ordi infecté

Question

Bonjour,
j aimerai un coup de main pour detuire les virus sur mon ordi et que l on me transmet les etapes a suivre et qu une personne reste avec moi pour analysé les rapports merci d avance pour votre comprehension et votre proffessionnalisme

^^Marie^^ · Accepted Answer

Salut djkeops710

Fais ce qui suit 
Stp

F -  Hijackthis - Outil de diagnostic et réparation 
télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 
https://kerio.probb.fr/t62-comment-utiliser-et-comprendre-hijackthis 
Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
Lance le puis: 
clique sur "do a system scan and save logfile" (cf démo) 
faire un copier coller du log entier sur le forum 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/demohijack.htm 
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html 

Bon courage 

A+

jlpjlp · Answer

ok


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

Télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le Bureau

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

djkeops710 · Answer

[07/11/2008, 20:46:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\steve\Local Settings\Temporary Internet Files\Content.IE5\5A6R9R7H\VirtumundoBeGone[1].exe" )
[07/11/2008, 20:46:08] - Detected System Information:
[07/11/2008, 20:46:08] -  Windows Version: 5.1.2600, Service Pack 2
[07/11/2008, 20:46:09] -  Current Username: steve (Admin)
[07/11/2008, 20:46:09] -  Windows is in NORMAL mode.
[07/11/2008, 20:46:09] - Searching for Browser Helper Objects:
[07/11/2008, 20:46:09] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2008, 20:46:09] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2008, 20:46:09] -  BHO 3: {90909807-d7b1-4257-9583-f266614d079b} ()
[07/11/2008, 20:46:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2008, 20:46:09] -  Checking for HKLM\...\Winlogon\Notify\xdyefv
[07/11/2008, 20:46:09] -  Key not found: HKLM\...\Winlogon\Notify\xdyefv, continuing.
[07/11/2008, 20:46:09] - Finished Searching Browser Helper Objects
[07/11/2008, 20:46:09] - Finishing up...
[07/11/2008, 20:46:09] - Nothing found! Exiting...

