Demande aide rapport hitjackies

Résolu
Winny70 Messages postés 63 Statut Membre -  
Winny70 Messages postés 63 Statut Membre -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:34, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BMa79bcb5e] Rundll32.exe "C:\WINDOWS\system32\gbukhujv.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6a34920cb09b87ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7269 bytes

bonjour que veux dire tout ce rapport
je ne comprend pas grand choses et que dois je faire apres ??
merci

--
Winny et merci pour tout
Qui peux le + peux le -
 
Configuration: Windows XP
Internet Explorer 7.0

38 réponses

  • 1
  • 2
Résumé de la discussion

Le rapport HijackThis analysé ici décrit des processus système Windows XP, des éléments de démarrage et des paramètres IE, permettant de repérer d’éventuelles modifications ou programmes indésirables. Plusieurs entrées de démarrage et services (par exemple adiras.exe, NeroCheck, AVG7 et ctfmon.exe) peuvent être associées à des programmes légitimes ou potentiellement indésirables, ce qui nécessite une vérification prudente. Des recommandations typiques incluent d’analyser les résultats avec un outil anti-malware à jour, de désactiver ou supprimer les entrées suspectes avec prudence et d’effectuer un nouveau scan complet. D’autres interventions conseillent d’effectuer des analyses complémentaires, comme VirusTotal ou Malwarebytes, et d’éviter toute exécution d’un fichier inconnu jusqu’à validation.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais un clic droit sur hijackthis.exe < renommer et nomme le CCM.exe

    ensuite, poste un nouveau rapport stp

    ++
    0
  2. Winny70 Messages postés 63 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:30:34, on 22/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\vphc700.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BMa79bcb5e] Rundll32.exe "C:\WINDOWS\system32\gbukhujv.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TrayMin.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6a34920cb09b87ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    tu as réussi à le renommer ??

    0
    1. Winny70 Messages postés 63 Statut Membre
       
      oui sans probleme ccm.exe
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, dans ce cas ça a échoué ! mais c'est pas la 1er fois que ça arrive ...

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Winny70 Messages postés 63 Statut Membre
     
    ComboFix 08-07-21.2 - Claude 2008-07-22 21:21:23.1 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Claude\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\dopovo.dll
    C:\WINDOWS\system32\dupykynh.ini
    C:\WINDOWS\system32\efcASLDW.dll
    C:\WINDOWS\system32\gbukhujv.dll
    C:\WINDOWS\system32\hnykypud.dll
    C:\WINDOWS\system32\iifgEvsT.dll
    C:\WINDOWS\system32\khfEXopm.dll
    C:\WINDOWS\system32\mpoXEfhk.ini
    C:\WINDOWS\system32\mpoXEfhk.ini2
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\muxaeugq.dll
    C:\WINDOWS\system32\mxfgfihs.dll
    C:\WINDOWS\system32\NqBKlnpo.ini
    C:\WINDOWS\system32\NqBKlnpo.ini2
    C:\WINDOWS\system32\oljrjkby.dll
    C:\WINDOWS\system32\pbrgbdcw.dll
    C:\WINDOWS\system32\snnizv.dll
    C:\WINDOWS\system32\vgtkbtdd.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WINDOWS_LOG

