Aidez moi svp >> Virus (antivirus xp 2008)
Résolu
Julien
-
omarjustin -
omarjustin -
Bonjour,
Il y a quelques heurs, j'ai eu un virus (l'antivirus xp 2008). Il m'embête sérieusement et je ne suis pas à l'aise pour tout ce qui est virus !
Est-ce que quelqu'un pourrait m'aider svp
Merci d'avance à vous
Il y a quelques heurs, j'ai eu un virus (l'antivirus xp 2008). Il m'embête sérieusement et je ne suis pas à l'aise pour tout ce qui est virus !
Est-ce que quelqu'un pourrait m'aider svp
Merci d'avance à vous
Configuration: Windows XP Firefox 2.0.0.14
61 réponses
- 1
- 2
- 3
- 4
Suivant
Résumé de la discussion
Il s'agit d'une infection par un faux antivirus nommé XP-2008 sous Windows XP, qui se manifeste par des processus et des raccourcis persistants et complique la désinfection.
Plusieurs conseils préconisent HijackThis pour repérer et supprimer les éléments indésirables dans les clés de démarrage et les barres d'outil, puis nettoyer les entrées malicieuses à partir des rapports générés.
En cas d'infection étendue, un balayage complémentaire avec Malwarebytes et une vérification des services et processus dans les rapports HijackThis permettent d'éliminer les éléments rémanents et les programmes qui se lancent au démarrage.
Récentes interventions indiquent aussi que retirer manuellement le dossier concerné peut laisser des entrées résiduelles dans le menu démarrer, nécessitant une vérification approfondie et une remise à jour des défenses.
-
Salut,
Télécharge HijackThis ici :
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
-
-
Bonjour moi aussi j'ai eu ce problème et je n'ai jamais pu m'en défaire, et comme ce problème survient qu'avec Internet Explorer alors j'ai télécharger Mozilla Firefox qui est très bien. Depuis je n'ai plus de problème avec XP antivirus :)... Tiens si tu es intéressé : http://www.01net.com/telecharger/windows/Internet/navigateur/fiches/42003.html
-
Bonjour à tous et merci !
Chiquitine voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 19:52:22, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\lphcjfdj0el2b.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\pphcjfdj0el2b.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {1AC5A38E-8810-43F0-B9E8-6BBDF01CAD16} - C:\WINDOWS\ksendlbtmqt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: vrmdtneg - {1EDC0625-1B0F-467C-9889-817C3DE3D37C} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] D:\Logiciel\Videostudio\uvPL.exe
O4 - HKLM\..\Run: [lphcjfdj0el2b] C:\WINDOWS\system32\lphcjfdj0el2b.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: Download Video on This Page - D:\Logiciel\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - D:\Logiciel\YouTube Video Downloader\IELink.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: wpvmqosg - {CF5BD352-5C7C-4475-98F3-A1674B5E2CA6} - C:\WINDOWS\wpvmqosg.dll
O21 - SSODL: xvorfwbd - {CD0F1613-EA52-4C7D-98F0-94C5B58333C6} - C:\WINDOWS\xvorfwbd.dll
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: wampapache - Unknown owner - D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
Je vais voir les autres liens en attendant proposé par les autres membres -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
tu es tres infecté ,
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log-
Merci pour ce post !
Voici mon rapport :
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\uRlIYSiI.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\jtubyk.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7800dc35-cbad-491d-8bc9-8bc360097c34} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7800dc35-cbad-491d-8bc9-8bc360097c34} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6897f6f-7651-4d32-b9f8-79cbf9860db1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6897f6f-7651-4d32-b9f8-79cbf9860db1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55245623-68fc-4e18-968e-0766db3d799c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ff22309-a6ed-462b-abec-877625c012f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcgqtj0e58c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcgqtj0e58c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6ff22309-a6ed-462b-abec-877625c012f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urliysii -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urliysii -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\rhcgqtj0e58c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Windows\System32\uRlIYSiI.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\IiSYIlRu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\IiSYIlRu.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jtubyk.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\cxcgtnkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qkntgcxc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ptcfpvbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ibvpfctp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wprecyjf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fjycerpw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IEJZH3C\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IEJZH3C\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTGF82B8\lux[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTGF82B8\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTGF82B8\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTGF82B8\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY31342A\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Local\Temp\tmp004247b6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\1C69.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\3266.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\cqgklf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gxphhbpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nbccnfth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oevmfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pphclqtj0e58c.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wdexugvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Windows\System32\blphclqtj0e58c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\phclqtj0e58c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\HP_Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
-
-
Ok, je suis en train de le faire. Merci je te dis ça une fois le scan passé encore merci !!!