djkeops710 · Answer

ComboFix 08-07-08.9 - steve 2008-07-11 21:11:26.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.572 [GMT 2:00]
Endroit: D:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\bloejope.dll
C:\WINDOWS\system32\epojeolb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pirqdeum.ini
C:\WINDOWS\system32\Svwvyyxx.ini
C:\WINDOWS\system32\Svwvyyxx.ini2
C:\WINDOWS\system32\tuchlwyq.ini
C:\WINDOWS\system32\xxyyvwvS.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 18:56 . 2008-07-11 18:56 <REP> d-------- C:\Documents and Settings\steve\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 19:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 18:17 . 2008-07-11 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-11 18:14 . 2008-07-11 18:14 <REP> d-------- C:\Program Files\Yahoo!
2008-07-11 18:14 . 2008-07-11 18:15 <REP> d-------- C:\Program Files\CCleaner
2008-07-11 15:33 . 2008-07-11 15:33 <REP> d-------- C:\Program Files\Securitoo
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\xdyefv.dll
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\pcwhelky.dll
2008-07-10 17:10 . 2008-07-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-10 17:09 . 2008-07-10 17:09 <REP> d-------- C:\Program Files\NCH Software
2008-07-10 10:53 . 2008-07-11 15:35 41 --a------ C:\WINDOWS\Kit.ini
2008-07-09 22:59 . 2008-07-09 23:02 <REP> d-------- C:\Program Files\Navilog1
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\liqwpl.dll
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\khryffxe.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\yypeexhx.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\leidgx.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\hoteaqbb.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\cadbov.dll
2008-07-09 14:20 . 2008-07-09 14:20 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-07-09 12:59 . 2008-07-09 16:01 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-09 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-09 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-09 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-09 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-09 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-09 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-09 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-09 12:03 . 2008-07-09 12:03 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-07-09 12:03 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-07-09 12:03 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-07-09 08:36 . 2008-07-09 08:36 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-07-08 20:01 . 2008-07-08 20:01 <REP> d-------- C:\Program Files\Driver-Soft
2008-07-08 20:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-07-08 20:01 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-08 19:30 . 2008-07-08 19:34 <REP> d-------- C:\Program Files\uTorrent
2008-07-08 19:30 . 2008-07-09 22:15 <REP> d-------- C:\Documents and Settings\steve\Application Data\uTorrent
2008-07-08 18:56 . 2008-07-08 19:11 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-08 18:56 . 2008-07-08 19:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-08 18:52 . 2008-07-08 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-08 18:52 . 2008-07-11 21:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-08 18:51 . 2008-07-11 21:13 4,114,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:51 . 2008-07-11 21:13 109,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 18:51 . 2008-07-11 21:08 58,052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 18:51 . 2008-07-11 21:08 13,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:50 . 2008-07-08 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-07 16:41 . 2008-07-07 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 15:25 . 2008-07-07 15:25 <REP> d-------- C:\Documents and Settings\steve\Application Data\Talkback
2008-07-07 14:52 . 2008-07-07 14:53 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-07-07 12:58 . 2008-07-07 12:58 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-07-07 10:09 . 2008-07-07 10:09 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-07 10:09 . 2008-07-07 10:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-07-07 06:28 . 2008-07-07 06:32 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 13:08 . 2008-07-11 19:11 28,800 --------- C:\WINDOWS\system32\xxyVmLCU.dll
2008-06-30 16:25 . 2008-06-30 16:25 <REP> d-------- C:\Program Files\Sierra
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 16:03 . 2008-06-17 16:03 <REP> d-------- C:\Documents and Settings\steve\Application Data\Sonic
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 19:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 19:09 --------- d-----w C:\Program Files\Wanadoo
2008-07-10 23:22 --------- d-----w C:\Documents and Settings\steve\Application Data\LimeWire
2008-07-09 19:45 --------- d-----w C:\Program Files\LimeWire
2008-07-09 09:35 --------- d-----w C:\Program Files\Google
2008-07-09 09:11 --------- d-----w C:\Program Files\Nokia
2008-07-09 09:06 --------- d-----w C:\Program Files\QuickTime
2008-07-09 08:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-08 16:40 --------- d-----w C:\Program Files\GlobFX Technologies
2008-07-08 16:35 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-07-07 10:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 17:27 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-29 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-28 15:45 --------- d-----w C:\Documents and Settings\steve\Application Data\Nokia
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-10 19:26 --------- d-----w C:\Documents and Settings\steve\Application Data\dvdcss
2008-06-03 09:32 --------- d-----w C:\Program Files\AVIConverter
2008-05-31 17:53 --------- d-----w C:\Program Files\Odometer
2008-05-31 16:30 --------- d-----w C:\Program Files\StartClock
2008-05-31 14:55 --------- d-----w C:\Documents and Settings\steve\Application Data\Zylom
2008-05-31 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-30 10:27 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-24 17:02 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\SETE6.tmp
2008-05-21 20:48 --------- d-----w C:\Program Files\Java
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\steve\Application Data\OtakuSoftware
2008-05-20 06:29 --------- d-----w C:\Documents and Settings\steve\Application Data\Yahoo!
2008-05-20 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-19 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-05-19 15:58 --------- d-----w C:\Program Files\MSN Apps
2008-05-19 15:53 --------- d-----w C:\Program Files\ProgramLaunch
2008-05-19 15:53 --------- d-----w C:\Program Files\Kantaris
2008-05-19 09:39 --------- d-----w C:\Documents and Settings\steve\Application Data\kantaris
2008-05-17 08:03 --------- d-----w C:\Program Files\Fichiers communs\Totem Shared
2008-05-12 07:59 --------- d-----w C:\Program Files\VirginMega
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_19.36.45.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-07-09 17:29:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 19:09:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90909807-d7b1-4257-9583-f266614d079b}]
2008-07-10 21:07 116352 --a------ C:\WINDOWS\system32\xdyefv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80123684-A222-4009-8220-A867294D6DE8}"= "C:\WINDOWS\nqgpedlr.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{80123684-a222-4009-8220-a867294d6de8}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7F62B052-BBD3-476F-A8D5-AEA51D86367A}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [BU]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [BU]
"SysA.exe"="C:\Windows\SysA.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 21:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 15:37 40960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [BU]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-10 21:45:54 7168]
TrayMin315.exe.lnk - C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe [2008-04-30 14:00:44 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115241_mcappins.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115238_mcinfo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffe501d-16b9-11dd-b135-0015c522d0ce}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c332c682-4d0d-11dd-b1c0-0015c522d0ce}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\explore\Command - F:\autorun.exe -e
\Shell\open\Command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd64bd7b-169b-11dd-b12f-00038a000015}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 18:32:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 16:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 21:14:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-11 21:15:31
ComboFix-quarantined-files.txt 2008-07-11 19:15:26
ComboFix2.txt 2008-07-09 18:47:00

Pre-Run: 28,210,675,712 octets libres
Post-Run: 28,194,500,608 octets libres

280 --- E O F --- 2008-07-11 19:03:12

djkeops710 · Answer

voila j ai posté virtumondebegone et combofix si quelqu un a examné mes rapports  pourrait me donné la suite des opérations

jlpjlp · Answer

Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.