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-07-16 19:10 . 2004-08-30 21:00 1,069,056 --a------ C:\WINDOWS\system32\gpedits.exe
    2009-07-16 19:10 . 2009-07-16 19:10 52,224 --a------ C:\WINDOWS\system32\ftps.exe
    2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdskss.exe
    2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdsks.exe
    2009-07-16 19:10 . 2008-07-22 21:27 221 --a------ C:\WINDOWS\system32\Monitored3.dat
    2009-07-16 19:10 . 2009-07-16 19:10 10 --a------ C:\WINDOWS\system32\ciadvss.exe
    2009-07-16 19:10 . 2009-07-16 19:10 10 --a------ C:\WINDOWS\system32\ciadvs.exe
    2008-07-22 20:30 . 2008-07-22 20:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-22 20:25 . 2008-07-22 20:25 110,419 --a------ C:\WINDOWS\BMa79bcb5e.xml
    2008-07-20 19:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-17 21:28 . 2008-07-17 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-17 20:24 . 2008-07-21 21:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\Claude\Application Data\Malwarebytes
    2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-17 20:24 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\shel
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\ind
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\circ
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\BP3
    2008-07-17 19:04 . 2008-07-17 19:04 242,636 --a------ C:\temp\lsenpR3.exe
    2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\WINDOWS\system32\aumsDK18
    2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\temp\zpv201
    2008-07-17 19:03 . 2008-07-17 19:03 77 --a------ C:\Documents and Settings\Claude\2026.bat
    2008-07-16 19:10 . 2009-07-16 19:23 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-07-16 19:09 . 2008-07-22 21:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-16 04:49 . 2008-07-16 04:49 32,768 --a------ C:\WINDOWS\system32\aumsDK18\aumsDK182328.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-20 17:22 --------- d-----w C:\Program Files\eMule
    2008-07-20 17:08 --------- d-----w C:\Program Files\Yahoo!
    2008-07-19 17:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\LimeWire
    2008-07-19 11:10 --------- d-----w C:\Documents and Settings\Claude\Application Data\AVG7
    2008-07-17 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-17 20:02 --------- d-----w C:\Program Files\QuickTime
    2008-07-17 20:00 --------- d-----w C:\Documents and Settings\Claude\Application Data\Skype
    2008-07-17 19:28 --------- d-----w C:\Program Files\Lavasoft
    2008-07-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-12 07:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-12 06:39 --------- d-----w C:\Program Files\Java
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 19:26 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-06-19 05:37 --------- d-----w C:\Documents and Settings\Claude\Application Data\U3
    2008-06-18 19:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-18 19:25 --------- d-----w C:\Documents and Settings\Claude\Application Data\AdobeUM
    2008-06-18 19:19 --------- d-----w C:\Program Files\Sony
    2008-06-18 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-18 18:58 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
    2008-06-18 18:55 --------- d-----w C:\Program Files\Common Files
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 19:20 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-06-13 19:19 --------- d-----w C:\Program Files\SlySoft
    2008-06-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-06-08 16:25 --------- d-----w C:\Program Files\DivX
    2008-06-07 15:47 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-07 15:44 --------- d-----w C:\Documents and Settings\Claude\Application Data\InterTrust
    2008-05-31 16:19 --------- d-----w C:\Program Files\Blitzkrieg Rolling Thunder
    2008-05-31 16:08 --------- d-----w C:\Program Files\Blitzkrieg Burning Horizon
    2008-05-29 16:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\TaoUSign
    2008-05-25 16:42 --------- d-----w C:\Program Files\LimeWire
    2002-03-25 15:33 42,496 -c----w C:\Program Files\whatsnew.doc
    2002-02-08 12:16 147,456 -c----w C:\Program Files\hpmmKbd.ex_
    2002-02-08 12:09 147,456 -c----w C:\Program Files\hphlpkbd.ex_
    2002-02-04 15:20 6,672 -c----w C:\Program Files\HPExtKbd.inf
    2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmsgled.dl_
    2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmapild.dl_
    2001-03-28 11:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
    2000-06-29 08:05 442,368 -c----w C:\Program Files\hpkbdext.dl_
    2000-02-23 17:31 3,961 -c----w C:\Program Files\hpkbduni.dat
    1999-09-29 07:40 15,924 -c----w C:\Program Files\hpmmkbd.sy_
    1999-06-09 12:22 10,169 -c----w C:\Program Files\hpkbdko.hl_
    1999-06-09 12:01 10,038 -c----w C:\Program Files\hpkbdja.hl_
    1999-06-09 11:42 9,874 -c----w C:\Program Files\hpkbdta.hl_
    1999-06-09 11:22 9,946 -c----w C:\Program Files\hpkbdsw.hl_
    1999-06-09 11:21 10,645 -c----w C:\Program Files\hpkbdru.hl_
    1999-06-09 11:21 10,172 -c----w C:\Program Files\hpkbdpo.hl_
    1999-06-09 11:21 10,137 -c----w C:\Program Files\hpkbdsp.hl_
    1999-06-09 11:11 10,269 -c----w C:\Program Files\hpkbdge.hl_
    1999-06-09 11:11 10,184 -c----w C:\Program Files\hpkbdit.hl_
    1999-06-09 11:11 10,012 -c----w C:\Program Files\hpkbdno.hl_
    1999-06-09 11:06 10,210 -c----w C:\Program Files\hpkbdfr.hl_
    1999-06-09 11:05 10,131 -c----w C:\Program Files\hpkbddu.hl_
    1999-06-09 11:05 10,097 -c----w C:\Program Files\hpkbdfi.hl_
    1999-06-09 11:05 10,000 -c----w C:\Program Files\hpkbden.hl_
    1999-06-09 10:57 10,316 -c----w C:\Program Files\hpkbdch.hl_
    1999-06-09 10:46 9,904 -c----w C:\Program Files\hpkbdda.hl_
    2005-05-29 19:53 56 -csh--r C:\WINDOWS\system32\6B585B661A.sys
    2005-06-21 06:01 56 -csh--r C:\WINDOWS\system32\B2AE98CBE1.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 18:48 579584]
    "phc700"="C:\WINDOWS\vphc700.exe" [2005-02-14 16:26 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:20 219136]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "NT Printing Services"="ftps.exe" [2009-07-16 19:10 52224 C:\WINDOWS\system32\ftps.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.g723"= g723.acm
    "vidc.xvid"= xvid.dll
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\Game.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Blitzkrieg Rolling Thunder\\Run\\game.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule_TCP
    "4672:UDP"= 4672:UDP:emule_UDP
    "10742:TCP"= 10742:TCP:limewire_TCP
    "10742:UDP"= 10742:UDP:limewire_UDP

