Trojan.vundo.ewz

Résolu
nicothehacker Messages postés 34 Statut Membre -  
nicothehacker Messages postés 34 Statut Membre -
Bonjour,
a tous le monde.Voila j'ai eté contaminé par VIRTUMONDE,depuis je n'arrive plus a me debarrasserdu trojan vundo.
J'ai tout essayer,vundo fix(v7),la nouvelle version de spybot,combofix mais rien n'y fait.
Voila mon rapport hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:09, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mr\Mes documents\torrent\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3BB6E3F-CF36-43F8-9C36-F853120248FF}: NameServer = 192.168.1.1
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7276 bytes

voila j'ai un rapport combo fix aussi.Si quelqu'un peut m'aider merci d'avance
Configuration: Windows XP
Firefox 2.0.0.14

15 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    VundoFix est dépassé.

    - Télécharge ComboFix.exe (de sUBs)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    - Enregistre ce fichier sur le bureau

    - Redémarre en mode sans échec :
    http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

    - Double-clique sur ComboFix.exe, tape 1, valide par Entrée pour lancer le scan

    - Lorsque le scan sera complété, un rapport apparaîtra. Copie/Colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    * Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"

    ** N'en tiens pas compte, continue la procédure.
    0
  2. nicothehacker Messages postés 34 Statut Membre 1
     
    ok voila le rapport combofix.
    ComboFix 08-06-20.4 - Mr 2008-06-29 12:30:04.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.763 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr\Mes documents\torrent\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-26 13:39 . 2008-06-26 13:39 <REP> d-------- C:\Program Files\Hercules
    2008-06-26 13:39 . 2007-02-08 18:37 19,456 --a------ C:\WINDOWS\system32\hdjcprop.dll
    2008-06-26 13:39 . 2007-02-08 18:28 11,008 --a------ C:\WINDOWS\system32\drivers\hdjctrl.sys
    2008-06-26 13:38 . 2008-06-26 13:38 <REP> d-------- C:\Documents and Settings\Mr\Application Data\InstallShield
    2008-06-22 21:40 . 2008-06-23 14:41 1,917 --a------ C:\WINDOWS\imsins.BAK
    2008-06-21 12:15 . 2008-06-21 12:15 <REP> d-------- C:\Program Files\Guillemot
    2008-06-21 12:15 . 2007-02-08 17:29 118,784 --a------ C:\WINDOWS\system32\HDJAPI.dll
    2008-06-21 12:15 . 2005-01-28 11:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
    2008-06-21 12:15 . 2007-01-09 13:47 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll
    2008-06-21 12:15 . 2007-02-08 18:23 39,296 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys
    2008-06-21 12:15 . 2007-02-09 09:27 23,040 --a------ C:\WINDOWS\system32\HDJSAPI.dll
    2008-06-20 19:03 . 2008-06-20 19:03 <REP> d-------- C:\VundoFix Backups
    2008-06-20 18:46 . 2008-06-20 18:46 294 ---hs---- C:\WINDOWS\system32\xbgrtast.ini
    2008-06-14 18:12 . 2008-06-21 11:53 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-06-01 21:02 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2008-06-01 20:32 . 2008-06-01 20:32 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-06-01 20:31 . 2008-06-01 20:32 <REP> d-------- C:\Documents and Settings\Mr\Application Data\SystemRequirementsLab
    2008-05-31 17:48 . 2008-05-31 17:48 <REP> d-------- C:\Documents and Settings\Mr\Application Data\Uniblue
    2008-05-30 17:46 . 2008-05-30 17:46 <REP> d-------- C:\Documents and Settings\Mr\Application Data\TaoUSign