@+ -
salut je vous propose de regler les parametres de votre antivirus en etan plus clair essayez de changer la securite'qui est peut etre high en medium security.thanks
-
Re
En fait, le scan tourne toujours (c'est long !!!), pour l'instant j'ai 12 éléments infectées !!! Je ne sais pas si je pourrai le terminer aujourd'hui car pour l'instant près de 80000 éléments examiner et ça fait bientôt 1 heures que l'examen a commencer. Mais bon juste une question :
Si j'arrive à détruire les virus détecté (fichier touche) par ce logiciel, a quoi me servira le rapport que je passerai sur le forum après examen et destruction des virus détecté (fichier touché) ?
Encore merci pour tout -
re
on demande les raprt por suivre l evolution de la désinfection, les rapport nus indique quels logiciel détruit qui
hijackthis nous informe de la santé du pc c est a dire si il reste des infections ou pas
dans ton cas malewarebyte va faire le plus gros du travail
@++ -
Ok merci, je vois ça avec toi demain si tu es disponible et je te tiens au courant du rapport en tout cas merci beaucoup, je trouve sincèrement ta démarche très gentille. Merci pour tout !!!
A demain si tu es là ! -
-
Bonjour,
J'ai désinfecté 94 éléments selon le logiciel. Voici le rapport après suppression des éléments infectes (fait avec HijackThis)
Logfile of HijackThis v1.99.1
Scan saved at 19:23: VIRUS ALERT!, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\lphcjfdj0el2b.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
C:\WINDOWS\system32\pphcjfdj0el2b.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.204\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] D:\Logiciel\Videostudio\uvPL.exe
O4 - HKLM\..\Run: [lphcjfdj0el2b] C:\WINDOWS\system32\lphcjfdj0el2b.exe
O4 - HKLM\..\Run: [SMrhcnfdj0el2b] C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download Video on This Page - D:\Logiciel\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - D:\Logiciel\YouTube Video Downloader\IELink.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: wampapache - Unknown owner - D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
Voilà, j'ai encore ce virus et d'ailleurs il a pris déjà de l'ampleur dans mon PC. Voilà j'attend ta deduction et encore merci ! -
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-
Ok, je suis à l'étape pour démarrer ComboFix : j'ai juste une question :
Quand tu dis se déconnecter d'internet, tu veux dire fermer les navigateurs ou carrément débrancher la prise téléphonique ? -
-
Voilà, normalement tout c'est bien passé mais le virus, lui, est toujours présent !!!
1) Je te passe le rapport avec Combo fix :
ComboFix 08-06-20.4 - Administrateur 2008-06-24 22:13:20.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.342 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\Advanced XP Defender.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\How to register.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\Register.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender\Uninstall.lnk
C:\WINDOWS\eexd.exe
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 15:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 15:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
.
