Virus virtuamonde a l aide !!!
Résolu/Fermé
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
-
18 juin 2008 à 11:16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 19 juin 2008 à 13:24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 19 juin 2008 à 13:24
A voir également:
- Virus virtuamonde a l aide !!!
- Virus mcafee - Accueil - Piratage
- Youtu.be virus - Accueil - Guide virus
- Virus facebook demande d'amis - Accueil - Facebook
- Faux message virus ordinateur - Accueil - Arnaque
- Altruistic virus ✓ - Forum Antivirus
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 12:41
18 juin 2008 à 12:41
slt
* Télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
* Dézipper le dossier sur le bureau.
* Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
________________
installe
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
scan avec, vire ce qui est trouvé et colle moi le rapport
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
________________
desactive kaspersky
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________
recolle un nouveau rapport hijakhcits et dis tes soucis actuels
* Télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
* Dézipper le dossier sur le bureau.
* Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
________________
installe
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
scan avec, vire ce qui est trouvé et colle moi le rapport
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
________________
desactive kaspersky
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________
recolle un nouveau rapport hijakhcits et dis tes soucis actuels
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 13:23
18 juin 2008 à 13:23
alors a la place
telecharge et lance rhost
http://siri.urz.free.fr/RHosts.php
telecharge et lance rhost
http://siri.urz.free.fr/RHosts.php
re voila j ai fait tous ce que vous m avez dit et voici les rapports
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 867
14:28:28 18/06/2008
mbam-log-6-18-2008 (14-28-28).txt
Type de recherche: Examen complet (C:\|G:\|Y:\|Z:\|)
Eléments examinés: 116940
Temps écoulé: 25 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awttSLCR.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urlyexje.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBstroP.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df3fe678-cffa-45de-985e-657f48934982} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df3fe678-cffa-45de-985e-657f48934982} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebstrop (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e44e1c97 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe77d2f0b (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttslcr -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttslcr
voici le deuxieme rapport de malware apres redemarrage du pc :
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 867
14:37:38 18/06/2008
mbam-log-6-18-2008 (14-37-38).txt
Type de recherche: Examen rapide
Eléments examinés: 43052
Temps écoulé: 3 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\awttSLCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RCLSttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RCLSttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBstroP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
voici le rapport de combo fix
ComboFix 08-06-16.5 - taz 2008-06-18 14:39:10.1 - NTFSx86
Endroit: C:\Documents and Settings\taz\Bureau\KillBagle.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\#SharedObjects\ANY42E3W\www.broadcaster.com
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\BMe77d2f0b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DdcLknpo.ini
C:\WINDOWS\system32\DdcLknpo.ini2
C:\WINDOWS\system32\fskutmou.dll
C:\WINDOWS\system32\IhikmUvw.ini
C:\WINDOWS\system32\IhikmUvw.ini2
C:\WINDOWS\system32\iRqtvGgh.ini
C:\WINDOWS\system32\iRqtvGgh.ini2
C:\WINDOWS\system32\jjfqiquy.ini
C:\WINDOWS\system32\KkRrBJjl.ini
C:\WINDOWS\system32\KkRrBJjl.ini2
C:\WINDOWS\system32\lkabkfmx.ini
C:\WINDOWS\system32\lnUvCfhk.ini
C:\WINDOWS\system32\lnUvCfhk.ini2
C:\WINDOWS\system32\mcemaqrl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mvcpfawq.ini
C:\WINDOWS\system32\rpmsytxv.ini
C:\WINDOWS\system32\urlyexje.dll
C:\WINDOWS\system32\yabeKRqr.ini
C:\WINDOWS\system32\yabeKRqr.ini2
C:\WINDOWS\system32\YFijQqru.ini
C:\WINDOWS\system32\YFijQqru.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:59 . 2008-06-18 13:59 <REP> d-------- C:\Documents and Settings\taz\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-18 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 13:58 . 2008-06-18 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 13:58 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:54 . 2008-06-16 22:49 790 --a------ C:\WINDOWS\wininit.ini
2008-06-12 11:06 . 2008-06-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-12 11:06 . 2008-06-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-12 11:04 . 2008-06-18 14:51 9,791,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 11:04 . 2008-06-18 14:49 138,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 11:04 . 2008-06-18 14:51 27,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 11:04 . 2008-06-18 14:49 5,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 10:35 . 2008-02-07 17:10 <REP> d--h----- C:\ckis
2008-06-12 10:16 . 2008-06-12 15:50 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-12 10:15 . 2008-06-12 10:15 <REP> d-------- C:\kav