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 10:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-06-28 16:27 --------- d-----w C:\Program Files\eMule
    2008-06-28 16:12 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-26 22:56 --------- d-----w C:\Documents and Settings\Mr\Application Data\BitTorrent
    2008-06-26 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-24 10:39 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
    2008-06-21 12:06 --------- d-----w C:\Program Files\VirtualDJ
    2008-06-20 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-20 19:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-20 18:19 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-06-18 16:27 --------- d-----w C:\Documents and Settings\Mr\Application Data\OpenOffice.org2
    2008-06-01 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-05-25 20:11 --------- d-----w C:\Program Files\Realtek
    2008-05-25 19:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-05-24 09:08 --------- d-----w C:\Program Files\ASIO4ALL v2
    2008-05-23 13:22 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-05-23 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-05-23 08:16 --------- d-----w C:\Documents and Settings\Mr\Application Data\CyberLink
    2008-05-23 08:13 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-05-14 08:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-14 08:37 --------- d-----w C:\Documents and Settings\Mr\Application Data\AdobeUM
    2008-05-07 17:21 4,739,072 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-07 11:59 --------- d-----w C:\Program Files\MP3Gain
    2008-05-03 09:11 --------- d-----w C:\Program Files\VstPlugins
    2008-05-03 09:09 --------- d-----w C:\Program Files\Audacity
    2008-04-30 15:37 --------- d-----w C:\Documents and Settings\Mr\Application Data\Deckadance
    2008-04-30 12:14 --------- d-----w C:\Documents and Settings\Mr\Application Data\InterVideo
    2008-04-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-30 12:08 --------- d-----w C:\Program Files\Fichiers communs\Ulead
    2008-04-30 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-01-09 14:55 47,360 ----a-w C:\Documents and Settings\Mr\Application Data\pcouffin.sys
    2007-04-07 12:45 5,226,744 ----a-w C:\Program Files\Firefox Setup 1.5.0.11.exe
    2007-04-01 13:16 15,942,656 ----a-w C:\Program Files\IE7Setup.exe
    2007-03-11 12:22 6,196,681 ----a-w C:\Program Files\BitTorrent-5.0.5.exe
    2007-01-22 20:33 1,103,125 ----a-w C:\Program Files\PrintScreen35_Setup.exe
    2007-01-10 12:18 1,035,271 ----a-w C:\Program Files\wrar362.exe
    2007-01-02 21:46 9,451,515 ----a-w C:\Program Files\vlc-0.8.6-win32.exe
    2007-01-02 20:54 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ------- Sigcheck -------

    2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
    2005-03-10 09:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
    2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
    2005-10-21 04:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\ie7\wininet.dll
    2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\SoftwareDistribution\Download\5c9426d7149b2dcd2ee8bb773badb22a\backup\sp2gdr\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\SoftwareDistribution\Download\5c9426d7149b2dcd2ee8bb773badb22a\backup\sp2qfe\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\system32\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\system32\dllcache\wininet.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 12:39 368640]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoInstrumentation"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VP40"= vp4vfw.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
    R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\WINDOWS\system32\drivers\pe3agqwb.sys [2008-02-25 19:55]
    R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);C:\WINDOWS\system32\drivers\ps7agqwb.sys [2008-02-25 19:54]
    R3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2007-02-08 18:28]
    S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\WINDOWS\system32\pr2agqwb.exe svc []
    S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-24 12:39]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;P:\programme\Lavalys\EVEREST Home Edition\kerneld.wnt []
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2007-02-08 18:23]
    S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
    S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 11:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-27 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-29 12:30:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\P:\programme\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    Temps d'accomplissement: 2008-06-29 12:31:29
    ComboFix-quarantined-files.txt 2008-06-29 10:31:22
    ComboFix2.txt 2008-06-29 10:24:48

    Pre-Run: 40,988,856,320 octets libres
    Post-Run: 40,968,974,336 octets libres

    165
    encore merci de me donner un coup de main..
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
    http://www.zshare.net/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    0
  4. nicothehacker Messages postés 34 Statut Membre 1
     
    c'est bon c'est fait.voila le rapport

    ComboFix 08-06-20.4 - Mr 2008-06-29 18:52:02.4 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.797 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr\Mes documents\torrent\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mr\Mes documents\torrent\cfscript.txt

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-26 13:39 . 2008-06-26 13:39 <REP> d-------- C:\Program Files\Hercules
    2008-06-26 13:39 . 2007-02-08 18:37 19,456 --a------ C:\WINDOWS\system32\hdjcprop.dll
    2008-06-26 13:39 . 2007-02-08 18:28 11,008 --a------ C:\WINDOWS\system32\drivers\hdjctrl.sys
    2008-06-26 13:38 . 2008-06-26 13:38 <REP> d-------- C:\Documents and Settings\Mr\Application Data\InstallShield
    2008-06-21 12:15 . 2008-06-21 12:15 <REP> d-------- C:\Program Files\Guillemot
    2008-06-21 12:15 . 2007-02-08 17:29 118,784 --a------ C:\WINDOWS\system32\HDJAPI.dll
    2008-06-21 12:15 . 2005-01-28 11:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
    2008-06-21 12:15 . 2007-01-09 13:47 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll
    2008-06-21 12:15 . 2007-02-08 18:23 39,296 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys
    2008-06-21 12:15 . 2007-02-09 09:27 23,040 --a------ C:\WINDOWS\system32\HDJSAPI.dll
    2008-06-20 18:46 . 2008-06-20 18:46 294 ---hs---- C:\WINDOWS\system32\xbgrtast.ini
    2008-06-14 18:12 . 2008-06-21 11:53 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-06-01 21:02 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2008-06-01 20:32 . 2008-06-01 20:32 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-06-01 20:31 . 2008-06-01 20:32 <REP> d-------- C:\Documents and Settings\Mr\Application Data\SystemRequirementsLab
    2008-05-31 17:48 . 2008-05-31 17:48 <REP> d-------- C:\Documents and Settings\Mr\Application Data\Uniblue
    2008-05-30 17:46 . 2008-05-30 17:46 <REP> d-------- C:\Documents and Settings\Mr\Application Data\TaoUSign