------- Sigcheck -------
2007-12-07 03:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\system32\dllcache\wininet.dll
2002-08-29 09:45 603136 cbc50d46257c4a75644230507b488050 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2006-06-23 13:28 581120 1f063bdbd1afef9ac0abd02384d40376 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-12-07 03:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 09:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:34 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-08-10 15:26 16384]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-08-22 20:57 651264]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 22:04 190696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 11:21 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"MMTray"="MMTray.exe" [2003-03-25 06:49 53248 C:\WINDOWS\system32\MMTray.exe]
"MMTray2K"="MMTray2k.exe" [2003-03-25 06:49 57344 C:\WINDOWS\system32\MMTray2k.exe]
"MMTrayLSI"="MMTrayLSI.exe" [2003-03-25 06:49 53248 C:\WINDOWS\system32\MMTrayLSI.exe]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2007-06-25 17:18 77824]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2002-06-06 11:52 106571]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192]
"NWEReboot"="" []
"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"UVS11 Preload"="D:\Logiciel\Videostudio\uvPL.exe" [2007-04-12 13:23 341488]
"lphcjfdj0el2b"="C:\WINDOWS\system32\lphcjfdj0el2b.exe" [2007-08-10 17:35 109056]
"SMrhcnfdj0el2b"="C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe" [2008-06-21 20:22 1642496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RunAlert"="C:\Program Files\MSI\PC Alert III\AService.exe" [ ]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
PC Alert III.lnk - C:\Program Files\MSI\PC Alert III\alert.exe [2007-06-24 20:17:11 1768960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= L3codecp.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.em2v"= ETXCodec.dll
"vidc.hfyu"= huffyuv.dll
"vidc.vp31"= vp31vfw.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.rud0"= rududu.dll
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"vidc.wnv1"= WNVPLAY1.DLL
"msacm.divxa32"= DivXa32.acm
"vidc.xvid"= xvid.dll
"vidc.advs"= Dvc.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= Aasc32.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.vcr1"= ativcr1.dll
"vidc.vcr2"= ativcr2.dll
"vidc.yv12"= yv12vfw.dll
"vidc.mwv1"= icmw_32.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"msacm.pcdv"= pcdv.acm
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.dps0"= DpsAviCC.dll
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.glzw"= GLZW.dll
"vidc.gpeg"= GPEG.dll
"msacm.imc"= IMC32.ACM
"vidc.i263"= i263_32.drv
"vidc.iv41"= ir41_32.dll
"vidc.ir21"= IR21_R.DLL
"vidc.rt21"= IR21_R.DLL
"vidc.dcmj"= MCMJPG32.DLL
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.mmes"= DigiVCap.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.fljp"= MMTVMJ.dll
"vidc.nt00"= NTCodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pvw2"= pvwv220.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.miro"= mirodv2avi.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= qmpeg.acm
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.s422"= tekyuv.dll
"vidc.vssv"= vsscodec.dll
"vidc.cscd"= camcodec.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.uldx"= ice:cm:{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Logitech Mic (Communicate STX)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Logiciel\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"D:\\Jeux\\MotoGP2\\motogp2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Jeux\\Midtown Madness\\midtown.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-06-25 17:22]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2002-04-23 13:23]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2002-05-22 14:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2002-04-23 13:23]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-06-06 11:52]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert III\NTGLM7X.sys [2002-05-27 10:21]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
S3 wampapache;wampapache;"D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 22:14:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-24 22:15:26
ComboFix-quarantined-files.txt 2008-06-24 20:15:24
Pre-Run: 9,756,426,240 octets libres
Post-Run: 9,987,063,808 octets libres
209 --- E O F --- 2007-08-03 23:56:48
2) Le rapport avec HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:24, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\lphcjfdj0el2b.exe
C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\pphcjfdj0el2b.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Mes documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] D:\Logiciel\Videostudio\uvPL.exe
O4 - HKLM\..\Run: [lphcjfdj0el2b] C:\WINDOWS\system32\lphcjfdj0el2b.exe
O4 - HKLM\..\Run: [SMrhcnfdj0el2b] C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: Download Video on This Page - D:\Logiciel\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - D:\Logiciel\YouTube Video Downloader\IELink.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: wampapache - Unknown owner - D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
Voilà, a toi d'en juger maintenant mais moi, je ne vois pas la différence par rapport à tout ce que l'on fait. Le virus y est toujours !!! -
apres ceci restera 1 merdouille
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\lphcjfdj0el2b.exe
C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcjfdj0el2b"=-
"SMrhcnfdj0el2b"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
-
-
Voici le rapport de ComboFix :
ComboFix 08-06-20.4 - Administrateur 2008-06-24 22:42:55.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
C:\WINDOWS\system32\lphcjfdj0el2b.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\rhcnfdj0el2b\rhcnfdj0el2b.exe
C:\WINDOWS\system32\lphcjfdj0el2b.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))))))
.
2008-06-24 22:40 . 2004-08-19 16:09 428,032 --a------ C:\WINDOWS\system32\CF5858.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 15:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 15:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
.
