000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    BA492000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    B9421000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    BA978000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    BA988000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    BAC50000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    B9410000 - \SystemRoot\system32\DRIVERS\psched.sys
    BA998000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    BAC60000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    BAC68000 - \SystemRoot\system32\DRIVERS\raspti.sys
    BAC70000 - \SystemRoot\system32\DRIVERS\hamachi.sys
    BA9A8000 - \SystemRoot\system32\DRIVERS\termdd.sys
    BAC78000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    BAC80000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    BA9B8000 - \SystemRoot\system32\drivers\SaiBus.sys
    BADE0000 - \SystemRoot\system32\DRIVERS\swenum.sys
    B9312000 - \SystemRoot\system32\DRIVERS\update.sys
    BA486000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    BA482000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
    BA9C8000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    BA187000 - \SystemRoot\system32\DRIVERS\SaiMini.sys
    BAC90000 - \SystemRoot\System32\Drivers\GMFilter.sys
    BA183000 - \SystemRoot\system32\DRIVERS\mouhid.sys
    BA17F000 - \SystemRoot\System32\Drivers\vulfntr.sys
    BA9E8000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    BADE4000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    B618F000 - \SystemRoot\system32\drivers\viahduaa.sys
    B616B000 - \SystemRoot\system32\drivers\portcls.sys
    BAA08000 - \SystemRoot\system32\drivers\drmk.sys
    B6148000 - \SystemRoot\system32\DRIVERS\klif.sys
    BADEE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    BAF65000 - \SystemRoot\System32\Drivers\Null.SYS
    BADF0000 - \SystemRoot\System32\Drivers\Beep.SYS
    BACB0000 - \SystemRoot\System32\drivers\vga.sys
    BADF2000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    BADF4000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    BAB60000 - \SystemRoot\System32\Drivers\Msfs.SYS
    BAB68000 - \SystemRoot\System32\Drivers\Npfs.SYS
    BAD78000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    B6115000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    B60BC000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    BAA58000 - \SystemRoot\System32\Drivers\aswTdi.SYS
    B6096000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    B606E000 - \SystemRoot\system32\DRIVERS\netbt.sys
    BAA68000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    B6036000 - \SystemRoot\system32\DRIVERS\tcpip6.sys
    B5FD6000 - \SystemRoot\System32\vsdatant.sys
    BAAC8000 - \SystemRoot\system32\drivers\ip6fw.sys
    B5FB4000 - \SystemRoot\System32\drivers\afd.sys
    BAAD8000 - \SystemRoot\system32\DRIVERS\netbios.sys
    B5F89000 - \SystemRoot\system32\DRIVERS\rdbss.sys
    B5F19000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
    BAAF8000 - \SystemRoot\System32\Drivers\Fips.SYS
    BAB18000 - \SystemRoot\system32\drivers\lvusbsta.sys
    B5E62000 - \SystemRoot\System32\Drivers\aswSP.SYS
    B5DD1000 - \SystemRoot\system32\DRIVERS\LV532AV.SYS
    BA958000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
    BAB88000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
    B5D85000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    BAB98000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
    B9302000 - \SystemRoot\system32\DRIVERS\hidusb.sys
    B5D47000 - \SystemRoot\system32\DRIVERS\rt73.sys
    BABA0000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    B93C0000 - \SystemRoot\System32\Drivers\dump_ViPrt.sys
    BF800000 - \SystemRoot\System32\win32k.sys
    B61D2000 - \SystemRoot\System32\drivers\Dxapi.sys
    BABB0000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    BAF58000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\nv4_disp.dll
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    BAC00000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
    BAC28000 - \SystemRoot\system32\DRIVERS\AegisP.sys
    B5B31000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    BAA38000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys
    B5BFB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    B5E89000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    B58C3000 - \SystemRoot\System32\Drivers\aswMon2.SYS
    B5616000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    BAE1C000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    B559C000 - \SystemRoot\system32\DRIVERS\srv.sys
    B5793000 - \SystemRoot\system32\DRIVERS\secdrv.sys
    B52B7000 - \SystemRoot\system32\drivers\wdmaud.sys
    B569B000 - \SystemRoot\system32\drivers\sysaudio.sys
    B506F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
    B4EDF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    B4D86000 - \SystemRoot\System32\Drivers\HTTP.sys
    BAC08000 - \SystemRoot\System32\Drivers\PCASp50.sys
    BABB8000 - \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    BACA0000 - \SystemRoot\system32\DRIVERS\SaiUFF0D.sys
    AEB8E000 - \SystemRoot\system32\DRIVERS\SaiHFF0D.sys
    AE1BE000 - \SystemRoot\system32\drivers\kmixer.sys
    BAFBF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 152