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 16:50 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-06-29 10:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-28 16:27 --------- d-----w C:\Program Files\eMule
    2008-06-26 22:56 --------- d-----w C:\Documents and Settings\Mr\Application Data\BitTorrent
    2008-06-26 11:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-24 10:39 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
    2008-06-21 12:06 --------- d-----w C:\Program Files\VirtualDJ
    2008-06-20 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-20 19:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-20 18:19 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-06-18 16:27 --------- d-----w C:\Documents and Settings\Mr\Application Data\OpenOffice.org2
    2008-06-01 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-05-25 20:11 --------- d-----w C:\Program Files\Realtek
    2008-05-25 19:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-05-24 09:08 --------- d-----w C:\Program Files\ASIO4ALL v2
    2008-05-23 13:22 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-05-23 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-05-23 08:16 --------- d-----w C:\Documents and Settings\Mr\Application Data\CyberLink
    2008-05-23 08:13 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-05-14 08:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-14 08:37 --------- d-----w C:\Documents and Settings\Mr\Application Data\AdobeUM
    2008-05-07 17:21 4,739,072 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-07 11:59 --------- d-----w C:\Program Files\MP3Gain
    2008-05-03 09:11 --------- d-----w C:\Program Files\VstPlugins
    2008-05-03 09:09 --------- d-----w C:\Program Files\Audacity
    2008-04-30 15:37 --------- d-----w C:\Documents and Settings\Mr\Application Data\Deckadance
    2008-04-30 12:14 --------- d-----w C:\Documents and Settings\Mr\Application Data\InterVideo
    2008-04-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-30 12:08 --------- d-----w C:\Program Files\Fichiers communs\Ulead
    2008-04-30 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-01-09 14:55 47,360 ----a-w C:\Documents and Settings\Mr\Application Data\pcouffin.sys
    2007-04-07 12:45 5,226,744 ----a-w C:\Program Files\Firefox Setup 1.5.0.11.exe
    2007-04-01 13:16 15,942,656 ----a-w C:\Program Files\IE7Setup.exe
    2007-03-11 12:22 6,196,681 ----a-w C:\Program Files\BitTorrent-5.0.5.exe
    2007-01-22 20:33 1,103,125 ----a-w C:\Program Files\PrintScreen35_Setup.exe
    2007-01-10 12:18 1,035,271 ----a-w C:\Program Files\wrar362.exe
    2007-01-02 21:46 9,451,515 ----a-w C:\Program Files\vlc-0.8.6-win32.exe
    2007-01-02 20:54 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ------- Sigcheck -------

    2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
    2005-03-10 09:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
    2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
    2005-10-21 04:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\ie7\wininet.dll
    2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\SoftwareDistribution\Download\5c9426d7149b2dcd2ee8bb773badb22a\backup\sp2gdr\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\SoftwareDistribution\Download\5c9426d7149b2dcd2ee8bb773badb22a\backup\sp2qfe\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\system32\wininet.dll
    2006-10-27 15:09 818688 7cf0b0d5d9d47585853e2a6978441f64 C:\WINDOWS\system32\dllcache\wininet.dll
    .
    ((((((((((((((((((((((((((((( snapshot_2008-06-29_12.24.33,43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-29 10:17:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-29 16:51:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2005-05-26 02:16:30 41,240 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    - 2008-06-23 12:44:00 63,016 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-06-29 14:03:21 63,016 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-06-23 12:44:00 76,136 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-06-29 14:03:21 76,136 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-06-23 12:44:00 402,406 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-06-29 14:03:21 402,406 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-06-23 12:44:00 469,622 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-06-29 14:03:21 469,622 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2005-05-26 02:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
    + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    - 2005-05-26 02:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
    + 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 12:39 368640]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoInstrumentation"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VP40"= vp4vfw.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
    R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\WINDOWS\system32\drivers\pe3agqwb.sys [2008-02-25 19:55]
    R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);C:\WINDOWS\system32\drivers\ps7agqwb.sys [2008-02-25 19:54]
    R3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2007-02-08 18:28]
    S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\WINDOWS\system32\pr2agqwb.exe svc []
    S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-24 12:39]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;P:\programme\Lavalys\EVEREST Home Edition\kerneld.wnt []
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2007-02-08 18:23]
    S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
    S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 11:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-27 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-29 18:53:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\P:\programme\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    Temps d'accomplissement: 2008-06-29 18:54:28
    ComboFix-quarantined-files.txt 2008-06-29 16:54:20
    ComboFix2.txt 2008-06-29 10:31:30
    ComboFix3.txt 2008-06-29 10:24:48