3/ recolle un nouvel hijackhtis et combofix

a plus

djkeops710 · Answer

ComboFix 08-07-08.9 - steve 2008-07-11 21:11:26.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.572 [GMT 2:00]
Endroit: D:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\bloejope.dll
C:\WINDOWS\system32\epojeolb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pirqdeum.ini
C:\WINDOWS\system32\Svwvyyxx.ini
C:\WINDOWS\system32\Svwvyyxx.ini2
C:\WINDOWS\system32\tuchlwyq.ini
C:\WINDOWS\system32\xxyyvwvS.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 18:56 . 2008-07-11 18:56 <REP> d-------- C:\Documents and Settings\steve\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 19:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 18:17 . 2008-07-11 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-11 18:14 . 2008-07-11 18:14 <REP> d-------- C:\Program Files\Yahoo!
2008-07-11 18:14 . 2008-07-11 18:15 <REP> d-------- C:\Program Files\CCleaner
2008-07-11 15:33 . 2008-07-11 15:33 <REP> d-------- C:\Program Files\Securitoo
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\xdyefv.dll
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\pcwhelky.dll
2008-07-10 17:10 . 2008-07-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-10 17:09 . 2008-07-10 17:09 <REP> d-------- C:\Program Files\NCH Software
2008-07-10 10:53 . 2008-07-11 15:35 41 --a------ C:\WINDOWS\Kit.ini
2008-07-09 22:59 . 2008-07-09 23:02 <REP> d-------- C:\Program Files\Navilog1
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\liqwpl.dll
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\khryffxe.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\yypeexhx.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\leidgx.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\hoteaqbb.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\cadbov.dll
2008-07-09 14:20 . 2008-07-09 14:20 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-07-09 12:59 . 2008-07-09 16:01 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-09 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-09 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-09 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-09 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-09 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-09 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-09 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-09 12:03 . 2008-07-09 12:03 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-07-09 12:03 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-07-09 12:03 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-07-09 08:36 . 2008-07-09 08:36 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-07-08 20:01 . 2008-07-08 20:01 <REP> d-------- C:\Program Files\Driver-Soft
2008-07-08 20:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-07-08 20:01 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-08 19:30 . 2008-07-08 19:34 <REP> d-------- C:\Program Files\uTorrent
2008-07-08 19:30 . 2008-07-09 22:15 <REP> d-------- C:\Documents and Settings\steve\Application Data\uTorrent
2008-07-08 18:56 . 2008-07-08 19:11 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-08 18:56 . 2008-07-08 19:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-08 18:52 . 2008-07-08 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-08 18:52 . 2008-07-11 21:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-08 18:51 . 2008-07-11 21:13 4,114,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:51 . 2008-07-11 21:13 109,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 18:51 . 2008-07-11 21:08 58,052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 18:51 . 2008-07-11 21:08 13,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:50 . 2008-07-08 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-07 16:41 . 2008-07-07 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 15:25 . 2008-07-07 15:25 <REP> d-------- C:\Documents and Settings\steve\Application Data\Talkback
2008-07-07 14:52 . 2008-07-07 14:53 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-07-07 12:58 . 2008-07-07 12:58 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-07-07 10:09 . 2008-07-07 10:09 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-07 10:09 . 2008-07-07 10:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-07-07 06:28 . 2008-07-07 06:32 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 13:08 . 2008-07-11 19:11 28,800 --------- C:\WINDOWS\system32\xxyVmLCU.dll
2008-06-30 16:25 . 2008-06-30 16:25 <REP> d-------- C:\Program Files\Sierra
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 16:03 . 2008-06-17 16:03 <REP> d-------- C:\Documents and Settings\steve\Application Data\Sonic
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 19:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 19:09 --------- d-----w C:\Program Files\Wanadoo
2008-07-10 23:22 --------- d-----w C:\Documents and Settings\steve\Application Data\LimeWire
2008-07-09 19:45 --------- d-----w C:\Program Files\LimeWire
2008-07-09 09:35 --------- d-----w C:\Program Files\Google
2008-07-09 09:11 --------- d-----w C:\Program Files\Nokia
2008-07-09 09:06 --------- d-----w C:\Program Files\QuickTime
2008-07-09 08:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-08 16:40 --------- d-----w C:\Program Files\GlobFX Technologies
2008-07-08 16:35 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-07-07 10:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 17:27 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-29 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-28 15:45 --------- d-----w C:\Documents and Settings\steve\Application Data\Nokia
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-10 19:26 --------- d-----w C:\Documents and Settings\steve\Application Data\dvdcss
2008-06-03 09:32 --------- d-----w C:\Program Files\AVIConverter
2008-05-31 17:53 --------- d-----w C:\Program Files\Odometer
2008-05-31 16:30 --------- d-----w C:\Program Files\StartClock
2008-05-31 14:55 --------- d-----w C:\Documents and Settings\steve\Application Data\Zylom
2008-05-31 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-30 10:27 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-24 17:02 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\SETE6.tmp
2008-05-21 20:48 --------- d-----w C:\Program Files\Java
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\steve\Application Data\OtakuSoftware
2008-05-20 06:29 --------- d-----w C:\Documents and Settings\steve\Application Data\Yahoo!
2008-05-20 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-19 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-05-19 15:58 --------- d-----w C:\Program Files\MSN Apps
2008-05-19 15:53 --------- d-----w C:\Program Files\ProgramLaunch
2008-05-19 15:53 --------- d-----w C:\Program Files\Kantaris
2008-05-19 09:39 --------- d-----w C:\Documents and Settings\steve\Application Data\kantaris
2008-05-17 08:03 --------- d-----w C:\Program Files\Fichiers communs\Totem Shared
2008-05-12 07:59 --------- d-----w C:\Program Files\VirginMega
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_19.36.45.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-07-09 17:29:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 19:09:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90909807-d7b1-4257-9583-f266614d079b}]
2008-07-10 21:07 116352 --a------ C:\WINDOWS\system32\xdyefv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80123684-A222-4009-8220-A867294D6DE8}"= "C:\WINDOWS\nqgpedlr.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{80123684-a222-4009-8220-a867294d6de8}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7F62B052-BBD3-476F-A8D5-AEA51D86367A}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [BU]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [BU]
"SysA.exe"="C:\Windows\SysA.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 21:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 15:37 40960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [BU]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-10 21:45:54 7168]
TrayMin315.exe.lnk - C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe [2008-04-30 14:00:44 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115241_mcappins.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115238_mcinfo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffe501d-16b9-11dd-b135-0015c522d0ce}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c332c682-4d0d-11dd-b1c0-0015c522d0ce}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\explore\Command - F:\autorun.exe -e
\Shell\open\Command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd64bd7b-169b-11dd-b12f-00038a000015}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 18:32:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 16:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 21:14:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-11 21:15:31
ComboFix-quarantined-files.txt 2008-07-11 19:15:26
ComboFix2.txt 2008-07-09 18:47:00

