virus virtuamonde a l aide !!! Résolu/Fermé

Question

Bonjour,
voila spybot me detect depuis quelque jour un trojan virtuamonde tout comme kaspersky mais apres plusieur analyse et suppression au demarage que se soit spybot et kaspersky rien y fait .
je suis toujour infecté quelqu un pourrait il me guider pour me debarrassé de cette m......

voila j ai vu qu il fallait commencer par poster un log hijack donc voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:55, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	lntsvr.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\Documents and Settings	az\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: {c6bedb68-18ec-2a68-2054-f4e8718dea91} - {19aed817-8e4f-4502-86a2-ce8186bdeb6c} - C:\WINDOWS\system32\fskutmou.dll
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8710FC9F-0816-49D7-AE14-4BA5269E838C} - C:\WINDOWS\system32\geBstroP.dll
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {F201365F-B9EE-40B0-94C8-529E91F485A9} - C:\WINDOWS\system32\awttSLCR.dll
O2 - BHO: (no name) - {FBC5E905-D35F-447D-BF0C-5114ABD56045} - (no file)
O2 - BHO: (no name) - {FE55689E-900B-4393-A55D-1BFD4BA62B4D} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [BMe77d2f0b] Rundll32.exe "C:\WINDOWS\system32\pxvlaavv.dll",s
O4 - HKLM\..\Run: [e44e1c97] rundll32.exe "C:\WINDOWS\system32\urlyexje.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: geBstroP - C:\WINDOWS\SYSTEM32\geBstroP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jlpjlp · Answer

slt



* Télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip

* Dézipper le dossier sur le bureau.
* Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

________________

installe 
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
scan avec, vire ce qui est trouvé et colle moi le rapport

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm 
________________

desactive kaspersky

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

______________
recolle un nouveau rapport hijakhcits et dis tes soucis actuels

jlpjlp · Answer

alors a la place


telecharge et lance rhost

http://siri.urz.free.fr/RHosts.php

jlpjlp · Answer

analyse ces deux fichiers sur virus total et dis moi si inféctés:
https://www.virustotal.com/gui/

C:\WINDOWS\system32\lmimirr.dll
C:\WINDOWS\system32\lmimirr2.dll

xAlexiax · Answer

Télécharge le logiciel antivirus "AVAST", et après le message d'alerte,  met le en quarantaine.


× Cordialement, Alexia. :')

tazyan · Answer

voila je vient de refaire une analyse avec spybot et il ne me trouve plus de virtuamonde ni rien d autre d ailleur .

crois tu que le souci est reglé jlpjlp  si c est le cas je te remerci grandement pour ta précieuse aide .

j attend ta reponse pour indiquer le probleme résolue le cas échéant .

jlpjlp · Answer

relance hijakhcits , fais do a system scan only et fix ces lignes


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {055C622C-8D56-436C-9003-DB858ACA64FA} - C:\WINDOWS\system32\urqQjiFY.dll (file missing)
O2 - BHO: (no name) - {0CE31B2F-163C-4B8D-9666-B5AD0E76151F} - C:\WINDOWS\system32\ljJBrRkK.dll (file missing)
O2 - BHO: (no name) - {341DBB21-4B2C-4E29-8313-BDC78A432218} - C:\WINDOWS\system32\wvUmkihI.dll (file missing)

O2 - BHO: (no name) - {846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852} - C:\WINDOWS\system32\hgGvtqRi.dll (file missing)
O2 - BHO: (no name) - {8C959A6B-B8AC-44C0-9885-57F2C1D1DB77} - C:\WINDOWS\system32\khfCvUnl.dll (file missing)

___________



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL 
C:\WINDOWS\system32\urqQjiFY.dll
C:\WINDOWS\system32\ljJBrRkK.dll
C:\WINDOWS\system32\wvUmkihI.dll
C:\WINDOWS\system32\hgGvtqRi.dll
C:\WINDOWS\system32\khfCvUnl.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{055C622C-8D56-436C-9003-DB858ACA64FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE31B2F-163C-4B8D-9666-B5AD0E76151F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{341DBB21-4B2C-4E29-8313-BDC78A432218}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846A5E43-AEAE-4BE3-A2B7-BAEBCD92D852}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C959A6B-B8AC-44C0-9885-57F2C1D1DB77}]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

