Infecté, sur, mais par quoi??
Résolu
fabriceg
Messages postés
578
Statut
Membre
-
fabriceg Messages postés 578 Statut Membre -
fabriceg Messages postés 578 Statut Membre -
Bonjour,
je suis infecter par un virus, mais ayant changer recemment d'anti virus, je n'arrive a l'eradiquer, les sympthomes sont tres net ralentissement ps et pub intempestive, merci par avance de votre aide
je suis infecter par un virus, mais ayant changer recemment d'anti virus, je n'arrive a l'eradiquer, les sympthomes sont tres net ralentissement ps et pub intempestive, merci par avance de votre aide
A voir également:
- Infecté, sur, mais par quoi??
- Alerte windows ordinateur infecté - Accueil - Arnaque
- Google infecté huawei ✓ - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment ✓ - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment - Forum Virus
- Mustapha - Forum Windows
16 réponses
Salut,
Télécharge HijackThis ici :
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Télécharge HijackThis ici :
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Merci chiquitine pour ton aide et merci a balltrap pour ce magnifique tuto video, voici le post que tu m'as demander
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:49, on 11/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [9c93784a] rundll32.exe "C:\Users\Fabrice\AppData\Local\Temp\sosporax.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:49, on 11/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [9c93784a] rundll32.exe "C:\Users\Fabrice\AppData\Local\Temp\sosporax.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
DE rien :
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
ps : les rapport sont aussi rangé dans l onglet rapport/log
le scan commence, j'ai 3 gros disques durs donc ca va etre long, je ne pourrai le poster que demain car cette nuit je bosse, juste pour te prevenir et encore merci de ton aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
OK demain je suis pas la donc un autre prendra la suite ou sinon je serais la mais tard dans la soirée
re, voici le log generé apres suppresion de la selection, si tu veux aussi celui d'avant je l'ai sauvegarder
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 940
Windows 6.0.6001 Service Pack 1
04:20:15 12/07/2008
mbam-log-7-12-2008 (04-20-15).txt
Type de recherche: Examen complet (C:\|F:\|H:\|)
Eléments examinés: 158813
Temps écoulé: 3 hour(s), 13 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c93784a (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRDF2CPD\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\digqbeff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\oyvsoiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\sosporax.dll (Trojan.Vundo) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 940
Windows 6.0.6001 Service Pack 1
04:20:15 12/07/2008
mbam-log-7-12-2008 (04-20-15).txt
Type de recherche: Examen complet (C:\|F:\|H:\|)
Eléments examinés: 158813
Temps écoulé: 3 hour(s), 13 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c93784a (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRDF2CPD\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\digqbeff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\oyvsoiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabrice\AppData\Local\Temp\sosporax.dll (Trojan.Vundo) -> Delete on reboot.
Salut
redémarre le pc si ça n a pas été fait
ensuite réouvre malewarebyte
va sur quarantaine
supprime tout
pus refai sun scan hijackthis et post le rapport stp
redémarre le pc si ça n a pas été fait
ensuite réouvre malewarebyte
va sur quarantaine
supprime tout
pus refai sun scan hijackthis et post le rapport stp
ok, donc voici le rapport hijackthis apres suppression des fichier dans l'onglet quarantaine de malewarebyte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:04:18, on 13/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:04:18, on 13/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
re
tu connais ce programme : C:\Program Files\CardDetector ??
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
tu connais ce programme : C:\Program Files\CardDetector ??