Pre-Run: 28,210,675,712 octets libres
Post-Run: 28,194,500,608 octets libres

280 --- E O F --- 2008-07-11 19:03:12

djkeops710 · Answer

ComboFix 08-07-08.9 - steve 2008-07-12 0:26:24.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.544 [GMT 2:00]
Endroit: D:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 22:30 . 2008-07-11 22:30 173 --a------ C:\curr_ver.tmp
2008-07-11 18:56 . 2008-07-11 18:56 <REP> d-------- C:\Documents and Settings\steve\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 19:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 18:17 . 2008-07-11 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-11 18:14 . 2008-07-11 18:14 <REP> d-------- C:\Program Files\Yahoo!
2008-07-11 18:14 . 2008-07-11 18:15 <REP> d-------- C:\Program Files\CCleaner
2008-07-11 15:33 . 2008-07-11 15:33 <REP> d-------- C:\Program Files\Securitoo
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\xdyefv.dll
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\pcwhelky.dll
2008-07-10 17:10 . 2008-07-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-10 17:09 . 2008-07-10 17:09 <REP> d-------- C:\Program Files\NCH Software
2008-07-10 10:53 . 2008-07-11 15:35 41 --a------ C:\WINDOWS\Kit.ini
2008-07-09 22:59 . 2008-07-09 23:02 <REP> d-------- C:\Program Files\Navilog1
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\liqwpl.dll
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\khryffxe.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\yypeexhx.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\leidgx.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\hoteaqbb.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\cadbov.dll
2008-07-09 14:20 . 2008-07-09 14:20 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-07-09 12:59 . 2008-07-09 16:01 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-09 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-09 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-09 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-09 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-09 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-09 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-09 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-09 12:03 . 2008-07-09 12:03 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-07-09 12:03 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-07-09 12:03 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-07-09 08:36 . 2008-07-09 08:36 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-07-08 20:01 . 2008-07-08 20:01 <REP> d-------- C:\Program Files\Driver-Soft
2008-07-08 20:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-07-08 20:01 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-08 19:30 . 2008-07-08 19:34 <REP> d-------- C:\Program Files\uTorrent
2008-07-08 19:30 . 2008-07-09 22:15 <REP> d-------- C:\Documents and Settings\steve\Application Data\uTorrent
2008-07-08 18:56 . 2008-07-08 19:11 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-08 18:56 . 2008-07-08 19:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-08 18:52 . 2008-07-08 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-08 18:52 . 2008-07-12 00:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-08 18:51 . 2008-07-12 00:27 4,575,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:51 . 2008-07-12 00:27 121,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 18:51 . 2008-07-11 23:46 61,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 18:51 . 2008-07-11 23:46 14,132 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:50 . 2008-07-08 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-07 16:41 . 2008-07-07 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 15:25 . 2008-07-07 15:25 <REP> d-------- C:\Documents and Settings\steve\Application Data\Talkback
2008-07-07 14:52 . 2008-07-07 14:53 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-07-07 12:58 . 2008-07-07 12:58 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-07-07 10:09 . 2008-07-07 10:09 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-07 10:09 . 2008-07-07 10:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-07-07 06:28 . 2008-07-07 06:32 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 13:08 . 2008-07-11 19:11 28,800 --------- C:\WINDOWS\system32\xxyVmLCU.dll
2008-06-30 16:25 . 2008-06-30 16:25 <REP> d-------- C:\Program Files\Sierra
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 16:03 . 2008-06-17 16:03 <REP> d-------- C:\Documents and Settings\steve\Application Data\Sonic
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 16:30 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 21:48 --------- d-----w C:\Program Files\Wanadoo