tazyan · Answer

voila ca y es j ai tous fait voici les log ComboFix 08-06-16.5 - taz 2008-06-18 17:11:39.3 - NTFSx86 Endroit: C:\Documents and Settings\taz\Bureau\KillBagle.exe Command switches used :: C:\Documents and Settings\taz\Bureau\CFscript.txt [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\Program Files\AskTBar C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL C:\WINDOWS\system32\hgGvtqRi.dll C:\WINDOWS\system32\khfCvUnl.dll C:\WINDOWS\system32\ljJBrRkK.dll C:\WINDOWS\system32\urqQjiFY.dll C:\WINDOWS\system32\wvUmkihI.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))))))) . 2008-06-18 13:59 . 2008-06-18 13:59 d-------- C:\Documents and Settings\taz\Application Data\Malwarebytes 2008-06-18 13:58 . 2008-06-18 13:59 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-18 13:58 . 2008-06-18 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-18 13:58 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-18 13:58 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-12 14:54 . 2008-06-16 22:49 790 --a------ C:\WINDOWS\wininit.ini 2008-06-12 11:06 . 2008-06-12 11:13 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-06-12 11:06 . 2008-06-12 11:13 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-06-12 11:04 . 2008-06-18 17:21 9,859,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-12 11:04 . 2008-06-18 16:48 138,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-12 11:04 . 2008-06-18 17:20 32,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-12 11:04 . 2008-06-18 16:48 6,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-12 10:35 . 2008-02-07 17:10 d--h----- C:\ckis 2008-06-12 10:16 . 2008-06-12 15:50 d-------- C:\Program Files\Kaspersky Lab 2008-06-12 10:15 . 2008-06-12 10:15 d-------- C:\kav 2008-06-06 19:53 . 2008-06-06 19:53 d-------- C:\Documents and Settings\All Users\Application Data\eBay 2008-06-04 16:18 . 2008-06-04 16:18 d-------- C:\DVR215D 2008-06-01 19:45 . 2008-06-01 19:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-06-01 19:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-06-01 19:42 . 2008-06-01 19:45 d-------- C:\Program Files\TuneUp Utilities 2008 2008-06-01 19:42 . 2008-06-01 19:42 d-------- C:\Documents and Settings\taz\Application Data\TuneUp Software 2008-06-01 19:42 . 2008-06-01 19:42 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-28 21:03 . 2008-05-28 21:03 d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-28 21:03 . 2008-06-15 09:08 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-28 16:26 . 2008-05-28 16:26 d-------- C:\WINDOWS\[u]0[/u]E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP 2008-05-26 16:28 . 2008-05-26 16:28 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-05-26 16:27 . 2008-05-26 16:30 d-------- C:\Program Files\LogMeIn 2008-05-26 16:27 . 2008-05-19 15:23 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-05-26 16:27 . 2008-05-19 15:24 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-26 16:27 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-05-26 16:27 . 2008-05-19 15:23 24,608 --a------ C:\WINDOWS\system32\LMIport.dll 2008-05-26 16:27 . 2008-05-26 16:27 1,024 --a------ C:\.rnd 2008-05-23 18:24 . 2008-05-23 18:24 d-------- C:\Program Files\Microsoft Games 2008-05-20 22:22 . 2008-05-20 22:25 d-------- C:\Program Files\PICPgm 2008-05-20 19:34 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\SETD.tmp 2008-05-20 18:28 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys 2008-05-20 15:13 . 2006-11-30 06:10 54,528 -ra------ C:\WINDOWS\system32\drivers\snxpserx.sys 2008-05-20 15:13 . 2006-11-30 06:10 49,216 -ra------ C:\WINDOWS\system32\snxprops.dll 2008-05-20 15:13 . 2006-11-30 06:10 20,864 -ra------ C:\WINDOWS\system32\drivers\snxpcard.sys 2008-05-19 15:23 . 2008-05-19 15:23 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll 2008-05-19 15:23 . 2008-05-19 15:23 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-18 14:49 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-06-18 09:48 --------- d-----w C:\Documents and Settings\taz\Application Data\uTorrent 2008-06-15 06:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-12 09:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-06-12 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-08 04:32 --------- d-----w C:\Program Files\eChanblard 2008-06-02 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 20:25 --------- d-----w C:\Program Files\TomTom HOME 2008-06-01 20:23 --------- d-----w C:\Program Files\ASUS 2008-05-26 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-25 15:45 --------- d-----w C:\Program Files\Winamp 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-05-09 16:23 --------- d-----w C:\Documents and Settings\taz\Application Data\Leadertech 2008-05-04 16:56 --------- d-----w C:\Documents and Settings\taz\Application Data\NeroDigital™ 2008-05-01 16:20 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-05-01 16:11 --------- d-----w C:\Program Files\Ubisoft 2008-04-29 18:27 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-04-27 21:34 --------- d-----w C:\Program Files\XviD 2008-04-27 21:12 --------- d-----w C:\Program Files\Alcohol Soft 2008-04-27 20:58 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-27 