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{795a3294-3b05-11dd-98c6-000c6effb399}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2009-07-16 17:10:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6085727B-26DE-4166-A0BD-C2DAF19C9494}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-a4a8f8c2 - C:\WINDOWS\system32\hnykypud.dll
    HKLM-Run-BMa79bcb5e - C:\WINDOWS\system32\gbukhujv.dll
    HKLM-Run-adiras - adiras.exe
    Notify-WgaLogon - (no file)

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O17 -: HKLM\CCS\Interface\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
    C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-22 21:27:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\sysocmgr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-22 21:32:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-22 19:32:39

    Pre-Run: 34,457,382,912 octets libres
    Post-Run: 34,416,386,048 octets libres

    228 --- E O F --- 2008-07-18 16:59:26

    et voila a +
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    # Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Fix Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ++
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Voici le rapport
      VundoFix V7.0.6

      Scan started at 21:49:35 22/07/2008

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V7.0.6

      Scan started at 22:12:10 22/07/2008

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      Cela voudrais ire qu'il n'y a plus rien>> le scan a indique qu'il n'y avait pas d'infection >>aucun dossier je n'ai supprimé et le pc ne s'est pas éteint !!je vais le rédemarrer tout de meme>>

      * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
      cecine s'est pas produit
      * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

      A++

      Winny et merci pour tout
      Qui peux le + peux le -
       
      0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok

    télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
    * Installez le programme sur le bureau :
    o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
    * Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
    * Démarrez en mode sans échec
    * Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
    * Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
    * Un rapport sera généré, enregistrez le de manière à le retrouver

    ==> poste le stp !

    ++
    0
  9. Winny70 Messages postés 63 Statut Membre
     
    Malwarebytes' Anti-Malware 1.22
    Version de la base de données: 979
    Windows 5.1.2600 Service Pack 2

    23:48:07 22/07/2008
    mbam-log-7-22-2008 (23-48-07).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 85690
    Temps écoulé: 48 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\gbukhujv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hnykypud.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfEXopm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mxfgfihs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\oljrjkby.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pbrgbdcw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291877.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291879.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291881.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{950123C4-56DC-40E5-B984-5889864CC304}\RP774\A0291883.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMa79bcb5e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMa79bcb5e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    et voila apres 46 mn
    je ne sais pas si je vais attendre la reponse se soir je recommence a 5 h ce matin
    aussi je vous donne le bonsoir en attente de vos nouvelles demain
    a ++
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Je suis encore là, la suite demain :-)

    @+
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      a demain
      Winny
      0
    2. Winny70 Messages postés 63 Statut Membre
       
      hello
      Green Day es tu la?
      je suis de retour
      tu penses quoi de mon log Malwaresbytes ??
      0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    oui, vu, poste un nouveau hijack stp

    ++
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Salut
      en mode sans echec ou normal
      0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Mode normal stp !

    ++
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:55:41, on 23/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\vphc700.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\spupdsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spnpinst.exe
      C:\WINDOWS\system32\Sysocmgr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: LF3_BHO Class - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: TrayMin.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6a34920cb09b87ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      0
  13. Winny70 Messages postés 63 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:55:41, on 23/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\vphc700.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: LF3_BHO Class - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TrayMin.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6a34920cb09b87ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    un fix est un petit programme qui s'occupe de supprimer une bébétte spécifique !

    comment évolue la situation de ton coté ?

    ++
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Hi
      et la d'apres le rapport que vois tu ?
      est que je dois appuyer sur la touche fix maintenant
      je n'ai pas refermer hitjackies
      0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    pour le moment, il n'y a rien à fixer !

    poste un nouveau rapport combo stp

    ++
    0
  16. Winny70 Messages postés 63 Statut Membre
     
    Et voila
    ComboFix 08-07-21.2 - Claude 2008-07-23 19:25:57.2 - NTFSx86
    Endroit: C:\Documents and Settings\Claude\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ciadvs.exe
    C:\WINDOWS\system32\ciadvss.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
    .