2008-07-11 21:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 23:22 --------- d-----w C:\Documents and Settings\steve\Application Data\LimeWire
2008-07-09 19:45 --------- d-----w C:\Program Files\LimeWire
2008-07-09 09:35 --------- d-----w C:\Program Files\Google
2008-07-09 09:11 --------- d-----w C:\Program Files\Nokia
2008-07-09 09:06 --------- d-----w C:\Program Files\QuickTime
2008-07-09 08:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-08 16:40 --------- d-----w C:\Program Files\GlobFX Technologies
2008-07-08 16:35 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-07-07 10:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 17:27 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-29 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-28 15:45 --------- d-----w C:\Documents and Settings\steve\Application Data\Nokia
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-10 19:26 --------- d-----w C:\Documents and Settings\steve\Application Data\dvdcss
2008-06-03 09:32 --------- d-----w C:\Program Files\AVIConverter
2008-05-31 17:53 --------- d-----w C:\Program Files\Odometer
2008-05-31 16:30 --------- d-----w C:\Program Files\StartClock
2008-05-31 14:55 --------- d-----w C:\Documents and Settings\steve\Application Data\Zylom
2008-05-31 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-30 10:27 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-24 17:02 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\SETE6.tmp
2008-05-21 20:48 --------- d-----w C:\Program Files\Java
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\steve\Application Data\OtakuSoftware
2008-05-20 06:29 --------- d-----w C:\Documents and Settings\steve\Application Data\Yahoo!
2008-05-20 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-19 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-05-19 15:58 --------- d-----w C:\Program Files\MSN Apps
2008-05-19 15:53 --------- d-----w C:\Program Files\ProgramLaunch
2008-05-19 15:53 --------- d-----w C:\Program Files\Kantaris
2008-05-19 09:39 --------- d-----w C:\Documents and Settings\steve\Application Data\kantaris
2008-05-17 08:03 --------- d-----w C:\Program Files\Fichiers communs\Totem Shared
2008-05-12 07:59 --------- d-----w C:\Program Files\VirginMega
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_19.36.45.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-07-09 17:29:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 21:47:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90909807-d7b1-4257-9583-f266614d079b}]
2008-07-10 21:07 116352 --a------ C:\WINDOWS\system32\xdyefv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80123684-A222-4009-8220-A867294D6DE8}"= "C:\WINDOWS\nqgpedlr.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{80123684-a222-4009-8220-a867294d6de8}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7F62B052-BBD3-476F-A8D5-AEA51D86367A}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [BU]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [BU]
"SysA.exe"="C:\Windows\SysA.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 21:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 15:37 40960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [BU]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-10 21:45:54 7168]
TrayMin315.exe.lnk - C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe [2008-04-30 14:00:44 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115241_mcappins.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115238_mcinfo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffe501d-16b9-11dd-b135-0015c522d0ce}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c332c682-4d0d-11dd-b1c0-0015c522d0ce}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\explore\Command - F:\autorun.exe -e
\Shell\open\Command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd64bd7b-169b-11dd-b12f-00038a000015}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 21:32:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 16:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 00:27:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-12 0:29:00
ComboFix-quarantined-files.txt 2008-07-11 22:28:41
ComboFix2.txt 2008-07-11 22:03:45
ComboFix3.txt 2008-07-11 21:44:35
ComboFix4.txt 2008-07-11 19:15:32
ComboFix5.txt 2008-07-09 18:47:00

Pre-Run: 28,142,120,960 octets libres
Post-Run: 28,127,977,472 octets libres

272 --- E O F --- 2008-07-11 21:01:16

djkeops710 · Answer

c un peu tard pour demandé de l aide j aimerai avoir la suite des operations merci a la personne qui examinera mes rapports

^^Marie^^ · Answer

Salut

Pourquoi as-tu mis COmboFix en D ??