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
re, oui card detector c le logiciel fournit par orange pour les cles usb 3g+, pour le net partout en nomade
donc voici le log de combofix
ComboFix 08-07-13.6 - Fabrice 2008-07-14 1:28:11.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.733 [GMT 2:00]
Endroit: C:\Users\Fabrice\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:48 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-11 18:48 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 18:41 . 2008-07-11 18:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 12:39 . 2008-07-10 12:39 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\AdobeUM
2008-07-10 12:39 . 2008-07-10 12:39 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\AdobeAUM
2008-07-07 18:14 . 2008-07-07 18:18 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-07-07 18:14 . 2008-07-07 18:38 <REP> d-------- C:\Program Files\Samsung
2008-07-07 18:14 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-07-07 18:14 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-07-07 18:14 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-07-07 18:14 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-07-07 14:03 . 2005-12-30 20:10 761,856 --a------ C:\Windows\System32\xvidcore.dll
2008-07-07 14:03 . 2005-12-30 20:18 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-06-25 13:29 . 2008-06-25 13:29 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\Media Player Classic
2008-06-25 12:02 . 2008-06-25 12:02 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-06-25 12:02 . 2008-06-25 12:02 <REP> d-------- C:\ProgramData\VistaCodecs
2008-06-25 11:45 . 2008-06-25 11:45 <REP> d-------- C:\Program Files\AVIcodec
2008-06-25 11:20 . 2008-06-25 11:20 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\vlc
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-a------ C:\Users\All Users\rkfree
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-a------ C:\ProgramData\rkfree
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-------- C:\Program Files\RKFree
2008-06-21 17:14 . 2008-06-21 17:14 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-06-21 17:14 . 2008-06-21 17:14 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-06-21 17:06 . 2006-11-28 20:46 28,224 --a------ C:\Windows\System32\drivers\PCAMp50.sys
2008-06-21 17:06 . 2006-11-28 20:46 27,072 --a------ C:\Windows\System32\drivers\PCASp50.sys
2008-06-21 17:05 . 2008-06-21 17:05 <REP> d-------- C:\Program Files\Orange
2008-06-21 17:03 . 2008-06-21 17:03 <REP> d-------- C:\Program Files\Common Files\France Telecom
2008-06-21 17:01 . 2007-11-14 00:29 51,968 --a------ C:\Windows\System32\drivers\gt72ubus.sys
2008-06-21 17:00 . 2007-11-14 00:29 8,064 --a------ C:\Windows\System32\drivers\gtptser.sys
2008-06-21 16:59 . 2007-11-14 00:29 95,744 --a------ C:\Windows\System32\drivers\Gt51Ip.sys
2008-06-21 16:58 . 2008-06-21 16:58 <REP> d-------- C:\Program Files\CardDetector
2008-06-21 15:42 . 2008-06-21 16:13 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-21 15:42 . 2008-06-21 16:13 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-21 15:42 . 2008-06-21 15:42 <REP> d-------- C:\Program Files\Lavasoft
2008-06-21 15:41 . 2008-06-21 15:41 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 17:44 . 2008-06-19 17:44 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-19 17:28 . 2008-06-21 17:48 <REP> d-------- C:\Users\Fabrice\Tracing
2008-06-19 17:28 . 2008-06-19 17:28 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-19 15:13 . 2008-06-19 17:11 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-06-17 14:13 . 2008-06-17 14:13 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\TeamViewer
2008-06-17 14:12 . 2008-06-17 14:14 <REP> d-------- C:\Program Files\TeamViewer3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 01:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 12:03 --------- d-----w C:\Program Files\XviD
2008-07-05 18:31 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-05 18:31 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-05 18:31 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-06-21 16:11 --------- d-----w C:\ProgramData\WLInstaller
2008-06-21 16:09 --------- d-----w C:\Program Files\Windows Live
2008-06-19 15:28 --------- d-----w C:\Program Files\DivX
2008-06-18 15:58 --------- d-----w C:\Program Files\BitComet
2008-06-17 12:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 15:39 --------- d-----w C:\Users\Fabrice\AppData\Roaming\AVS4YOU
2008-06-09 15:39 --------- d-----w C:\ProgramData\AVS4YOU
2008-06-09 15:38 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-06-09 15:38 --------- d-----w C:\Program Files\AVS4YOU
2008-06-05 15:22 --------- d-----w C:\Program Files\eMule
2008-06-02 16:53 --------- d-----w C:\ProgramData\Macrovision
2008-06-02 16:53 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 16:40 --------- d-----w C:\ProgramData\Seagate
2008-05-24 08:02 --------- d-----w C:\Program Files\Java
2008-05-24 08:00 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-22 13:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 13:11 --------- d-----w C:\Program Files\iTunes