    Pre-Run: 40,961,662,976 octets libres
    Post-Run: 40,961,093,632 octets libres

    185

    encore merci pour tout.............
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Démarre en mode sans échec :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  7. nicothehacker Messages postés 34 Statut Membre 1
     
    ok c'est fait.il a enlever des fichiers.

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 904
    Windows 5.1.2600 Service Pack 2

    00:37:31 30/06/2008
    mbam-log-6-30-2008 (00-37-28).txt

    Type de recherche: Examen complet (C:\|D:\|P:\|)
    Eléments examinés: 114834
    Temps écoulé: 40 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f86b11f3-0ce1-475f-9541-5329bf7b3597} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
    C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> No action taken.
    C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> No action taken.
    C:\Documents and Settings\Mr\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
    C:\Documents and Settings\Mr\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\urqQICvT.dll.vir (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP111\A0020050.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP115\A0020886.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP132\A0022348.exe (Adware.Rabio) -> No action taken.
    C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP164\A0039912.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP164\A0040912.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.

    voila j'espere que ça sera la bonne ce coup la...merci
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    T'as cliqué sur Supprimer la sélection ?
    0
  9. nicothehacker Messages postés 34 Statut Membre 1
     
    oui j'ai supprimer les fichiers infecter.voila voila.En tout cas c'est sacrement coriace ce truc.ça fait un moment que j'essaye de m'en debarrasser.encore merci pour tout merci
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Poste un nouveau rapport HijackThis.
    0
  11. nicothehacker Messages postés 34 Statut Membre 1
     
    ok!!voila le rapport.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:25:41, on 30/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mr\Mes documents\torrent\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F3BB6E3F-CF36-43F8-9C36-F853120248FF}: NameServer = 192.168.1.1
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  12. nicothehacker Messages postés 34 Statut Membre 1
     
    bonjour
    j'ai poster le dernier rapport hijack,est ce que c'est bon????
    Apparement il n'y a plus de probleme sur mon pc..
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    ---> Clique en bas sur Fix checked, mets oui si HijackThis te demande quelque chose

    ---> Reposte un rapport HijackThis

    ---> Mets à jour Java :
    https://www.java.com/fr/download/manual.jsp

    Télécharge Tools Cleaner sur ton bureau.
    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
    Clique sur Recherche et laisse le scan agir.
    Clique sur Suppression pour finaliser.
    Tu peux, si tu le souhaites, te servir des Options facultatives.
    Clique sur Quitter pour obtenir le rapport.
    Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    - Télécharge CCleaner (N'installe pas la Yahoo toolbar) :
    https://www.ccleaner.com/ccleaner/download

    - Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

    ---> Il est nécessaire de désactiver puis réactiver la restauration système, fais-le :
    http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

    ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
    https://www.vulgarisation-informatique.com/creer-point-restauration.php
    0
  14. nicothehacker Messages postés 34 Statut Membre 1
     
    voici le rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:05:38, on 16/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mr\Mes documents\torrent\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F3BB6E3F-CF36-43F8-9C36-F853120248FF}: NameServer = 192.168.1.1
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonne soirée ;)
    0
  16. nicothehacker Messages postés 34 Statut Membre 1
     
    et voila le rapport tcleaner

    C:\Qoobox: trouvé !
    C:\Documents and Settings\Mr\Mes documents\torrent\ComboFix.exe: trouvé !
    C:\Documents and Settings\Mr\Mes documents\torrent\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Mr\Mes documents\torrent\ComboFix.exe: supprimé !
    C:\Documents and Settings\Mr\Mes documents\torrent\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !

    voila voila.encore merci
    0