2008-06-06 19:53 . 2008-06-06 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2008-06-04 16:18 . 2008-06-04 16:18 <REP> d-------- C:\DVR215D
2008-06-01 19:45 . 2008-06-01 19:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-01 19:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-01 19:42 . 2008-06-01 19:45 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\taz\Application Data\TuneUp Software
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 21:03 . 2008-05-28 21:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:03 . 2008-06-15 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 16:26 . 2008-05-28 16:26 <REP> d-------- C:\WINDOWS\[u]0/uE6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-05-26 16:28 . 2008-05-26 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-26 16:27 . 2008-05-26 16:30 <REP> d-------- C:\Program Files\LogMeIn
2008-05-26 16:27 . 2008-05-19 15:23 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-26 16:27 . 2008-05-19 15:24 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-26 16:27 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-26 16:27 . 2008-05-19 15:23 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-26 16:27 . 2008-05-26 16:27 1,024 --a------ C:\.rnd
2008-05-23 18:24 . 2008-05-23 18:24 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-20 22:22 . 2008-05-20 22:25 <REP> d-------- C:\Program Files\PICPgm
2008-05-20 19:34 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\SETD.tmp
2008-05-20 18:28 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-05-20 15:13 . 2006-11-30 06:10 54,528 -ra------ C:\WINDOWS\system32\drivers\snxpserx.sys
2008-05-20 15:13 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\snxprops.dll
2008-05-20 15:13 . 2006-11-30 06:10 20,864 -ra------ C:\WINDOWS\system32\drivers\snxpcard.sys
2008-05-19 15:23 . 2008-05-19 15:23 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-19 15:23 . 2008-05-19 15:23 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 12:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-18 09:48 --------- d-----w C:\Documents and Settings\taz\Application Data\uTorrent
2008-06-15 06:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 09:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-12 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 04:32 --------- d-----w C:\Program Files\eChanblard
2008-06-02 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 20:25 --------- d-----w C:\Program Files\TomTom HOME
2008-06-01 20:23 --------- d-----w C:\Program Files\ASUS
2008-05-26 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 15:45 --------- d-----w C:\Program Files\Winamp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-09 16:23 --------- d-----w C:\Documents and Settings\taz\Application Data\Leadertech
2008-05-04 16:56 --------- d-----w C:\Documents and Settings\taz\Application Data\NeroDigital™
2008-05-01 16:20 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-01 16:11 --------- d-----w C:\Program Files\Ubisoft
2008-04-29 18:27 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-27 21:34 --------- d-----w C:\Program Files\XviD
2008-04-27 21:12 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-27 20:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-27 12:31 --------- d-----w C:\Program Files\Fichiers communs\Sage
2008-04-27 12:24 --------- d-----w C:\Program Files\Fichiers communs\Ciel
2008-04-27 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel
2008-04-26 19:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-23 19:54 --------- d-----w C:\Program Files\Saitek
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
2006-06-20 18:22 9,070,256 ----a-r C:\Program Files\coccipack.ccp
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-03-12 02:50 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-06-21 00:22 2017280 90e59ecf2d0541312c9eb36568810588 C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-06-21 00:05 2137600 5967696e9138c5337437e6b8653ab836 C:\WINDOWS\system32\ntoskrnl.exe
2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055C622C-8D56-436C-9003-DB858ACA64FA}]
C:\WINDOWS\system32\urqQjiFY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE31B2F-163C-4B8D-9666-B5AD0E76151F}]
C:\WINDOWS\system32\ljJBrRkK.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{341DBB21-4B2C-4E29-8313-BDC78A432218}]
C:\WINDOWS\system32\wvUmkihI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852}]
C:\WINDOWS\system32\hgGvtqRi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C959A6B-B8AC-44C0-9885-57F2C1D1DB77}]
C:\WINDOWS\system32\khfCvUnl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-19 18:10 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-25 04:52 385024 C:\WINDOWS\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-05-23 10:40 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]
C:\Program Files\Podmailing\Podmailing start-minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]
--a------ 2006-12-11 18:34 26624 C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]
--a------ 2006-12-11 17:31 53248 C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]
--a------ 2006-12-11 18:34 25088 C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]
--a------ 2006-12-11 18:34 20992 C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\taz\LOCALS~1\Temp\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Steganos AntiTheft"=2 (0x2)
"aawservice"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6885:TCP"= 6885:TCP:azureus
"6885:UDP"= 6885:UDP:azureus
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34f5359-cf9e-11dc-990d-806d6172696f}]