------- Sigcheck -------
2007-12-07 03:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\system32\dllcache\wininet.dll
2002-08-29 09:45 603136 cbc50d46257c4a75644230507b488050 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2006-06-23 13:28 581120 1f063bdbd1afef9ac0abd02384d40376 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-12-07 03:07 697856 de04a7293a48d92fddd6ec067a225562 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-06-26 16:12 663040 889269134af28b2142f47a337ca3a1cd C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 09:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:34 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-08-10 15:26 16384]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-08-22 20:57 651264]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 11:21 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"MMTray"="MMTray.exe" [2003-03-25 06:49 53248 C:\WINDOWS\system32\MMTray.exe]
"MMTray2K"="MMTray2k.exe" [2003-03-25 06:49 57344 C:\WINDOWS\system32\MMTray2k.exe]
"MMTrayLSI"="MMTrayLSI.exe" [2003-03-25 06:49 53248 C:\WINDOWS\system32\MMTrayLSI.exe]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2007-06-25 17:18 77824]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2002-06-06 11:52 106571]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192]
"NWEReboot"="" []
"TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 13:58 90112]
"UVS11 Preload"="D:\Logiciel\Videostudio\uvPL.exe" [2007-04-12 13:23 341488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RunAlert"="C:\Program Files\MSI\PC Alert III\AService.exe" [ ]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
PC Alert III.lnk - C:\Program Files\MSI\PC Alert III\alert.exe [2007-06-24 20:17:11 1768960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= L3codecp.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.em2v"= ETXCodec.dll
"vidc.hfyu"= huffyuv.dll
"vidc.vp31"= vp31vfw.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.rud0"= rududu.dll
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"vidc.wnv1"= WNVPLAY1.DLL
"msacm.divxa32"= DivXa32.acm
"vidc.xvid"= xvid.dll
"vidc.advs"= Dvc.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= Aasc32.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.vcr1"= ativcr1.dll
"vidc.vcr2"= ativcr2.dll
"vidc.yv12"= yv12vfw.dll
"vidc.mwv1"= icmw_32.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"msacm.pcdv"= pcdv.acm
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.dps0"= DpsAviCC.dll
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.glzw"= GLZW.dll
"vidc.gpeg"= GPEG.dll
"msacm.imc"= IMC32.ACM
"vidc.i263"= i263_32.drv
"vidc.iv41"= ir41_32.dll
"vidc.ir21"= IR21_R.DLL
"vidc.rt21"= IR21_R.DLL
"vidc.dcmj"= MCMJPG32.DLL
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.mmes"= DigiVCap.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.fljp"= MMTVMJ.dll
"vidc.nt00"= NTCodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pvw2"= pvwv220.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.miro"= mirodv2avi.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= qmpeg.acm
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.s422"= tekyuv.dll
"vidc.vssv"= vsscodec.dll
"vidc.cscd"= camcodec.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.uldx"= ice:cm:{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Logitech Mic (Communicate STX)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Logiciel\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"D:\\Jeux\\MotoGP2\\motogp2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Jeux\\Midtown Madness\\midtown.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-06-25 17:22]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2002-04-23 13:23]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2002-05-22 14:52]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2002-04-23 13:23]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-06-06 11:52]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert III\NTGLM7X.sys [2002-05-27 10:21]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
S3 wampapache;wampapache;"D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 22:43:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-24 22:44:26
ComboFix-quarantined-files.txt 2008-06-24 20:44:26
ComboFix2.txt 2008-06-24 20:15:28
Pre-Run: 9,944,809,472 octets libres
Post-Run: 9,932,800,000 octets libres
201 --- E O F --- 2007-08-03 23:56:48
Et voici celui de HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:47, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\pphcjfdj0el2b.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Mes documents\programmerenomeeeeeeee.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] D:\Logiciel\Videostudio\uvPL.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: Download Video on This Page - D:\Logiciel\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - D:\Logiciel\YouTube Video Downloader\IELink.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Logiciel\YouTube Video Downloader\IEPage.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: wampapache - Unknown owner - D:\Logiciel\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\Logiciel\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
Je vois déjà que l'icône du "faux logiciel antivirus" qui est antivirus XP 2008 a diparu, c'est bon signe, non ?
Par contre pour le fond d'écran je vois maintenant un fond blanc alors que j'essaie à chaque fois de mettre une image. Mais ce qui est encore plus bizarre, c'est que, quand on lance ComboFix, cette image revient (pendant le scan). Je trouve ça bizarre mais j'attend ta réponse avant tout. Encore merci -
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\pphcjfdj0el2b.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ENSUITE :
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
- 1
- 2
- 3
- 4
Suivant