    Liste des programmes installes

    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11
    AIDA32 v3.93
    America's Army
    Archlord
    Audacity 1.2.6
    avast! Antivirus
    Cartoonist 1.3
    CCleaner (remove only)
    Correctif pour Windows Internet Explorer 7 (KB947864)
    Counter-Strike: Source
    eMule
    Enemy Territory - Quake Wars(TM)
    Enemy Territory - QUAKE Wars(TM) 1.1 Patch
    Enemy Territory - QUAKE Wars(TM) 1.1 Patch
    EVEREST Home Edition v2.20
    Far Cry
    Far Cry
    Far Cry (Patch 1)
    Far Cry (Patch 1.3)
    FlatOut2
    foobar2000 v0.9.5.2
    Fraps
    Galerie de photos Windows Live
    Gigaget
    GIMP 2.4.5
    GM-4200 Gamer Mouse Optical
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Half-Life Dedicated Server Update Tool
    Hamachi 1.0.2.5
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 6
    Kaspersky On-line Scanner
    Kaspersky Online Scanner
    Lecteur Windows Media 11
    LightScribe 1.4.124.1
    Logiciel QuickCam de Logitech
    Ma-Config.com
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    MSI 8624 BDA Driver
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    neroxml
    Neuf - Kit de connexion
    NVIDIA Drivers
    OpenAL
    PhotoFiltre
    PlanetSide
    Platform
    Programme de gestion Camera de Logitech®
    PunkBuster(TM) - Enemy Territory - QUAKE Wars(TM)
    PunkBuster(TM) pour Enemy Territory - QUAKE Wars(TM)
    Quake 4(TM)
    Quake 4(TM)
    QUAKE 4(TM) Quakemas Map Pack
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Saitek SST Programming Software
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    SpeechRedist
    Spybot - Search & Destroy
    SUPER © Version 2008.bld.30 (Mar 22, 2008)
    System Requirements Lab
    TeamSpeak 2 RC2
    TmNationsForever
    Unreal Tournament 2004
    Unreal Tournament 3
    VCRedistSetup
    VIA Gestionnaire de périphériques de plate-forme
    VIA Rhine Family Fast Ethernet Adapter CE6 Driver
    Vista Dual Scan
    WebFldrs XP
    WiFi Station
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Presentation Foundation
    WinRAR archiver
    Winsos
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.1.2 final uninstall
    ZoneAlarm
    ZoneAlarm Spy Blocker