\Shell\AutoRun\command - F:\.\Bin\Assetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-14 05:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 16:00:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-15 16:43:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 14:51:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-18 14:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 12:55:45
Pre-Run: 109,206,056,960 octets libres
Post-Run: 109,162,561,536 octets libres
310 --- E O F --- 2008-01-30 20:20:31
et pour finir HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:53, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\taz\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 867
14:28:28 18/06/2008
mbam-log-6-18-2008 (14-28-28).txt
Type de recherche: Examen complet (C:\|G:\|Y:\|Z:\|)
Eléments examinés: 116940
Temps écoulé: 25 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awttSLCR.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urlyexje.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBstroP.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df3fe678-cffa-45de-985e-657f48934982} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df3fe678-cffa-45de-985e-657f48934982} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebstrop (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e44e1c97 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe77d2f0b (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttslcr -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttslcr
voici le deuxieme rapport de malware apres redemarrage du pc :
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 867
14:37:38 18/06/2008
mbam-log-6-18-2008 (14-37-38).txt
Type de recherche: Examen rapide
Eléments examinés: 43052
Temps écoulé: 3 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\awttSLCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RCLSttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RCLSttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBstroP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
voici le rapport de combo fix
ComboFix 08-06-16.5 - taz 2008-06-18 14:39:10.1 - NTFSx86
Endroit: C:\Documents and Settings\taz\Bureau\KillBagle.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\#SharedObjects\ANY42E3W\www.broadcaster.com
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\BMe77d2f0b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DdcLknpo.ini
C:\WINDOWS\system32\DdcLknpo.ini2
C:\WINDOWS\system32\fskutmou.dll
C:\WINDOWS\system32\IhikmUvw.ini
C:\WINDOWS\system32\IhikmUvw.ini2
C:\WINDOWS\system32\iRqtvGgh.ini
C:\WINDOWS\system32\iRqtvGgh.ini2
C:\WINDOWS\system32\jjfqiquy.ini
C:\WINDOWS\system32\KkRrBJjl.ini
C:\WINDOWS\system32\KkRrBJjl.ini2
C:\WINDOWS\system32\lkabkfmx.ini
C:\WINDOWS\system32\lnUvCfhk.ini
C:\WINDOWS\system32\lnUvCfhk.ini2
C:\WINDOWS\system32\mcemaqrl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mvcpfawq.ini
C:\WINDOWS\system32\rpmsytxv.ini
C:\WINDOWS\system32\urlyexje.dll
C:\WINDOWS\system32\yabeKRqr.ini
C:\WINDOWS\system32\yabeKRqr.ini2
C:\WINDOWS\system32\YFijQqru.ini
C:\WINDOWS\system32\YFijQqru.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:59 . 2008-06-18 13:59 <REP> d-------- C:\Documents and Settings\taz\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-18 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 13:58 . 2008-06-18 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 13:58 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:54 . 2008-06-16 22:49 790 --a------ C:\WINDOWS\wininit.ini
2008-06-12 11:06 . 2008-06-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-12 11:06 . 2008-06-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-12 11:04 . 2008-06-18 14:51 9,791,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 11:04 . 2008-06-18 14:49 138,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 11:04 . 2008-06-18 14:51 27,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 11:04 . 2008-06-18 14:49 5,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 10:35 . 2008-02-07 17:10 <REP> d--h----- C:\ckis
2008-06-12 10:16 . 2008-06-12 15:50 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-12 10:15 . 2008-06-12 10:15 <REP> d-------- C:\kav
2008-06-06 19:53 . 2008-06-06 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2008-06-04 16:18 . 2008-06-04 16:18 <REP> d-------- C:\DVR215D
2008-06-01 19:45 . 2008-06-01 19:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-01 19:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-01 19:42 . 2008-06-01 19:45 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\taz\Application Data\TuneUp Software
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 21:03 . 2008-05-28 21:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:03 . 2008-06-15 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 16:26 . 2008-05-28 16:26 <REP> d-------- C:\WINDOWS\[u]0/uE6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-05-26 16:28 . 2008-05-26 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-26 16:27 . 2008-05-26 16:30 <REP> d-------- C:\Program Files\LogMeIn
2008-05-26 16:27 . 2008-05-19 15:23 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-26 16:27 . 2008-05-19 15:24 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-26 16:27 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-26 16:27 . 2008-05-19 15:23 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-26 16:27 . 2008-05-26 16:27 1,024 --a------ C:\.rnd