2008-05-22 13:11 --------- d-----w C:\Program Files\iPod
2008-05-22 13:07 --------- d-----w C:\Program Files\QuickTime
2008-05-22 12:50 --------- d-----w C:\Program Files\Apple Software Update
2008-05-22 12:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 13:45 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Apple Computer
2008-05-19 11:05 --------- d-----w C:\Program Files\Red Kawa
2008-05-19 11:05 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-19 11:04 --------- d-----w C:\Program Files\Videora
2008-05-19 09:32 --------- d-----w C:\Program Files\Google
2008-05-18 15:41 --------- d-----w C:\Program Files\EPSON
2008-05-18 15:34 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-18 12:59 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Nokia
2008-05-18 10:22 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Talkback
2008-05-18 10:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-05-18 10:08 --------- d-----w C:\Users\Fabrice\AppData\Roaming\PC Suite
2008-05-18 10:08 --------- d-----w C:\ProgramData\PC Suite
2008-05-18 10:07 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-18 09:57 --------- d-----w C:\Program Files\Nokia
2008-05-18 09:57 --------- d-----w C:\Program Files\DIFX
2008-05-18 09:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-18 09:57 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-18 09:55 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-18 09:50 --------- d-----w C:\ProgramData\Installations
2008-05-16 22:04 --------- d-----w C:\ProgramData\eMule
2008-05-16 16:28 --------- d-----w C:\Program Files\CONEXANT
2008-05-16 14:43 --------- d-----w C:\Program Files\Pando Networks
2008-05-16 14:36 --------- d-----w C:\Program Files\VideoLAN
2008-05-16 13:24 --------- d-----w C:\Program Files\Common Files\SPC610NC
2008-05-16 13:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 12:55 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 12:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 12:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-16 11:56 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-16 11:56 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-16 11:19 --------- d-----w C:\Program Files\MioNet
2008-05-16 11:10 --------- d-----w C:\Program Files\Philips
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-16 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-16 09:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-15 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-15 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-15 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-15 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-15 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-15 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-15 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-15 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-15 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-15 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-15 21:44 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-15 21:43 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-15 18:42 --------- d-----w C:\ProgramData\Apple Computer
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 1.06.49.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 02:24:37 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-13 23:19:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-12 02:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-13 23:19:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-12 02:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-13 23:19:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-12 02:30:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 23:21:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 23:21:30 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-12 02:30:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 23:21:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 23:21:24 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-12 02:29:17 105,276 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-13 23:26:55 102,942 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-12 02:29:17 128,418 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-07-13 23:26:55 128,418 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-07-12 02:29:17 595,946 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-13 23:26:55 593,612 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-12 02:29:17 679,430 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-07-13 23:26:55 679,430 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-07-12 02:31:43 5,736 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2879257454-2226893299-582349418-1000_UserData.bin
+ 2008-07-13 23:21:46 6,028 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2879257454-2226893299-582349418-1000_UserData.bin