    2009-07-16 19:10 . 2004-08-30 21:00 1,069,056 --a------ C:\WINDOWS\system32\gpedits.exe
    2009-07-16 19:10 . 2009-07-16 19:10 52,224 --a------ C:\WINDOWS\system32\ftps.exe
    2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdskss.exe
    2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdsks.exe
    2009-07-16 19:10 . 2008-07-23 19:29 97 --a------ C:\WINDOWS\system32\Monitored3.dat
    2008-07-22 21:49 . 2008-07-22 21:49 <REP> d-------- C:\VundoFix Backups
    2008-07-22 20:30 . 2008-07-22 20:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-20 19:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-17 21:28 . 2008-07-17 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-17 20:24 . 2008-07-21 21:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\Claude\Application Data\Malwarebytes
    2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-17 20:24 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\shel
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\ind
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\circ
    2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\BP3
    2008-07-17 19:04 . 2008-07-17 19:04 242,636 --a------ C:\temp\lsenpR3.exe
    2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\WINDOWS\system32\aumsDK18
    2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\temp\zpv201
    2008-07-17 19:03 . 2008-07-17 19:03 77 --a------ C:\Documents and Settings\Claude\2026.bat
    2008-07-16 19:10 . 2009-07-16 19:23 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-07-16 19:09 . 2008-07-22 21:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-16 04:49 . 2008-07-16 04:49 32,768 --a------ C:\WINDOWS\system32\aumsDK18\aumsDK182328.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-20 17:22 --------- d-----w C:\Program Files\eMule
    2008-07-20 17:08 --------- d-----w C:\Program Files\Yahoo!
    2008-07-19 17:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\LimeWire
    2008-07-19 11:10 --------- d-----w C:\Documents and Settings\Claude\Application Data\AVG7
    2008-07-17 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-17 20:02 --------- d-----w C:\Program Files\QuickTime
    2008-07-17 20:00 --------- d-----w C:\Documents and Settings\Claude\Application Data\Skype
    2008-07-17 19:28 --------- d-----w C:\Program Files\Lavasoft
    2008-07-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-12 07:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-12 06:39 --------- d-----w C:\Program Files\Java
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 19:26 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-06-19 05:37 --------- d-----w C:\Documents and Settings\Claude\Application Data\U3
    2008-06-18 19:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-18 19:25 --------- d-----w C:\Documents and Settings\Claude\Application Data\AdobeUM
    2008-06-18 19:19 --------- d-----w C:\Program Files\Sony
    2008-06-18 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-18 18:58 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
    2008-06-18 18:55 --------- d-----w C:\Program Files\Common Files
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 19:20 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-06-13 19:19 --------- d-----w C:\Program Files\SlySoft
    2008-06-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-06-08 16:25 --------- d-----w C:\Program Files\DivX
    2008-06-07 15:47 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-07 15:44 --------- d-----w C:\Documents and Settings\Claude\Application Data\InterTrust
    2008-05-31 16:19 --------- d-----w C:\Program Files\Blitzkrieg Rolling Thunder
    2008-05-31 16:08 --------- d-----w C:\Program Files\Blitzkrieg Burning Horizon
    2008-05-31 16:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-29 16:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\TaoUSign
    2008-05-25 16:42 --------- d-----w C:\Program Files\LimeWire
    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2002-03-25 15:33 42,496 -c----w C:\Program Files\whatsnew.doc
    2002-02-08 12:16 147,456 -c----w C:\Program Files\hpmmKbd.ex_
    2002-02-08 12:09 147,456 -c----w C:\Program Files\hphlpkbd.ex_
    2002-02-04 15:20 6,672 -c----w C:\Program Files\HPExtKbd.inf
    2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmsgled.dl_
    2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmapild.dl_
    2001-03-28 11:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
    2000-06-29 08:05 442,368 -c----w C:\Program Files\hpkbdext.dl_
    2000-02-23 17:31 3,961 -c----w C:\Program Files\hpkbduni.dat
    1999-09-29 07:40 15,924 -c----w C:\Program Files\hpmmkbd.sy_
    1999-06-09 12:22 10,169 -c----w C:\Program Files\hpkbdko.hl_
    1999-06-09 12:01 10,038 -c----w C:\Program Files\hpkbdja.hl_
    1999-06-09 11:42 9,874 -c----w C:\Program Files\hpkbdta.hl_
    1999-06-09 11:22 9,946 -c----w C:\Program Files\hpkbdsw.hl_
    1999-06-09 11:21 10,645 -c----w C:\Program Files\hpkbdru.hl_
    1999-06-09 11:21 10,172 -c----w C:\Program Files\hpkbdpo.hl_
    1999-06-09 11:21 10,137 -c----w C:\Program Files\hpkbdsp.hl_
    1999-06-09 11:11 10,269 -c----w C:\Program Files\hpkbdge.hl_
    1999-06-09 11:11 10,184 -c----w C:\Program Files\hpkbdit.hl_
    1999-06-09 11:11 10,012 -c----w C:\Program Files\hpkbdno.hl_
    1999-06-09 11:06 10,210 -c----w C:\Program Files\hpkbdfr.hl_
    1999-06-09 11:05 10,131 -c----w C:\Program Files\hpkbddu.hl_
    1999-06-09 11:05 10,097 -c----w C:\Program Files\hpkbdfi.hl_
    1999-06-09 11:05 10,000 -c----w C:\Program Files\hpkbden.hl_
    1999-06-09 10:57 10,316 -c----w C:\Program Files\hpkbdch.hl_
    1999-06-09 10:46 9,904 -c----w C:\Program Files\hpkbdda.hl_
    2005-05-29 19:53 56 -csh--r C:\WINDOWS\system32\6B585B661A.sys
    2005-06-21 06:01 56 -csh--r C:\WINDOWS\system32\B2AE98CBE1.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-22_21.32.26.02 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-22 18:25:24 9,564 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{055F45AF-6854-44AF-BC55-A3F95313DA9A}.bin
    + 2008-07-22 18:25:24 10,204 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{055F45AF-6854-44AF-BC55-A3F95313DA9A}.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 18:48 579584]
    "phc700"="C:\WINDOWS\vphc700.exe" [2005-02-14 16:26 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:20 219136]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "NT Printing Services"="ftps.exe" [2009-07-16 19:10 52224 C:\WINDOWS\system32\ftps.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.g723"= g723.acm
    "vidc.xvid"= xvid.dll
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\Game.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Blitzkrieg Rolling Thunder\\Run\\game.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule_TCP
    "4672:UDP"= 4672:UDP:emule_UDP
    "10742:TCP"= 10742:TCP:limewire_TCP
    "10742:UDP"= 10742:UDP:limewire_UDP