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\Program Files

    30/05/2008 18:31 <REP> .
    30/05/2008 18:31 <REP> ..
    15/02/2008 14:42 <REP> Adobe
    30/05/2008 14:33 <REP> Age of Empires II
    28/06/2007 20:19 <REP> AIDA32 - Personal System Information
    31/05/2007 20:47 <REP> Alwil Software
    02/05/2008 22:19 <REP> America's Army
    22/03/2008 17:43 <REP> America's Army Server Manager
    31/10/2007 14:04 <REP> Audacity
    03/07/2007 15:25 <REP> AviSynth 2.5
    23/05/2008 22:27 <REP> AxBx
    01/12/2007 19:09 <REP> Cartoonist
    09/02/2008 21:50 <REP> CCleaner
    16/05/2008 19:33 <REP> CE6
    16/02/2008 23:17 <REP> Codemasters
    28/04/2007 18:22 <REP> Common Files
    30/05/2008 14:33 <REP> Counter-Strike Source
    19/05/2008 22:03 <REP> DAEMON Tools
    05/02/2008 16:36 <REP> Empire Interactive
    25/05/2008 20:15 <REP> eMule
    10/05/2007 19:16 <REP> eRightSoft
    24/05/2008 14:16 <REP> Fichiers communs
    12/05/2008 09:56 <REP> foobar2000
    29/10/2007 09:28 <REP> Giganology
    17/04/2008 13:44 <REP> GIMP-2.0
    24/05/2008 14:02 <REP> Google
    24/05/2008 16:20 <REP> Hamachi
    31/05/2007 18:43 <REP> Hercules
    19/08/2007 12:39 <REP> HP
    23/05/2008 13:39 <REP> id Software
    08/04/2008 21:06 <REP> Internet Explorer
    01/05/2008 09:35 <REP> Java
    10/02/2008 11:18 <REP> Lavalys
    09/07/2007 16:35 <REP> Logitech
    30/05/2008 18:31 <REP> ma-config.com
    30/05/2008 12:37 <REP> Malwarebytes' Anti-Malware
    30/05/2008 14:33 <REP> Messenger
    14/11/2007 22:11 <REP> Microsoft CAPICOM 2.1.0.2
    28/04/2007 11:45 <REP> microsoft frontpage
    02/06/2007 08:17 <REP> Microsoft Office
    20/05/2008 17:59 <REP> Microsoft Silverlight
    13/11/2007 21:18 <REP> Microsoft SQL Server Compact Edition
    02/06/2007 08:17 <REP> Microsoft.NET
    27/05/2008 23:36 <REP> Movie Maker
    15/02/2008 19:24 <REP> MSBuild
    28/04/2007 11:39 <REP> MSN
    28/04/2007 11:40 <REP> MSN Gaming Zone
    28/04/2007 12:00 <REP> Nero
    27/05/2008 23:34 <REP> NetMeeting
    15/06/2007 13:59 <REP> Neuf
    28/04/2007 11:40 <REP> Online Services
    13/03/2008 19:46 <REP> OpenAL
    27/05/2008 23:34 <REP> Outlook Express
    29/04/2008 18:51 <REP> PhotoFiltre
    22/05/2008 18:48 <REP> PunkBuster
    15/02/2008 19:22 <REP> Reference Assemblies
    05/02/2008 17:01 <REP> Saitek
    28/04/2007 11:42 <REP> Services en ligne
    31/05/2007 23:08 <REP> Sony
    12/04/2008 21:28 <REP> Spybot - Search & Destroy
    06/01/2008 21:10 <REP> SystemRequirementsLab
    31/05/2007 21:41 <REP> Teamspeak2_RC2
    30/05/2008 14:33 <REP> TmNationsForever
    24/05/2008 15:08 <REP> Trust
    17/11/2007 17:05 <REP> Ubisoft
    24/01/2008 17:41 <REP> Unreal Tournament 3
    24/03/2008 14:17 <REP> utorrent
    10/02/2008 13:07 <REP> VIA
    12/05/2008 13:20 <REP> Winamp
    27/02/2008 15:28 <REP> Windows Live
    29/04/2008 18:35 <REP> Windows Live Safety Center
    02/06/2007 11:18 <REP> Windows Media Connect 2
    27/05/2008 23:34 <REP> Windows Media Player
    27/05/2008 23:34 <REP> Windows NT
    15/02/2008 19:34 <REP> WinRAR
    30/05/2008 14:34 <REP> Winsos
    28/04/2007 11:45 <REP> xerox
    30/05/2008 14:33 <REP> Xvid
    26/05/2007 10:45 <REP> Zone Labs
    07/01/2008 20:32 <REP> ZoneAlarmSB
    0 fichier(s) 0 octets
    80 Rép(s) 92 910 084 096 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\Program Files\fichiers communs

    24/05/2008 14:16 <REP> .
    24/05/2008 14:16 <REP> ..
    15/02/2008 14:42 <REP> Adobe
    19/05/2008 21:34 <REP> Ahead
    04/06/2007 11:57 <REP> Blizzard Entertainment
    02/06/2007 08:17 <REP> DESIGNER
    13/03/2008 22:09 <REP> InstallShield
    28/04/2007 11:45 <REP> Java
    15/02/2008 23:37 <REP> LightScribe
    09/07/2007 16:35 <REP> Logitech
    15/02/2008 23:18 <REP> Microsoft Shared
    28/04/2007 11:41 <REP> MSSoap
    28/04/2007 13:30 <REP> ODBC
    28/04/2007 11:41 <REP> Services
    28/04/2007 13:30 <REP> SpeechEngines
    27/05/2008 23:34 <REP> System
    0 fichier(s) 0 octets
    16 Rép(s) 92 910 084 096 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    06/01/2008 22:15 <REP> .
    06/01/2008 22:15 <REP> ..
    02/06/2007 08:17 <REP> 1033
    06/01/2008 22:15 <REP> 1036
    20/09/2005 13:33 1 293 008 MSONSEXT.DLL
    22/03/2007 20:29 39 256 MSOSV.DLL
    03/06/1999 12:09 122 937 MSOWS409.DLL
    07/03/2001 07:00 127 033 MSOWS40c.DLL
    11/07/2003 02:25 80 448 PKMWS.DLL
    5 fichier(s) 1 662 682 octets
    4 Rép(s) 92 910 080 000 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 6C70-802F