2008-05-23 18:24 . 2008-05-23 18:24 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-20 22:22 . 2008-05-20 22:25 <REP> d-------- C:\Program Files\PICPgm
2008-05-20 19:34 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\SETD.tmp
2008-05-20 18:28 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-05-20 15:13 . 2006-11-30 06:10 54,528 -ra------ C:\WINDOWS\system32\drivers\snxpserx.sys
2008-05-20 15:13 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\snxprops.dll
2008-05-20 15:13 . 2006-11-30 06:10 20,864 -ra------ C:\WINDOWS\system32\drivers\snxpcard.sys
2008-05-19 15:23 . 2008-05-19 15:23 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-19 15:23 . 2008-05-19 15:23 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 12:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-18 09:48 --------- d-----w C:\Documents and Settings\taz\Application Data\uTorrent
2008-06-15 06:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 09:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-12 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 04:32 --------- d-----w C:\Program Files\eChanblard
2008-06-02 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 20:25 --------- d-----w C:\Program Files\TomTom HOME
2008-06-01 20:23 --------- d-----w C:\Program Files\ASUS
2008-05-26 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 15:45 --------- d-----w C:\Program Files\Winamp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-09 16:23 --------- d-----w C:\Documents and Settings\taz\Application Data\Leadertech
2008-05-04 16:56 --------- d-----w C:\Documents and Settings\taz\Application Data\NeroDigital™
2008-05-01 16:20 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-01 16:11 --------- d-----w C:\Program Files\Ubisoft
2008-04-29 18:27 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-27 21:34 --------- d-----w C:\Program Files\XviD
2008-04-27 21:12 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-27 20:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-27 12:31 --------- d-----w C:\Program Files\Fichiers communs\Sage
2008-04-27 12:24 --------- d-----w C:\Program Files\Fichiers communs\Ciel
2008-04-27 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel
2008-04-26 19:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-23 19:54 --------- d-----w C:\Program Files\Saitek
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
2006-06-20 18:22 9,070,256 ----a-r C:\Program Files\coccipack.ccp
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-03-12 02:50 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-06-21 00:22 2017280 90e59ecf2d0541312c9eb36568810588 C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-06-21 00:05 2137600 5967696e9138c5337437e6b8653ab836 C:\WINDOWS\system32\ntoskrnl.exe
2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055C622C-8D56-436C-9003-DB858ACA64FA}]
C:\WINDOWS\system32\urqQjiFY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE31B2F-163C-4B8D-9666-B5AD0E76151F}]
C:\WINDOWS\system32\ljJBrRkK.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{341DBB21-4B2C-4E29-8313-BDC78A432218}]
C:\WINDOWS\system32\wvUmkihI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852}]
C:\WINDOWS\system32\hgGvtqRi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C959A6B-B8AC-44C0-9885-57F2C1D1DB77}]
C:\WINDOWS\system32\khfCvUnl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-19 18:10 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-25 04:52 385024 C:\WINDOWS\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-05-23 10:40 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]
C:\Program Files\Podmailing\Podmailing start-minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]
--a------ 2006-12-11 18:34 26624 C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]
--a------ 2006-12-11 17:31 53248 C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]
--a------ 2006-12-11 18:34 25088 C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]
--a------ 2006-12-11 18:34 20992 C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\taz\LOCALS~1\Temp\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Steganos AntiTheft"=2 (0x2)
"aawservice"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6885:TCP"= 6885:TCP:azureus
"6885:UDP"= 6885:UDP:azureus
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34f5359-cf9e-11dc-990d-806d6172696f}]
\Shell\AutoRun\command - F:\.\Bin\Assetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-14 05:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 16:00:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-15 16:43:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 14:51:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-18 14:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 12:55:45
Pre-Run: 109,206,056,960 octets libres
Post-Run: 109,162,561,536 octets libres
310 --- E O F --- 2008-01-30 20:20:31
et pour finir HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:53, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\taz\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 15:19
18 juin 2008 à 15:19
analyse ces deux fichiers sur virus total et dis moi si inféctés:
https://www.virustotal.com/gui/
C:\WINDOWS\system32\lmimirr.dll
C:\WINDOWS\system32\lmimirr2.dll
https://www.virustotal.com/gui/
C:\WINDOWS\system32\lmimirr.dll
C:\WINDOWS\system32\lmimirr2.dll
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 15:35
18 juin 2008 à 15:35
ca y es a priori pas d infection sur les 2 fichiers cela me met des - en face de chaque antivirus donc c est ok .