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{795a3294-3b05-11dd-98c6-000c6effb399}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2009-07-16 17:10:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6085727B-26DE-4166-A0BD-C2DAF19C9494}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O17 -: HKLM\CCS\Interface\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
    C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-23 19:28:37
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-23 19:31:09
    ComboFix-quarantined-files.txt 2008-07-23 17:30:53
    ComboFix2.txt 2008-07-22 19:32:44

    Pre-Run: 34,415,124,480 octets libres
    Post-Run: 34,411,016,192 octets libres

    211 --- E O F --- 2008-07-18 16:59:26

    Voila le résultat
    0
  17. Winny70 Messages postés 63 Statut Membre
     
    Personnes pour me repondre
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    de retour ! :)

    les choses s'améliorent, mais il reste quelques saletés ...

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    @+
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      hi
      Salut je suis de retour mais j'ai un probleme dans SDFIX
      je ne trouve pas run this .cmd
      a l'aide --
      Winny et merci pour tout
      Qui peux le + peux le -
       
      0
  19. Winny70 Messages postés 63 Statut Membre
     
    Et voici mes 2 logs
    sdfix

    [b]SDFix: Version 1.208 [/b]
    Run by Claude on 24/07/2008 at 19:48

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\PROGRA~1\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-24 19:53:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
    "C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\Game.exe"="C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\Game.exe:*:Enabled:Game"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe"="C:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe:*:Enabled:MioTransfer"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Blitzkrieg Rolling Thunder\\Run\\game.exe"="C:\\Program Files\\Blitzkrieg Rolling Thunder\\Run\\game.exe:*:Enabled:Game"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Fri 13 Jun 2008 24 ..SH. --- "C:\WINDOWS\S2E59A3AB.tmp"
    Sun 29 May 2005 56 ..SHR --- "C:\WINDOWS\system32\6B585B661A.sys"
    Tue 21 Jun 2005 56 ..SHR --- "C:\WINDOWS\system32\B2AE98CBE1.sys"
    Mon 1 Nov 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 2 Oct 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
    Sat 2 Oct 2004 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
    Sat 2 Oct 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
    Mon 7 Apr 2008 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
    Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
    Sat 30 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 26 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 5 May 2003 348,160 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\AACMP4.EXE"
    Thu 7 Feb 2002 94,208 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpaccodec.dll"
    Fri 2 Feb 2001 40,960 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\lpac_codec_api.dll"
    Wed 16 Apr 2003 200,704 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\OFR.EXE"
    Fri 17 Jan 2003 278,528 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PNCRT.dll"
    Mon 5 May 2003 16,384 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\RMADEC.EXE"
    Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"
    Thu 16 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2E.tmp"
    Fri 11 Apr 2003 73,766 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\atrc3260.dll"
    Fri 11 Apr 2003 45,099 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\auth3260.dll"
    Fri 11 Apr 2003 65,575 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\cook3260.dll"
    Fri 11 Apr 2003 102,437 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\drv13260.dll"
    Fri 11 Apr 2003 176,165 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\drv23260.dll"
    Fri 11 Apr 2003 208,935 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\drv33260.dll"
    Fri 11 Apr 2003 217,127 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\drv43260.dll"
    Wed 16 Apr 2003 976,896 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\pnen3260.dll"
    Fri 11 Apr 2003 348,203 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\pnvi3260.dll"
    Fri 11 Apr 2003 53,289 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\pnxr3260.dll"
    Fri 11 Apr 2003 45,101 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\ramf3260.dll"