    Répertoire de C:\Program Files\common files

    28/04/2007 18:22 <REP> .
    28/04/2007 18:22 <REP> ..
    28/04/2007 18:22 <REP> X10
    0 fichier(s) 0 octets
    3 Rép(s) 92 910 080 000 octets libres

    c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    c:\Documents and Settings\Gautier\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
    c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\#SharedObjects\GJ7RA2RK\localhost\Program Files\FLVPlayer\flvplayer.exe
    c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\#SharedObjects\GJ7RA2RK\localhost\Program Files\YouTUBE (TM) movie downloader\FLVPlayer\flvplayer.exe
    c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut1_EF434C52D88243DB8777EC7B10D8943C.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut13_6778954C13C24333AF77F5C885EB280F.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut15_EF434C52D88243DB8777EC7B10D8943C.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut16_EF434C52D88243DB8777EC7B10D8943C.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut17_EF434C52D88243DB8777EC7B10D8943C.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut2_EF434C52D88243DB8777EC7B10D8943C.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut8_6778954C13C24333AF77F5C885EB280F.exe
    c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut9_6778954C13C24333AF77F5C885EB280F.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\LP_Diagnostics.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\planetside.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\PlanetSideBeta.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\PlanetSideTest.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\wiredred\pscs.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\Station\LaunchPad\LaunchPad.exe
    c:\Documents and Settings\Gautier\Bureau\Sony\Station\LaunchPad\lp_plugin.exe
    c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\Blackk_1.2\blackkpub1.2.exe
    c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\HOH_3\hack.exe
    c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\P7_1.8\hack.exe
    c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\_ISDel.exe
    c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\Setup.exe
    c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\Via4in1.exe
    c:\Documents and Settings\Gautier\Local Settings\Temporary Internet Files\Content.IE5\7HFZN0BZ\SDFix[1].exe
    c:\Documents and Settings\Gautier\Local Settings\Temporary Internet Files\Content.IE5\LEWNM834\mbam-setup[1].exe
    c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.0-1.4-update.exe
    c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.0-1.5-update.exe
    c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.4-1.5-update.exe
    c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-server-1.5-full-setup.exe
    c:\Documents and Settings\Gautier\Mes documents\planetside\PlanetSide.exe
    c:\Documents and Settings\Gautier\Mes documents\Roms DS\Carte\scshell\SFTPMSI.exe
    c:\Documents and Settings\Gautier\Mes documents\Roms DS\Carte\scshell orginal\SFTPMSI.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_280to281_generic.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_281to282_generic.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_282to283_generic.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\AA28FullInstaller_Generic.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CabalSetup_SG_080222.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\crysis_demo_jouable_1_anglais_77292.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\fear_combat_jeu_complet_francais.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\Rappelz_BetaFR.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\TmNationsESWC_Setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\trackmania_nations_forever_jeu_complet_multi-langues_240580.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\unreal_tournament_iii_bonus_map_pack_1_multi-langues_227588.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\WolfET.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\03.CSS_V17.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CSS_Patch_v1_TO_v16_18-12-2006-DZ.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CSS_Patch_v17_04-04-2007-DZ.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CS-Source_Full_07_07_2005-DZ.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\TexturePack_COC.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\a ne pas toucher\Decompression.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\a ne pas toucher\VirtualExpander.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\Doom 3\Doom3.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\Unreal T 2004\Pulverisateur.exe
    c:\Documents and Settings\Gautier\Mes documents\setup jeux\Unreal T 2004\UT2004.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\audacity-win-1.2.6.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\avast_avast_4.7.942_francais_anglais_11113.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\CamStudio20.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\cartinst.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\ccsetup204.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\ccsetup205.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\daemon-tools_daemon_tools_4.12.3_anglais_10729.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\dap86.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\DriverDetective.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\everesthome220.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\eyeinst.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\FHSetup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\FixVundo.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\foobar2000_0.9.5.2.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GameCamSetup14.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GCLiteSetup14.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\gimp-2.4.2-i686-setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GIMPshop_0.1beta_Setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Google_Earth_BZXE.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GoogleSketchUpWEN.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HamachiSetup-1.0.2.2-fr.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HC2SetFR.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Install_Messenger.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\joost_joost_1.0.2_beta_anglais_45160.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\mbam-setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pack-vista-inspirat-2-1.0.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pf-setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pidgin-2.4.0.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\qc848fra.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SDFix.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\setup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\setupfraps.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\spybotsd152.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERAntiSpyware.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERsetup.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERsetup2.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\udc.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\VirtumundoBeGone.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\VundoFix.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\winamp5531_full_emusic-7plus_fr-fr.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\winsos.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\wmp11-windowsxp-x86-FR-FR.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\wrar300fr.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\zlsSetup_65_737_000_fr.exe
    c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Avast clean\aswclnr.exe
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
    c:\Documents and Settings\Gautier\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
    c:\Documents and Settings\Gautier\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
    c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\HOH_3\Hack.dll
    c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\P7_1.8\Hack.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_ORDI-DE-GAUTIER.tar.gz a l'adresse http://upload.malekal.com