- 2008-07-12 02:31:43 50,926 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 23:21:45 51,020 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-12 02:31:41 37,638 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 23:21:43 37,638 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00 3394048]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-06-19 17:11 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 20:31 1232152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 21:20 815104]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 01:47 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe" [2007-12-05 14:22 107248]
"rkfree"="C:\Program Files\RKFree\rkfree.exe" [2008-06-21 18:25 66048]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{14E4C50B-7BF8-486E-BEE7-23C5FF8D8BA4}"= UDP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{DC74ADC0-6B0A-4971-9E00-026887C9755B}"= TCP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{AE1FB81B-5DD2-4FF3-9076-8E5D374B8DD3}"= UDP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{C6BEE850-69C7-49AE-89F1-C80B2FA4DA92}"= TCP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{F315BF2D-41B8-482A-9859-5D88B4E6CDE9}"= UDP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{774D96A3-605D-47B4-99A5-05C2A6BD60A5}"= TCP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{7CCA2B6D-08B7-43E2-B019-A09EB4D6758A}"= UDP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{E287ABAB-421C-42DA-818D-58AAC5FEE527}"= TCP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{B8F8C879-80D2-4599-822F-32B39488E2BF}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3DC5A4F8-DAEE-43FA-9CA3-A5EB8FCF40D3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{39359BC2-1F17-48CB-9E15-B27F13B6B917}"= UDP:17214:BitComet 17214 TCP
"{BBE94C97-92B4-4E5F-A115-431B484B172F}"= TCP:17214:BitComet 17214 UDP
"TCP Query User{6DD5487D-B095-48F2-8CAD-6AE7CABF69DB}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{388C49F0-B7EB-4DE4-9AE1-DD0D732C4F62}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{928B71C6-10E8-4E19-91DB-784C32912ACC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{90BD109A-B197-463B-847A-9F1085BD2AE8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1E33DF47-240B-4BC1-ACBA-411F1D04AB26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41BEB15D-74B3-4950-BAEC-D64D318B3BE4}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{F36E4440-33A7-449B-B309-204EA565BBA1}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{73B46C80-0E22-4046-BAC0-D59C800C2FD9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{04D8FC35-6AC3-4D56-B5EC-4973359C3CA3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{07D0062B-E5A1-4AC7-A27B-B0DD6C710354}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9E6BE6E9-E093-4C91-93D8-A7B71E883AF1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{C613F491-792D-4ACB-B45F-5DC10CE9D73E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D3E48282-1D3F-4DF6-9CA4-B68B9BE5AFF1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{98A9B429-4738-4FD0-ADFA-C0060DAC994F}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{36ED0C97-48A8-45E1-A30B-2ADBABDD779E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\IEWInternet-DMGP\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-05 20:31]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 20:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 20:31]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-05-05 15:27]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 05:36]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-05 20:31]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-14 00:29]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-14 00:29]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-14 00:29]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 20:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 20:46]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\Windows\system32\DRIVERS\SPC610NC.SYS [2007-01-19 17:14]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d433a9d9-3e14-11dd-9ccc-001636d8e4f1}]
\shell\AutoRun\command - E:\AutoRunCardDetector.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-13 01:17:28 C:\Windows\Tasks\User_Feed_Synchronization-{CE826DD9-4493-43A8-A2F5-68A876C02C66}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 01:31:28
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
rkfree = "C:\Program Files\RKFree\rkfree.exe" /b???????f????????%???????????????????????????????????????????????@?%???????????????!????????????K?????????K????/??????????????????K?????????K????/????????????????K???????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 1:33:00
ComboFix-quarantined-files.txt 2008-07-13 23:32:34
ComboFix2.txt 2008-07-13 23:14:13
ComboFix3.txt 2008-07-13 23:07:15
Pre-Run: 26,853,056,512 octets libres
Post-Run: 26,829,365,248 octets libres
289 --- E O F --- 2008-07-12 01:02:38
ComboFix 08-07-13.6 - Fabrice 2008-07-14 1:28:11.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.733 [GMT 2:00]
Endroit: C:\Users\Fabrice\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-11 18:48 . 2008-07-11 18:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:48 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-11 18:48 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 18:41 . 2008-07-11 18:41 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 12:39 . 2008-07-10 12:39 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\AdobeUM