    Fri 11 Apr 2003 135,213 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rare3260.dll"
    Mon 14 Oct 2002 57,344 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rims3290.dll"
    Fri 11 Apr 2003 163,885 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rmff3260.dll"
    Mon 14 Oct 2002 737,280 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rmse3290.dll"
    Mon 14 Oct 2002 245,760 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rmwr3260.dll"
    Fri 11 Apr 2003 245,805 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rnlt3260.dll"
    Mon 14 Oct 2002 245,760 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rorw3290.dll"
    Mon 14 Oct 2002 114,688 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rtae3290.dll"
    Mon 14 Oct 2002 65,536 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rtin3290.dll"
    Mon 14 Oct 2002 163,840 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rtve3290.dll"
    Fri 11 Apr 2003 45,093 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rv103260.dll"
    Fri 11 Apr 2003 98,341 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rv203260.dll"
    Fri 11 Apr 2003 94,247 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rv303260.dll"
    Fri 11 Apr 2003 90,151 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rv403260.dll"
    Fri 11 Apr 2003 159,785 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\rvre3260.dll"
    Mon 14 Oct 2002 102,400 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\sipr3260.dll"
    Fri 11 Apr 2003 61,485 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\smpl3260.dll"
    Fri 11 Apr 2003 106,541 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\vsrl3260.dll"
    Fri 11 Apr 2003 86,061 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\xmlp3261.dll"
    Fri 11 Apr 2003 159,787 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Common\zipf3260.dll"
    Sun 23 Feb 2003 64,512 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPDEC.EXE"
    Sat 26 Oct 2002 79,360 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\MusePack\MPPENC.EXE"
    Mon 4 Mar 2002 352,299 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACENC.EXE"
    Mon 5 May 2003 348,160 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\AACMP4.EXE"
    Mon 4 Mar 2002 221,184 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\FASTENC.EXE"
    Thu 6 Sep 2001 688,128 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\PsyTEL\IA32MATH.DLL"
    Fri 14 Feb 2003 910,152 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\CYGWIN1.DLL"
    Sun 20 Apr 2003 60,928 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Shorten\SHORTEN.EXE"
    Sun 23 Mar 2003 120,832 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXDEC.EXE"
    Sun 23 Mar 2003 122,880 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\Speex\SPEEXENC.EXE"
    Tue 18 Feb 2003 103,936 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WAVPACK.EXE"
    Tue 18 Feb 2003 102,912 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\WavPack\WVUNPACK.EXE"

    [b]Finished![/b]

    et hitjacki

    --Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:14, on 24/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\vphc700.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: LF3_BHO Class - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TrayMin.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6a34920cb09b87ed.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C2EE-1343-45FB-B63F-B3A189F55F9A}: NameServer = 192.168.1.1
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :



    File::

    C:\WINDOWS\system32\shel
    C:\WINDOWS\system32\ind
    C:\WINDOWS\system32\circ
    C:\WINDOWS\system32\BP3
    C:\temp\lsenpR3.exe
    C:\WINDOWS\system32\aumsDK18
    C:\temp\zpv201
    C:\Documents and Settings\Claude\2026.bat
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\aumsDK18\aumsDK18­2328.exe


    ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
    http://img.bleepingcomputer.com/combofix/usage/rc.gif

    Dans la fenêtre qui suit, choisie l'option 1 puis valide
    Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
    A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

    @+
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Hi
      quand je glisse le fichier texte sur combofix
      le programme demande si je veux l'executer > c normal??
      --et je n'est pas option qui s'affiche !!
      Winny et merci pour tout
      Qui peux le + peux le -
       
      0
  21. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    oui normal !