    Ça fait un sacrée rapport :-o
    Je te remercie pour ton aide ^^
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok pour commencer il faut suivre les étapes :-)

    1/ Fixer les lignes avec HijacThis
    Est-ce que la fait ?

    2/ tu n'as pas fait OTMoveIt ou tu n'as pas posté le rapport

    3/ le rapport de DiagHelp que tu viens de poster ;-)
    très bien mais j'aurais aimé que tu poste dans l'ordre.

    Pour la suite poste le rapport de OTMoveIt

    Ensuite Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    => Double clic sur SmitfraudFix.zip
    => Extraire tout
    => Double clic sur SmitfraudFix
    => Double Clic sur SmitfraudFix.cmd
    => Choisir Option 1
    => poste le rapport
    @+
    0
  4. Gautier
     
    C’est ok pour hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:09:46, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\ipconfig.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe
    C:\WINDOWS\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Gautier
     
    J’ai fait le rapport d’OTMoveIt2 après avoir cliquer sur CleanUp !

    File/Folder C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.
    < EmptyTemp >
    File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\fla1.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DF3E3.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF489.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF4BE.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT016ce.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT058e1.TMP scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    Temp folders emptied.
    IE temp folders emptied.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05312008_101453

    Files moved on Reboot...
    File C:\DOCUME~1\Gautier\LOCALS~1\Temp\fla1.tmp not found!
    File C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DF3E3.tmp not found!
    File C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF489.tmp not found!
    File C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF4BE.tmp not found!
    C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat moved successfully.
    File C:\WINDOWS\temp\ZLT016ce.TMP not found!
    File C:\WINDOWS\temp\ZLT058e1.TMP not found!
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    1/ Redémarre l'ordinateur en mode sans échec
    (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

    * Double clique sur smitfraudfix.cmd

    * Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    * Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !

    reposte un nouveau rapport hijackthis à l'issu stp

    2/ Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\Program Files\Winsos\winsos.exe
    EmptyTemp


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.


    3/
    Refais un nouveau rapport HijacThis STP.
    0
  8. Gautier
     
    1er étape : (J’ai pas compris ça ma fais une liste de fou)*

    SmitFraudFix v2.323

    Rapport fait à 12:31:01,14, 31/05/2008
    Executé à partir de C:\Documents and Settings\Gautier\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    *(Normalement ici il y a une liste énorme de liens, mais si je les mets, je ne peux pas mettre le fin du rapport, tellement qu’il y en a.)