- Un rapport s'ouvrira ensuite dans le bloc notes, 
ce fichier rapport Combofix.txt, est automatiquement 
sauvegardé et rangé à C:\Combofix.txt) 

Renvoie un log hijackthis -- stp

djkeops710 · Answer

j  aimerais la suite des operations si quelqu un a le temps pour moi merci

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\WINDOWS
qgpedlr.dll
C:\WINDOWS\system32\xdyefv.dll
C:\WINDOWS\system32\amvo.exe 



Registry::
[-HKEY_CLASSES_ROOT\clsid\{80123684-a222-4009-8220-a867294d6de8}]
[-HKEY_CLASSES_ROOT
qgpedlr.1]
[-HKEY_CLASSES_ROOT\TypeLib\{7F62B052-BBD3-476F-A8D5-AEA51D86367A}]
[-HKEY_CLASSES_ROOT
qgpedlr]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90909807-d7b1-4257-9583-f266614d079b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80123684-A222-4009-8220-A867294D6DE8}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

djkeops710 · Answer

ComboFix 08-07-11.1 - steve 2008-07-12 14:23:30.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.362 [GMT 2:00]
Endroit: C:\ComboFix.exe
Command switches used :: C:\Documents and Settings\steve\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\nqgpedlr.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\xdyefv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xdyefv.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.