    ++
    0
    1. Winny70 Messages postés 63 Statut Membre
       
      Alors le voila ComboFix 08-07-21.2 - Claude 2008-07-24 21:10:36.3 - NTFSx86
      Endroit: C:\Documents and Settings\Claude\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Claude\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Documents and Settings\Claude\2026.bat
      C:\temp\lsenpR3.exe
      C:\temp\zpv201
      C:\WINDOWS\system32\aumsDK18
      C:\WINDOWS\system32\aumsDK18\aumsDK18­2328.exe
      C:\WINDOWS\system32\BP3
      C:\WINDOWS\system32\circ
      C:\WINDOWS\system32\ind
      C:\WINDOWS\system32\rar.exe
      C:\WINDOWS\system32\shel
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Claude\2026.bat
      C:\temp\lsenpR3.exe
      C:\WINDOWS\system32\rar.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
      .

      2009-07-16 19:10 . 2004-08-30 21:00 1,069,056 --a------ C:\WINDOWS\system32\gpedits.exe
      2009-07-16 19:10 . 2009-07-16 19:10 52,224 --a------ C:\WINDOWS\system32\ftps.exe
      2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdskss.exe
      2009-07-16 19:10 . 2009-07-16 19:10 7,680 --a------ C:\WINDOWS\system32\chkdsks.exe
      2009-07-16 19:10 . 2008-07-24 19:33 157 --a------ C:\WINDOWS\system32\Monitored3.dat
      2008-07-24 19:44 . 2008-07-24 19:45 <REP> d-------- C:\WINDOWS\ERUNT
      2008-07-24 19:18 . 2008-07-24 19:56 <REP> d-------- C:\Program Files\SDFix
      2008-07-24 19:14 . 2008-07-24 01:27 <REP> d-------- C:\SDFix
      2008-07-23 20:55 . 2008-07-23 20:57 <REP> d-------- C:\Program Files\SpywareBlaster
      2008-07-22 21:49 . 2008-07-22 21:49 <REP> d-------- C:\VundoFix Backups
      2008-07-22 20:30 . 2008-07-22 20:30 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-20 19:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-07-17 21:28 . 2008-07-17 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-07-17 20:24 . 2008-07-21 21:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\Claude\Application Data\Malwarebytes
      2008-07-17 20:24 . 2008-07-17 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-17 20:24 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\shel
      2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\ind
      2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\circ
      2008-07-17 19:04 . 2008-07-17 19:04 <REP> d-------- C:\WINDOWS\system32\BP3
      2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\WINDOWS\system32\aumsDK18
      2008-07-17 19:03 . 2008-07-17 19:03 <REP> d-------- C:\temp\zpv201
      2008-07-16 19:09 . 2008-07-22 21:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-16 04:49 . 2008-07-16 04:49 32,768 --a------ C:\WINDOWS\system32\aumsDK18\aumsDK182328.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-20 17:22 --------- d-----w C:\Program Files\eMule
      2008-07-20 17:08 --------- d-----w C:\Program Files\Yahoo!
      2008-07-19 17:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\LimeWire
      2008-07-19 11:10 --------- d-----w C:\Documents and Settings\Claude\Application Data\AVG7
      2008-07-17 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-07-17 20:02 --------- d-----w C:\Program Files\QuickTime
      2008-07-17 20:00 --------- d-----w C:\Documents and Settings\Claude\Application Data\Skype
      2008-07-17 19:28 --------- d-----w C:\Program Files\Lavasoft
      2008-07-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-07-12 07:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-07-12 06:39 --------- d-----w C:\Program Files\Java
      2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
      2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2008-06-19 19:26 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-06-19 05:37 --------- d-----w C:\Documents and Settings\Claude\Application Data\U3
      2008-06-18 19:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-06-18 19:25 --------- d-----w C:\Documents and Settings\Claude\Application Data\AdobeUM
      2008-06-18 19:19 --------- d-----w C:\Program Files\Sony
      2008-06-18 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-06-18 18:58 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
      2008-06-18 18:55 --------- d-----w C:\Program Files\Common Files