alexia je n est pas saisi ton histoire avec avast ?
alexia je n est pas saisi ton histoire avec avast ?
xAlexiax
Messages postés
5
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 15:21
18 juin 2008 à 15:21
Télécharge le logiciel antivirus "AVAST", et après le message d'alerte, met le en quarantaine.
× Cordialement, Alexia. :')
× Cordialement, Alexia. :')
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 15:54
18 juin 2008 à 15:54
voila je vient de refaire une analyse avec spybot et il ne me trouve plus de virtuamonde ni rien d autre d ailleur .
crois tu que le souci est reglé jlpjlp si c est le cas je te remerci grandement pour ta précieuse aide .
j attend ta reponse pour indiquer le probleme résolue le cas échéant .
crois tu que le souci est reglé jlpjlp si c est le cas je te remerci grandement pour ta précieuse aide .
j attend ta reponse pour indiquer le probleme résolue le cas échéant .
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 15:58
18 juin 2008 à 15:58
relance hijakhcits , fais do a system scan only et fix ces lignes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)
O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)
___________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\system32\urqQjiFY.dll
C:\WINDOWS\system32\ljJBrRkK.dll
C:\WINDOWS\system32\wvUmkihI.dll
C:\WINDOWS\system32\hgGvtqRi.dll
C:\WINDOWS\system32\khfCvUnl.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055C622C-8D56-436C-9003-DB858ACA64FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE31B2F-163C-4B8D-9666-B5AD0E76151F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{341DBB21-4B2C-4E29-8313-BDC78A432218}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C959A6B-B8AC-44C0-9885-57F2C1D1DB77}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)
O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)
___________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\system32\urqQjiFY.dll
C:\WINDOWS\system32\ljJBrRkK.dll
C:\WINDOWS\system32\wvUmkihI.dll
C:\WINDOWS\system32\hgGvtqRi.dll
C:\WINDOWS\system32\khfCvUnl.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055C622C-8D56-436C-9003-DB858ACA64FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE31B2F-163C-4B8D-9666-B5AD0E76151F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{341DBB21-4B2C-4E29-8313-BDC78A432218}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C959A6B-B8AC-44C0-9885-57F2C1D1DB77}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 17:36
18 juin 2008 à 17:36
voila ca y es j ai tous fait voici les log
ComboFix 08-06-16.5 - taz 2008-06-18 17:11:39.3 - NTFSx86
Endroit: C:\Documents and Settings\taz\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\taz\Bureau\CFscript.txt
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\system32\hgGvtqRi.dll
C:\WINDOWS\system32\khfCvUnl.dll
C:\WINDOWS\system32\ljJBrRkK.dll
C:\WINDOWS\system32\urqQjiFY.dll
C:\WINDOWS\system32\wvUmkihI.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:59 . 2008-06-18 13:59 <REP> d-------- C:\Documents and Settings\taz\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-18 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 13:58 . 2008-06-18 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 13:58 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:54 . 2008-06-16 22:49 790 --a------ C:\WINDOWS\wininit.ini
2008-06-12 11:06 . 2008-06-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-12 11:06 . 2008-06-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-12 11:04 . 2008-06-18 17:21 9,859,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 11:04 . 2008-06-18 16:48 138,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 11:04 . 2008-06-18 17:20 32,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 11:04 . 2008-06-18 16:48 6,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 10:35 . 2008-02-07 17:10 <REP> d--h----- C:\ckis
2008-06-12 10:16 . 2008-06-12 15:50 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-12 10:15 . 2008-06-12 10:15 <REP> d-------- C:\kav
2008-06-06 19:53 . 2008-06-06 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2008-06-04 16:18 . 2008-06-04 16:18 <REP> d-------- C:\DVR215D
2008-06-01 19:45 . 2008-06-01 19:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-01 19:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-01 19:42 . 2008-06-01 19:45 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\taz\Application Data\TuneUp Software
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 21:03 . 2008-05-28 21:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:03 . 2008-06-15 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 16:26 . 2008-05-28 16:26 <REP> d-------- C:\WINDOWS\[u]0[/u]E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-05-26 16:28 . 2008-05-26 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-26 16:27 . 2008-05-26 16:30 <REP> d-------- C:\Program Files\LogMeIn
2008-05-26 16:27 . 2008-05-19 15:23 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-26 16:27 . 2008-05-19 15:24 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-26 16:27 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-26 16:27 . 2008-05-19 15:23 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-26 16:27 . 2008-05-26 16:27 1,024 --a------ C:\.rnd