2008-07-10 12:39 . 2008-07-10 12:39 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\AdobeAUM
2008-07-07 18:14 . 2008-07-07 18:18 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-07-07 18:14 . 2008-07-07 18:38 <REP> d-------- C:\Program Files\Samsung
2008-07-07 18:14 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-07-07 18:14 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-07-07 18:14 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-07-07 18:14 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-07-07 18:14 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-07-07 14:03 . 2005-12-30 20:10 761,856 --a------ C:\Windows\System32\xvidcore.dll
2008-07-07 14:03 . 2005-12-30 20:18 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-06-25 13:29 . 2008-06-25 13:29 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\Media Player Classic
2008-06-25 12:02 . 2008-06-25 12:02 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-06-25 12:02 . 2008-06-25 12:02 <REP> d-------- C:\ProgramData\VistaCodecs
2008-06-25 11:45 . 2008-06-25 11:45 <REP> d-------- C:\Program Files\AVIcodec
2008-06-25 11:20 . 2008-06-25 11:20 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\vlc
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-a------ C:\Users\All Users\rkfree
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-a------ C:\ProgramData\rkfree
2008-06-21 18:25 . 2008-06-21 18:25 <REP> d-------- C:\Program Files\RKFree
2008-06-21 17:14 . 2008-06-21 17:14 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-06-21 17:14 . 2008-06-21 17:14 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-06-21 17:06 . 2006-11-28 20:46 28,224 --a------ C:\Windows\System32\drivers\PCAMp50.sys
2008-06-21 17:06 . 2006-11-28 20:46 27,072 --a------ C:\Windows\System32\drivers\PCASp50.sys
2008-06-21 17:05 . 2008-06-21 17:05 <REP> d-------- C:\Program Files\Orange
2008-06-21 17:03 . 2008-06-21 17:03 <REP> d-------- C:\Program Files\Common Files\France Telecom
2008-06-21 17:01 . 2007-11-14 00:29 51,968 --a------ C:\Windows\System32\drivers\gt72ubus.sys
2008-06-21 17:00 . 2007-11-14 00:29 8,064 --a------ C:\Windows\System32\drivers\gtptser.sys
2008-06-21 16:59 . 2007-11-14 00:29 95,744 --a------ C:\Windows\System32\drivers\Gt51Ip.sys
2008-06-21 16:58 . 2008-06-21 16:58 <REP> d-------- C:\Program Files\CardDetector
2008-06-21 15:42 . 2008-06-21 16:13 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-21 15:42 . 2008-06-21 16:13 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-21 15:42 . 2008-06-21 15:42 <REP> d-------- C:\Program Files\Lavasoft
2008-06-21 15:41 . 2008-06-21 15:41 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 17:44 . 2008-06-19 17:44 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-19 17:28 . 2008-06-21 17:48 <REP> d-------- C:\Users\Fabrice\Tracing
2008-06-19 17:28 . 2008-06-19 17:28 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-19 15:13 . 2008-06-19 17:11 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-06-17 14:13 . 2008-06-17 14:13 <REP> d-------- C:\Users\Fabrice\AppData\Roaming\TeamViewer
2008-06-17 14:12 . 2008-06-17 14:14 <REP> d-------- C:\Program Files\TeamViewer3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 01:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 12:03 --------- d-----w C:\Program Files\XviD
2008-07-05 18:31 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-05 18:31 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-05 18:31 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-06-21 16:11 --------- d-----w C:\ProgramData\WLInstaller
2008-06-21 16:09 --------- d-----w C:\Program Files\Windows Live
2008-06-19 15:28 --------- d-----w C:\Program Files\DivX
2008-06-18 15:58 --------- d-----w C:\Program Files\BitComet
2008-06-17 12:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 15:39 --------- d-----w C:\Users\Fabrice\AppData\Roaming\AVS4YOU
2008-06-09 15:39 --------- d-----w C:\ProgramData\AVS4YOU
2008-06-09 15:38 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-06-09 15:38 --------- d-----w C:\Program Files\AVS4YOU
2008-06-05 15:22 --------- d-----w C:\Program Files\eMule
2008-06-02 16:53 --------- d-----w C:\ProgramData\Macrovision
2008-06-02 16:53 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 16:40 --------- d-----w C:\ProgramData\Seagate
2008-05-24 08:02 --------- d-----w C:\Program Files\Java
2008-05-24 08:00 --------- d-----w C:\Program Files\Common Files\Java
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-22 13:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 13:11 --------- d-----w C:\Program Files\iTunes
2008-05-22 13:11 --------- d-----w C:\Program Files\iPod
2008-05-22 13:07 --------- d-----w C:\Program Files\QuickTime
2008-05-22 12:50 --------- d-----w C:\Program Files\Apple Software Update
2008-05-22 12:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 13:45 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Apple Computer