2008-07-12 13:45 . 2008-07-12 13:45 2,611,847 --a------ C:\ComboFix.exe
2008-07-11 22:30 . 2008-07-11 22:30 173 --a------ C:\curr_ver.tmp
2008-07-11 18:56 . 2008-07-11 18:56 <REP> d-------- C:\Documents and Settings\steve\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 19:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 18:17 . 2008-07-11 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-11 18:14 . 2008-07-11 18:14 <REP> d-------- C:\Program Files\Yahoo!
2008-07-11 18:14 . 2008-07-11 18:15 <REP> d-------- C:\Program Files\CCleaner
2008-07-11 15:33 . 2008-07-11 15:33 <REP> d-------- C:\Program Files\Securitoo
2008-07-10 21:07 . 2008-07-10 21:07 116,352 --a------ C:\WINDOWS\system32\pcwhelky.dll
2008-07-10 17:10 . 2008-07-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-10 17:09 . 2008-07-10 17:09 <REP> d-------- C:\Program Files\NCH Software
2008-07-10 10:53 . 2008-07-11 15:35 41 --a------ C:\WINDOWS\Kit.ini
2008-07-09 22:59 . 2008-07-12 12:27 <REP> d-------- C:\Program Files\Navilog1
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\liqwpl.dll
2008-07-09 21:06 . 2008-07-09 21:06 112,256 --a------ C:\WINDOWS\system32\khryffxe.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\yypeexhx.dll
2008-07-09 19:38 . 2008-07-09 19:38 112,256 --a------ C:\WINDOWS\system32\leidgx.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\hoteaqbb.dll
2008-07-09 19:16 . 2008-07-09 19:16 112,256 --a------ C:\WINDOWS\system32\cadbov.dll
2008-07-09 14:20 . 2008-07-09 14:20 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-07-09 12:59 . 2008-07-09 16:01 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 12:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-09 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-09 12:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-09 12:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-09 12:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-09 12:58 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-09 12:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-09 12:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-09 12:03 . 2008-07-09 12:03 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-07-09 12:03 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-07-09 12:03 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-07-09 08:36 . 2008-07-09 08:36 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-07-08 20:01 . 2008-07-08 20:01 <REP> d-------- C:\Program Files\Driver-Soft
2008-07-08 20:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-07-08 20:01 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-08 19:30 . 2008-07-08 19:34 <REP> d-------- C:\Program Files\uTorrent
2008-07-08 19:30 . 2008-07-12 14:33 <REP> d-------- C:\Documents and Settings\steve\Application Data\uTorrent
2008-07-08 18:56 . 2008-07-08 19:11 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-08 18:56 . 2008-07-08 19:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-08 18:52 . 2008-07-08 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-08 18:52 . 2008-07-12 09:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-08 18:51 . 2008-07-12 14:37 4,772,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 18:51 . 2008-07-12 14:37 131,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 18:51 . 2008-07-12 09:58 63,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 18:51 . 2008-07-12 09:58 14,492 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:50 . 2008-07-08 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-07 16:41 . 2008-07-07 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 15:25 . 2008-07-07 15:25 <REP> d-------- C:\Documents and Settings\steve\Application Data\Talkback
2008-07-07 14:52 . 2008-07-07 14:53 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-07-07 12:58 . 2008-07-07 12:58 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-07-07 10:09 . 2008-07-07 10:09 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-07 10:09 . 2008-07-07 10:09 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-07-07 06:28 . 2008-07-07 06:32 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 13:08 . 2008-07-11 19:11 28,800 --------- C:\WINDOWS\system32\xxyVmLCU.dll
2008-06-30 16:25 . 2008-06-30 16:25 <REP> d-------- C:\Program Files\Sierra
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 16:03 . 2008-06-17 16:03 <REP> d-------- C:\Documents and Settings\steve\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:57 --------- d-----w C:\Documents and Settings\steve\Application Data\LimeWire
2008-07-12 11:03 --------- d-----w C:\Program Files\LimeWire
2008-07-12 09:54 --------- d-----w C:\Program Files\Wanadoo
2008-07-12 07:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-09 09:35 --------- d-----w C:\Program Files\Google
2008-07-09 09:11 --------- d-----w C:\Program Files\Nokia
2008-07-09 09:06 --------- d-----w C:\Program Files\QuickTime
2008-07-09 08:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-08 16:40 --------- d-----w C:\Program Files\GlobFX Technologies
2008-07-08 16:35 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-07-07 10:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 17:27 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-29 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-28 15:45 --------- d-----w C:\Documents and Settings\steve\Application Data\Nokia
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:26 --------- d-----w C:\Documents and Settings\steve\Application Data\dvdcss
2008-06-03 09:32 --------- d-----w C:\Program Files\AVIConverter
2008-05-31 17:53 --------- d-----w C:\Program Files\Odometer
2008-05-31 16:30 --------- d-----w C:\Program Files\StartClock
2008-05-31 14:55 --------- d-----w C:\Documents and Settings\steve\Application Data\Zylom
2008-05-31 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-30 10:27 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-24 17:02 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\SETE6.tmp
2008-05-21 20:48 --------- d-----w C:\Program Files\Java
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\steve\Application Data\OtakuSoftware
2008-05-20 06:29 --------- d-----w C:\Documents and Settings\steve\Application Data\Yahoo!
2008-05-20 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-19 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-05-19 15:58 --------- d-----w C:\Program Files\MSN Apps
2008-05-19 15:53 --------- d-----w C:\Program Files\ProgramLaunch
2008-05-19 15:53 --------- d-----w C:\Program Files\Kantaris
2008-05-19 09:39 --------- d-----w C:\Documents and Settings\steve\Application Data\kantaris
2008-05-17 08:03 --------- d-----w C:\Program Files\Fichiers communs\Totem Shared
2008-05-12 07:59 --------- d-----w C:\Program Files\VirginMega
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_19.36.45.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-07-09 17:29:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 07:58:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [BU]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"DeskSpace"="C:\Program Files\DeskSpace\deskspace.exe" [BU]
"SysA.exe"="C:\Windows\SysA.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 21:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 15:37 40960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [BU]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-10 21:45:54 7168]
TrayMin315.exe.lnk - C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe [2008-04-30 14:00:44 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115241_mcappins.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\steve\LOCALS~1\Temp\2008430115238_mcinfo.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffe501d-16b9-11dd-b135-0015c522d0ce}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c332c682-4d0d-11dd-b1c0-0015c522d0ce}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\explore\Command - F:\autorun.exe -e
\Shell\open\Command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd64bd7b-169b-11dd-b12f-00038a000015}]
\Shell\AutoRun\command - F:\cb.bat
\Shell\explore\Command - F:\cb.bat
\Shell\open\Command - F:\cb.bat

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-12 12:32:36 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 16:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 14:37:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-07-12 14:41:07
ComboFix-quarantined-files.txt 2008-07-12 12:40:01
ComboFix2.txt 2008-07-11 22:29:01
ComboFix3.txt 2008-07-11 22:03:45
ComboFix4.txt 2008-07-11 21:44:35
ComboFix5.txt 2008-07-11 19:15:32