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:40:54, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\notepad.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Gautier\Bureau\OTMoveIt2.exe
    C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\Gautier\Bureau\OTMoveIt2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok on continu

    Télécharge sur le bureau
    http://sosvirus.changelog.fr/MSNFix.zip
    = Clic-Droit sur MSNFix.zip
    = Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    = Double-Clic sur le dossier MSNfix qui vient de se créer
    = Double-Clic MSNfix ==> Symbole roue dentée
    = Choisir R
    = Choisir ensuite N ( si infection)
    = Enregistre le rapport
    redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé

    @+
    0
  10. Gautier
     
    MSNFix 1.719

    C:\Documents and Settings\Gautier\Bureau\MSNFix
    Fix exécuté le 31/05/2008 - 14:52:59,10 By Gautier
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\tmp.txt

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\tmp.txt

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    Aucun Fichier trouvé

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 31052008_14581046.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
    @+
    0
  12. Gautier
     
    Report.txt :

    [b]SDFix: Version 1.187 [/b]
    Run by Gautier on 31/05/2008 at 16:45

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Gautier\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\hook.dll - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-31 17:01:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Disabled:LaunchPad"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
    "C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe"="C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe:*:Enabled:Jouer … TmNationsForever"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Enabled:etqwded.exe"
    "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
    "C:\\Program Files\\Winsos\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\Gautier\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
    Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
    Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
    Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
    Sun 25 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
    Fri 23 May 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
    Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
    Sat 26 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 31 May 2008 96 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
    Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
    Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
    Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
    Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
    Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
    Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
    Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
    Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
    Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
    Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
    Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
    Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
    Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
    Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
    Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
    Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
    Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
    Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
    Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
    Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT13.tmp"
    Thu 20 Mar 2008 65,673,358 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e1793da1bcb2f4dd720f7545f7769a5\BIT44.tmp"
    Fri 23 May 2008 8,859,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d30679f9a92157efe8642d2e320f457a\BIT1.tmp"

    [b]Finished![/b]

    Sur mon bureau un fichier catcheme.log est apparut :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-31 17:01:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
    "khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Je te remercie pour ta rapidité et pour tous ses logiciels pour nettoyer ^^
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Ok

    pour les logiciels il faut remercier les créateurs/auteurs ;-)

    1/ fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    2/ Refais un nouveau rapport hijack stp
    @+
    0
  14. Gautier
     
    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Sun, Jun 01, 2008 - 00:00:55

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files
    449865

    Infected Files
    0

    Virus Detected

    No virus found.

    --------------------------------------------------------------------------------

    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:02:31, on 01/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    1/ Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
    O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
    O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)

    Ensuite clique sur "Fix checked"

    2/ fait: Démarrer > Rechercher > Des fichiers ou des dossiers...
    recherche un par un ce fichier et supprime-le.

    winudpmgr.exe
    0
  16. Gautier
     
    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:47, on 01/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    très bien du bon boulot ;-)

    pour vérif fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    @+
    0
  18. Gautier
     
    BitDefender Online Scanner

    Scan report generated at: Tue, Jun 03, 2008 - 16:47:10

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

    Statistics

    Time
    02:16:33

    Files
    448866

    Folders
    7573

    Boot Sectors
    3

    Archives
    3478

    Packed Files
    18363

    Results

    Identified Viruses
    0

    Infected Files
    0

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    0

    Engines Info

    Virus Definitions
    1255852

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    16

    Archive plugins
    42

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    5

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    No virus found.

    Voila c’est genial ;-)
    Virus no found. J’adore cette phrase.
    Encore merci A+
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Cool ;-)

    Pour finir une dernière manip qui permettra de nettoyer ta restauration

    Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    Double clique sur ToolsCleaner2.exe >
    puis Recherche
    et sur Suppression
    Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite

    Dénonce ton infection pour faire condamner les auteurs

    Vous avez été victime d'une infection, et vous avez été aidé par un site comme CommentCaMarche.net ou autre pour vous faire désinfecter, alors ce paragraphe s'adresse à vous !

    Nous vous invitons à créer un message pour faire avancer les choses sur le site Malware-Complaints, plus vous serez nombreux à dénoncer votre infection, et plus nous aurons de chance de voir les choses bouger !

    * Voir les règles du forum
    * Après s'être enregistré à l'aide du bouton en haut se nommant Register, choisissez votre situation :
    **Si vous avez plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
    **Si vous avez moins, clique sur : "I Agree to these terms and am under 13 years of age"
    *Vous avez alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..), il vous suffit d'ajouter votre voix !
    *Si le malware dont vous avez été victime n'apparait pas dans la liste, ou si vous ne savez pas par quoi vous avez été infecté(e), créez un message dans le sujet Autres infections conforme aux règles du forum (âge, ville, département etc..)
    *Indiquez aussi le nom du Forum qui vous a aidé à vous désinfecter

    @+
    0