2008-05-19 11:05 --------- d-----w C:\Program Files\Red Kawa
2008-05-19 11:05 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-19 11:04 --------- d-----w C:\Program Files\Videora
2008-05-19 09:32 --------- d-----w C:\Program Files\Google
2008-05-18 15:41 --------- d-----w C:\Program Files\EPSON
2008-05-18 15:34 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-18 12:59 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Nokia
2008-05-18 10:22 --------- d-----w C:\Users\Fabrice\AppData\Roaming\Talkback
2008-05-18 10:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-05-18 10:08 --------- d-----w C:\Users\Fabrice\AppData\Roaming\PC Suite
2008-05-18 10:08 --------- d-----w C:\ProgramData\PC Suite
2008-05-18 10:07 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-18 09:57 --------- d-----w C:\Program Files\Nokia
2008-05-18 09:57 --------- d-----w C:\Program Files\DIFX
2008-05-18 09:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-18 09:57 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-18 09:55 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-18 09:50 --------- d-----w C:\ProgramData\Installations
2008-05-16 22:04 --------- d-----w C:\ProgramData\eMule
2008-05-16 16:28 --------- d-----w C:\Program Files\CONEXANT
2008-05-16 14:43 --------- d-----w C:\Program Files\Pando Networks
2008-05-16 14:36 --------- d-----w C:\Program Files\VideoLAN
2008-05-16 13:24 --------- d-----w C:\Program Files\Common Files\SPC610NC
2008-05-16 13:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 12:55 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 12:46 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 12:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 12:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-16 11:56 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-16 11:56 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-16 11:19 --------- d-----w C:\Program Files\MioNet
2008-05-16 11:10 --------- d-----w C:\Program Files\Philips
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-16 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-16 09:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-15 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-15 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-15 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-15 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-15 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-15 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-15 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-15 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-15 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-15 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-15 21:44 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-15 21:43 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-15 18:42 --------- d-----w C:\ProgramData\Apple Computer
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 1.06.49.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 02:24:37 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-13 23:19:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-12 02:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-13 23:19:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-12 02:24:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-13 23:19:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-12 02:30:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 23:21:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 23:21:30 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-12 02:30:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 23:21:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 23:21:24 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-12 02:29:17 105,276 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-13 23:26:55 102,942 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-12 02:29:17 128,418 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-07-13 23:26:55 128,418 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-07-12 02:29:17 595,946 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-13 23:26:55 593,612 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-12 02:29:17 679,430 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-07-13 23:26:55 679,430 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-07-12 02:31:43 5,736 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2879257454-2226893299-582349418-1000_UserData.bin
+ 2008-07-13 23:21:46 6,028 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2879257454-2226893299-582349418-1000_UserData.bin
- 2008-07-12 02:31:43 50,926 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 23:21:45 51,020 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-12 02:31:41 37,638 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 23:21:43 37,638 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00 3394048]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-06-19 17:11 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 20:31 1232152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 21:20 815104]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 01:47 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="C:\Program Files\Orange\IEWInternet-DMGP\SessionManager\SessionManager.exe" [2007-12-05 14:22 107248]