2008-05-23 18:24 . 2008-05-23 18:24 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-20 22:22 . 2008-05-20 22:25 <REP> d-------- C:\Program Files\PICPgm
2008-05-20 19:34 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\SETD.tmp
2008-05-20 18:28 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-05-20 15:13 . 2006-11-30 06:10 54,528 -ra------ C:\WINDOWS\system32\drivers\snxpserx.sys
2008-05-20 15:13 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\snxprops.dll
2008-05-20 15:13 . 2006-11-30 06:10 20,864 -ra------ C:\WINDOWS\system32\drivers\snxpcard.sys
2008-05-19 15:23 . 2008-05-19 15:23 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-19 15:23 . 2008-05-19 15:23 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-18 14:49 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 09:48 --------- d-----w C:\Documents and Settings\taz\Application Data\uTorrent
2008-06-15 06:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 09:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-12 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 04:32 --------- d-----w C:\Program Files\eChanblard
2008-06-02 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 20:25 --------- d-----w C:\Program Files\TomTom HOME
2008-06-01 20:23 --------- d-----w C:\Program Files\ASUS
2008-05-26 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 15:45 --------- d-----w C:\Program Files\Winamp
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 16:23 --------- d-----w C:\Documents and Settings\taz\Application Data\Leadertech
2008-05-04 16:56 --------- d-----w C:\Documents and Settings\taz\Application Data\NeroDigital™
2008-05-01 16:20 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-01 16:11 --------- d-----w C:\Program Files\Ubisoft
2008-04-29 18:27 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-27 21:34 --------- d-----w C:\Program Files\XviD
2008-04-27 21:12 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-27 20:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-27 12:31 --------- d-----w C:\Program Files\Fichiers communs\Sage
2008-04-27 12:24 --------- d-----w C:\Program Files\Fichiers communs\Ciel
2008-04-27 12:09 155,995 ----a-w C:\WINDOWS\java\Packages\5FBD31JD.ZIP
2008-04-27 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel
2008-04-26 19:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-23 19:54 --------- d-----w C:\Program Files\Saitek
2008-03-26 16:18 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2008-03-26 16:18 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
2006-06-20 18:22 9,070,256 ----a-r C:\Program Files\coccipack.ccp
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-03-12 02:50 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-06-21 00:22 2017280 90e59ecf2d0541312c9eb36568810588 C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-06-21 00:05 2137600 5967696e9138c5337437e6b8653ab836 C:\WINDOWS\system32\ntoskrnl.exe
2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_14.55.34.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 12:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 14:49:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-19 18:10 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-25 04:52 385024 C:\WINDOWS\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-05-23 10:40 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]
C:\Program Files\Podmailing\Podmailing start-minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]
--a------ 2006-12-11 18:34 26624 C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]
--a------ 2006-12-11 17:31 53248 C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]
--a------ 2006-12-11 18:34 25088 C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]
--a------ 2006-12-11 18:34 20992 C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\taz\LOCALS~1\Temp\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Steganos AntiTheft"=2 (0x2)
"aawservice"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6885:TCP"= 6885:TCP:azureus
"6885:UDP"= 6885:UDP:azureus
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34f5359-cf9e-11dc-990d-806d6172696f}]
\Shell\AutoRun\command - F:\.\Bin\Assetup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-14 05:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 16:00:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-15 16:43:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 17:20:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-18 17:26:41
ComboFix-quarantined-files.txt 2008-06-18 15:26:20
ComboFix2.txt 2008-06-18 14:42:19
ComboFix3.txt 2008-06-18 12:55:48
Pre-Run: 109,182,648,320 octets libres
Post-Run: 109,163,008,000 octets libres
291 --- E O F --- 2008-01-30 20:20:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:55, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\taz\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
ComboFix 08-06-16.5 - taz 2008-06-18 17:11:39.3 - NTFSx86