Pre-Run: 25,404,411,904 octets libres
Post-Run: 25,426,649,088 octets libres

269 --- E O F --- 2008-07-11 21:01:16

djkeops710 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:53, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting
etWaiting.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [SysA.exe] C:\Windows\SysA.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

djkeops710 · Answer

voila j ai fait ce que tu m a dis dossier texte glissé dans combofix tu as le rapport et le rapport hjt

jlpjlp · Answer

analyse ces fichiers sur virus total et colle les rapports  https://www.virustotal.com/gui/

C:\WINDOWS\system32\xxyVmLCU.dll 
C:\Windows\SysA.exe 

______________

explique tes soucis actuels et colle un rapport avec kaspersky que tu as 

ou avec bitdefender en ligne

bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html

djkeops710 · Answer

Fichier Nouveau_Document_texte.txt reçu le 2008.07.12 18:25:47 (CET)
Situation actuelle: terminé 

Résultat: 0/33 (0.00%)
 Formaté Impression des résultats  
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.7.11.0 2008.07.11 - 
AntiVir 7.8.0.64 2008.07.11 - 
Authentium 5.1.0.4 2008.07.11 - 
Avast 4.8.1195.0 2008.07.12 - 
AVG 7.5.0.516 2008.07.12 - 
BitDefender 7.2 2008.07.12 - 
CAT-QuickHeal 9.50 2008.07.11 - 
ClamAV 0.93.1 2008.07.11 - 
DrWeb 4.44.0.09170 2008.07.12 - 
eSafe 7.0.17.0 2008.07.10 - 
eTrust-Vet 31.6.5949 2008.07.12 - 
Ewido 4.0 2008.07.12 - 
F-Prot 4.4.4.56 2008.07.11 - 
F-Secure 7.60.13501.0 2008.07.12 - 
Fortinet 3.14.0.0 2008.07.12 - 
GData 2.0.7306.1023 2008.07.12 - 
Ikarus T3.1.1.26.0 2008.07.12 - 
Kaspersky 7.0.0.125 2008.07.12 - 
McAfee 5337 2008.07.11 - 
Microsoft 1.3704 2008.07.12 - 
NOD32v2 3263 2008.07.11 - 
Norman 5.80.02 2008.07.11 - 
Panda 9.0.0.4 2008.07.12 - 
Prevx1 V2 2008.07.12 - 
Rising 20.52.52.00 2008.07.12 - 
Sophos 4.31.0 2008.07.12 - 
Sunbelt 3.1.1536.1 2008.07.12 - 
Symantec 10 2008.07.12 - 
TheHacker 6.2.96.376 2008.07.10 - 
TrendMicro 8.700.0.1004 2008.07.11 - 
VBA32 3.12.6.9 2008.07.12 - 
VirusBuster 4.5.11.0 2008.07.12 - 
Webwasher-Gateway 6.6.2 2008.07.11 - 
Information additionnelle 
File size: 57 bytes 
MD5...: 975572b2b199e582e29db59bf9f651eb 
SHA1..: 05bf53f8b55bdcac5c89a5d2b7575ec0825a7676 
SHA256: 7482f315a2d008dcce2be52483d537b76f17e689a2aa82067b15f123272ab3bf 
SHA512: 07649a2f5ea019c517089152419d1c8b31cf84fe95766c8ccb5f7b69f2c36ea9
90747310b7e0d07169a1479de6b425821fca27b5e4ca1177b7c740b867b88662 
PEiD..: -

djkeops710 · Answer

voila j ai analysé ces fichiers avec virus total j ai tout dabord copier ces fichier dans un dossier texte et ensuite analysé par virus total et ma sorti ce rapport alors je ne sais pas si j ai bien fait et ensuite je n ai pas compris le reste du sujet a faire

jlpjlp · Answer

colle un rapport avec kaspersky que tu as

ou avec bitdefender en ligne

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

djkeops710 · Answer

ensuite j ai telechargé bitdéfender en ligne et ensuite l ordi ne repondais plus rien a faire je ne pouvais non plus le suprimé puisque aucune fonctionne ne répondais alors j ai essayé de faire un démarrage sans echec et j ai fait un point de réstauration avant 14h30 et finalement tout est revenu dans l ordre   mais je ne sais toujours pas quoi faire je t ai posté un rapport analysé par virus total sur les 2 elements du dossier et apres je ne sais pas

G-force · Answer

sl, malgré que je n'ai intervenue q'une fois ou deux, sache que j'ai suivit l'evolution de cette page et  le mieux que je puisse te conseillé c'est de creer a partir d'un autre poste, un cd  bootable d'antivirus ( kaspersky fait cette option)  est de demarrer windows, sauvegarder tes données sur un cd ou usb est formater le DD .
bref c a toi de voir.

Ordi infecté

40 réponses

Votre réponse

Newsletters