"rkfree"="C:\Program Files\RKFree\rkfree.exe" [2008-06-21 18:25 66048]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{14E4C50B-7BF8-486E-BEE7-23C5FF8D8BA4}"= UDP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{DC74ADC0-6B0A-4971-9E00-026887C9755B}"= TCP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{AE1FB81B-5DD2-4FF3-9076-8E5D374B8DD3}"= UDP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{C6BEE850-69C7-49AE-89F1-C80B2FA4DA92}"= TCP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{F315BF2D-41B8-482A-9859-5D88B4E6CDE9}"= UDP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{774D96A3-605D-47B4-99A5-05C2A6BD60A5}"= TCP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{7CCA2B6D-08B7-43E2-B019-A09EB4D6758A}"= UDP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{E287ABAB-421C-42DA-818D-58AAC5FEE527}"= TCP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{B8F8C879-80D2-4599-822F-32B39488E2BF}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3DC5A4F8-DAEE-43FA-9CA3-A5EB8FCF40D3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{39359BC2-1F17-48CB-9E15-B27F13B6B917}"= UDP:17214:BitComet 17214 TCP
"{BBE94C97-92B4-4E5F-A115-431B484B172F}"= TCP:17214:BitComet 17214 UDP
"TCP Query User{6DD5487D-B095-48F2-8CAD-6AE7CABF69DB}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{388C49F0-B7EB-4DE4-9AE1-DD0D732C4F62}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{928B71C6-10E8-4E19-91DB-784C32912ACC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{90BD109A-B197-463B-847A-9F1085BD2AE8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1E33DF47-240B-4BC1-ACBA-411F1D04AB26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41BEB15D-74B3-4950-BAEC-D64D318B3BE4}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{F36E4440-33A7-449B-B309-204EA565BBA1}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{73B46C80-0E22-4046-BAC0-D59C800C2FD9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{04D8FC35-6AC3-4D56-B5EC-4973359C3CA3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{07D0062B-E5A1-4AC7-A27B-B0DD6C710354}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9E6BE6E9-E093-4C91-93D8-A7B71E883AF1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{C613F491-792D-4ACB-B45F-5DC10CE9D73E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D3E48282-1D3F-4DF6-9CA4-B68B9BE5AFF1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{98A9B429-4738-4FD0-ADFA-C0060DAC994F}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{36ED0C97-48A8-45E1-A30B-2ADBABDD779E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange\\IEWInternet-DMGP\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\IEWInternet-DMGP\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-05 20:31]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 20:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 20:31]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-05-05 15:27]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 05:36]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-05 20:31]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-14 00:29]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-14 00:29]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-14 00:29]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 20:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 20:46]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\Windows\system32\DRIVERS\SPC610NC.SYS [2007-01-19 17:14]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d433a9d9-3e14-11dd-9ccc-001636d8e4f1}]
\shell\AutoRun\command - E:\AutoRunCardDetector.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-13 01:17:28 C:\Windows\Tasks\User_Feed_Synchronization-{CE826DD9-4493-43A8-A2F5-68A876C02C66}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 01:31:28
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
rkfree = "C:\Program Files\RKFree\rkfree.exe" /b???????f????????%???????????????????????????????????????????????@?%???????????????!????????????K?????????K????/??????????????????K?????????K????/????????????????K???????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 1:33:00
ComboFix-quarantined-files.txt 2008-07-13 23:32:34
ComboFix2.txt 2008-07-13 23:14:13
ComboFix3.txt 2008-07-13 23:07:15
Pre-Run: 26,853,056,512 octets libres
Post-Run: 26,829,365,248 octets libres
289 --- E O F --- 2008-07-12 01:02:38
Copie le texte ci-dessous :
File::
C:\Program Files\RKFree\rkfree.exe
Folder::
C:\Users\All Users\rkfree
C:\ProgramData\rkfree
C:\Program Files\RKFree
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rkfree"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
File::
C:\Program Files\RKFree\rkfree.exe
Folder::
C:\Users\All Users\rkfree
C:\ProgramData\rkfree
C:\Program Files\RKFree
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rkfree"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