Endroit: C:\Documents and Settings\taz\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\taz\Bureau\CFscript.txt
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\WINDOWS\system32\hgGvtqRi.dll
C:\WINDOWS\system32\khfCvUnl.dll
C:\WINDOWS\system32\ljJBrRkK.dll
C:\WINDOWS\system32\urqQjiFY.dll
C:\WINDOWS\system32\wvUmkihI.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:59 . 2008-06-18 13:59 <REP> d-------- C:\Documents and Settings\taz\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-18 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 13:58 . 2008-06-18 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 13:58 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 13:58 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:54 . 2008-06-16 22:49 790 --a------ C:\WINDOWS\wininit.ini
2008-06-12 11:06 . 2008-06-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-12 11:06 . 2008-06-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-12 11:04 . 2008-06-18 17:21 9,859,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 11:04 . 2008-06-18 16:48 138,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 11:04 . 2008-06-18 17:20 32,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 11:04 . 2008-06-18 16:48 6,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 10:35 . 2008-02-07 17:10 <REP> d--h----- C:\ckis
2008-06-12 10:16 . 2008-06-12 15:50 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-12 10:15 . 2008-06-12 10:15 <REP> d-------- C:\kav
2008-06-06 19:53 . 2008-06-06 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2008-06-04 16:18 . 2008-06-04 16:18 <REP> d-------- C:\DVR215D
2008-06-01 19:45 . 2008-06-01 19:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-01 19:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-01 19:42 . 2008-06-01 19:45 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\taz\Application Data\TuneUp Software
2008-06-01 19:42 . 2008-06-01 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-28 21:03 . 2008-05-28 21:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:03 . 2008-06-15 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 16:26 . 2008-05-28 16:26 <REP> d-------- C:\WINDOWS\[u]0[/u]E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2008-05-26 16:28 . 2008-05-26 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-26 16:27 . 2008-05-26 16:30 <REP> d-------- C:\Program Files\LogMeIn
2008-05-26 16:27 . 2008-05-19 15:23 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-26 16:27 . 2008-05-19 15:24 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-26 16:27 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-26 16:27 . 2008-05-19 15:23 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-26 16:27 . 2008-05-26 16:27 1,024 --a------ C:\.rnd
2008-05-23 18:24 . 2008-05-23 18:24 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-20 22:22 . 2008-05-20 22:25 <REP> d-------- C:\Program Files\PICPgm
2008-05-20 19:34 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\SETD.tmp
2008-05-20 18:28 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-05-20 15:13 . 2006-11-30 06:10 54,528 -ra------ C:\WINDOWS\system32\drivers\snxpserx.sys
2008-05-20 15:13 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\snxprops.dll
2008-05-20 15:13 . 2006-11-30 06:10 20,864 -ra------ C:\WINDOWS\system32\drivers\snxpcard.sys
2008-05-19 15:23 . 2008-05-19 15:23 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-19 15:23 . 2008-05-19 15:23 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-18 14:49 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 09:48 --------- d-----w C:\Documents and Settings\taz\Application Data\uTorrent
2008-06-15 06:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 09:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-12 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 04:32 --------- d-----w C:\Program Files\eChanblard
2008-06-02 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 20:25 --------- d-----w C:\Program Files\TomTom HOME
2008-06-01 20:23 --------- d-----w C:\Program Files\ASUS
2008-05-26 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 15:45 --------- d-----w C:\Program Files\Winamp
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 16:23 --------- d-----w C:\Documents and Settings\taz\Application Data\Leadertech
2008-05-04 16:56 --------- d-----w C:\Documents and Settings\taz\Application Data\NeroDigital™
2008-05-01 16:20 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-01 16:11 --------- d-----w C:\Program Files\Ubisoft
2008-04-29 18:27 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-27 21:34 --------- d-----w C:\Program Files\XviD
2008-04-27 21:12 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-27 20:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-27 12:31 --------- d-----w C:\Program Files\Fichiers communs\Sage
2008-04-27 12:24 --------- d-----w C:\Program Files\Fichiers communs\Ciel
2008-04-27 12:09 155,995 ----a-w C:\WINDOWS\java\Packages\5FBD31JD.ZIP
2008-04-27 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel
2008-04-26 19:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-23 19:54 --------- d-----w C:\Program Files\Saitek
2008-03-26 16:18 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2008-03-26 16:18 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
2006-06-20 18:22 9,070,256 ----a-r C:\Program Files\coccipack.ccp
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-03-12 02:50 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-06-21 00:22 2017280 90e59ecf2d0541312c9eb36568810588 C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-06-21 00:05 2137600 5967696e9138c5337437e6b8653ab836 C:\WINDOWS\system32\ntoskrnl.exe
2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_14.55.34.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 12:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 14:49:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-19 18:10 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-25 04:52 385024 C:\WINDOWS\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk]
--a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-05-23 10:40 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]
C:\Program Files\Podmailing\Podmailing start-minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent]
--a------ 2006-12-11 18:34 26624 C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter]
--a------ 2006-12-11 17:31 53248 C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys]
--a------ 2006-12-11 18:34 25088 C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill]
--a------ 2006-12-11 18:34 20992 C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\taz\LOCALS~1\Temp\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Steganos AntiTheft"=2 (0x2)
"aawservice"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6885:TCP"= 6885:TCP:azureus
"6885:UDP"= 6885:UDP:azureus
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34f5359-cf9e-11dc-990d-806d6172696f}]
\Shell\AutoRun\command - F:\.\Bin\Assetup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-14 05:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 16:00:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-15 16:43:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 17:20:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-18 17:26:41
ComboFix-quarantined-files.txt 2008-06-18 15:26:20
ComboFix2.txt 2008-06-18 14:42:19
ComboFix3.txt 2008-06-18 12:55:48
Pre-Run: 109,182,648,320 octets libres
Post-Run: 109,163,008,000 octets libres
291 --- E O F --- 2008-01-30 20:20:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:55, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\taz\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 17:40
18 juin 2008 à 17:40
j ai aussi kaspersky qui ma detecté un virus EICAR-test-file dans les dossier temp est ce un des prog ramme que l on vient d utiliser ? que dois je faire le désinfecter ou pas .
merci .
merci .
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 18:13
18 juin 2008 à 18:13
eicar est un logiciel pour tester ta protection (c'est un faux virus que tu peux virer)
https://antivirus-france.com/
https://antivirus-france.com/
tazyan
Messages postés
7
Date d'inscription
mercredi 18 juin 2008
Statut
Membre
Dernière intervention
18 juin 2008
18 juin 2008 à 18:16
18 juin 2008 à 18:16
ok c fait je vient de redemarrer l ordi et plus de souci avec l affichage mais kaspersky ne demarre plus avec windows et des que je le remet ca rame .
est ce que mes probleme ne peuvent pas venir de la ?
et concernant le virus virtuamonde c est fini ?
puis je marquer resolue ?
merci pour ton aide
est ce que mes probleme ne peuvent pas venir de la ?
et concernant le virus virtuamonde c est fini ?
puis je marquer resolue ?
merci pour ton aide
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 juin 2008 à 19:44
18 juin 2008 à 19:44
fix ces lignes
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
____________
si le souci persiste avec kasperksy
desinstalle kaspersky
http://grandpublic.kaspersky.fr/index.php?ShowID=257
et remets le ensuite
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
____________
si le souci persiste avec kasperksy
desinstalle kaspersky
http://grandpublic.kaspersky.fr/index.php?ShowID=257
et remets le ensuite
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 juin 2008 à 13:24
19 juin 2008 à 13:24
parfait tu peux garder malwarebytes pour rechercher de temps en temps des espions dans ton ordinateur
vire le reste
_____________
mets spywareblaster pour immuniser en partie ton system contre vundo que tu avais (il suffit de mettre a jour toute les semaines et d'immuniser ton systeme)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
bonne continuation
vire le reste
_____________
mets spywareblaster pour immuniser en partie ton system contre vundo que tu avais (il suffit de mettre a jour toute les semaines et d'immuniser ton systeme)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
bonne continuation
18 juin 2008 à 13:14
pour hostexpert quand je valide restor ms host file il me fait une erreur
il ne peut pas créer c\windows\systeme32\drivers\etc\hosts
que dois je faire ?