12:31 --------- d-----w C:\Program Files\Fichiers communs\Sage 2008-04-27 12:24 --------- d-----w C:\Program Files\Fichiers communs\Ciel 2008-04-27 12:09 155,995 ----a-w C:\WINDOWS\java\Packages\5FBD31JD.ZIP 2008-04-27 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel 2008-04-26 19:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-23 19:54 --------- d-----w C:\Program Files\Saitek 2008-03-26 16:18 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll 2008-03-26 16:18 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll 2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe 2006-06-20 18:22 9,070,256 ----a-r C:\Program Files\coccipack.ccp 2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll . ------- Sigcheck ------- 2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-12 02:50 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys 2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2006-06-21 00:22 2017280 90e59ecf2d0541312c9eb36568810588 C:\WINDOWS\system32\ntkrnlpa.exe 2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2006-06-21 00:05 2137600 5967696e9138c5337437e6b8653ab836 C:\WINDOWS\system32\ntoskrnl.exe 2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-18_14.55.34.03 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-18 12:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-18 14:49:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help] C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-19 18:10 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT] C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] -r------- 2006-04-25 04:52 385024 C:\WINDOWS\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] --a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk] --a------ 2006-06-21 01:20 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] --a------ 2007-05-23 10:40 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing] C:\Program Files\Podmailing\Podmailing start-minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 Agent] --a------ 2006-12-11 18:34 26624 C:\Program Files\Steganos Security Suite 2007\SteganosAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 File Redirection Starter] --a------ 2006-12-11 17:31 53248 C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 HotKeys] --a------ 2006-12-11 18:34 25088 C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSS2007 PasswordManagerFFAutoFill] --a------ 2006-12-11 18:34 20992 C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup] C:\DOCUME~1\taz\LOCALS~1\Temp\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SharedAccess"=2 (0x2) "EZ-Backup Manager"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "Steganos AntiTheft"=2 (0x2) "aawservice"=2 (0x2) "FontCache3.0.0.0"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="1" "AntiVirusDisableNotify"="1" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\FlashFXP\FlashFXP.exe"= "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\Podmailing\podmailing.exe"= "C:\WINDOWS\system32\spoolsv.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\eChanblard\emule.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6885:TCP"= 6885:TCP:azureus "6885:UDP"= 6885:UDP:azureus "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34f5359-cf9e-11dc-990d-806d6172696f}] \Shell\AutoRun\command - F:\.\Bin\Assetup.exe *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-14 05:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-13 16:00:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-06-15 16:43:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 17:20:58 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-18 17:26:41 ComboFix-quarantined-files.txt 2008-06-18 15:26:20 ComboFix2.txt 2008-06-18 14:42:19 ComboFix3.txt 2008-06-18 12:55:48 Pre-Run: 109,182,648,320 octets libres Post-Run: 109,163,008,000 octets libres 291 --- E O F --- 2008-01-30 20:20:31 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:28:55, on 18/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\taz\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?') O4 - HKUS\S-1-5-21-1078081533-308236825-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

tazyan · Answer

j ai aussi kaspersky qui  ma detecté un virus EICAR-test-file  dans les dossier temp est ce un des prog ramme que l on vient d utiliser ? que dois je faire le désinfecter ou pas .

merci .

jlpjlp · Answer

eicar est un logiciel pour tester ta protection (c'est un faux virus que tu peux virer)

https://antivirus-france.com/

jlpjlp · Answer

fix ces lignes

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?') 
____________

si le souci persiste avec kasperksy


desinstalle kaspersky 

http://grandpublic.kaspersky.fr/index.php?ShowID=257


et remets le ensuite

jlpjlp · Answer

parfait tu peux  garder malwarebytes pour rechercher de temps en temps des espions dans ton ordinateur

vire le reste


_____________

mets spywareblaster pour immuniser en partie ton system contre vundo que tu avais (il suffit de mettre a jour toute les semaines et d'immuniser ton systeme)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

bonne continuation

Virus virtuamonde a l aide !!!

11 réponses

Discussions similaires