      2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-13 19:20 --------- d-----w C:\Program Files\Elaborate Bytes
      2008-06-13 19:19 --------- d-----w C:\Program Files\SlySoft
      2008-06-13 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
      2008-06-08 16:25 --------- d-----w C:\Program Files\DivX
      2008-06-07 15:47 --------- d-----w C:\Program Files\ATI Technologies
      2008-06-07 15:44 --------- d-----w C:\Documents and Settings\Claude\Application Data\InterTrust
      2008-05-31 16:19 --------- d-----w C:\Program Files\Blitzkrieg Rolling Thunder
      2008-05-31 16:08 --------- d-----w C:\Program Files\Blitzkrieg Burning Horizon
      2008-05-31 16:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
      2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-05-29 16:15 --------- d-----w C:\Documents and Settings\Claude\Application Data\TaoUSign
      2008-05-25 16:42 --------- d-----w C:\Program Files\LimeWire
      2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2002-03-25 15:33 42,496 -c----w C:\Program Files\whatsnew.doc
      2002-02-08 12:16 147,456 -c----w C:\Program Files\hpmmKbd.ex_
      2002-02-08 12:09 147,456 -c----w C:\Program Files\hphlpkbd.ex_
      2002-02-04 15:20 6,672 -c----w C:\Program Files\HPExtKbd.inf
      2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmsgled.dl_
      2002-02-04 14:49 49,152 -c----w C:\Program Files\hpmapild.dl_
      2001-03-28 11:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
      2000-06-29 08:05 442,368 -c----w C:\Program Files\hpkbdext.dl_
      2000-02-23 17:31 3,961 -c----w C:\Program Files\hpkbduni.dat
      1999-09-29 07:40 15,924 -c----w C:\Program Files\hpmmkbd.sy_
      1999-06-09 12:22 10,169 -c----w C:\Program Files\hpkbdko.hl_
      1999-06-09 12:01 10,038 -c----w C:\Program Files\hpkbdja.hl_
      1999-06-09 11:42 9,874 -c----w C:\Program Files\hpkbdta.hl_
      1999-06-09 11:22 9,946 -c----w C:\Program Files\hpkbdsw.hl_
      1999-06-09 11:21 10,645 -c----w C:\Program Files\hpkbdru.hl_
      1999-06-09 11:21 10,172 -c----w C:\Program Files\hpkbdpo.hl_
      1999-06-09 11:21 10,137 -c----w C:\Program Files\hpkbdsp.hl_
      1999-06-09 11:11 10,269 -c----w C:\Program Files\hpkbdge.hl_
      1999-06-09 11:11 10,184 -c----w C:\Program Files\hpkbdit.hl_
      1999-06-09 11:11 10,012 -c----w C:\Program Files\hpkbdno.hl_
      1999-06-09 11:06 10,210 -c----w C:\Program Files\hpkbdfr.hl_
      1999-06-09 11:05 10,131 -c----w C:\Program Files\hpkbddu.hl_
      1999-06-09 11:05 10,097 -c----w C:\Program Files\hpkbdfi.hl_
      1999-06-09 11:05 10,000 -c----w C:\Program Files\hpkbden.hl_
      1999-06-09 10:57 10,316 -c----w C:\Program Files\hpkbdch.hl_
      1999-06-09 10:46 9,904 -c----w C:\Program Files\hpkbdda.hl_
      2005-05-29 19:53 56 -csh--r C:\WINDOWS\system32\6B585B661A.sys
      2005-06-21 06:01 56 -csh--r C:\WINDOWS\system32\B2AE98CBE1.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 18:48 579584]
      "phc700"="C:\WINDOWS\vphc700.exe" [2005-02-14 16:26 339968]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:20 219136]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.g723"= g723.acm
      "vidc.xvid"= xvid.dll
      "VIDC.ACDV"= ACDV.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
      "C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\Game.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\system32\\svchost.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
      "C:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Blitzkrieg Rolling Thunder\\Run\\game.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule_TCP
      "4672:UDP"= 4672:UDP:emule_UDP
      "10742:TCP"= 10742:TCP:limewire_TCP
      "10742:UDP"= 10742:UDP:limewire_UDP

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
      \Shell\AutoRun\command - G:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{795a3294-3b05-11dd-98c6-000c6effb399}]
      \Shell\AutoRun\command - G:\LaunchU3.exe -a
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2009-07-16 17:10:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6085727B-26DE-4166-A0BD-C2DAF19C9494}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-24 21:12:59
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-24 21:15:39
      ComboFix-quarantined-files.txt 2008-07-24 19:15:22
      ComboFix2.txt 2008-07-23 17:31:10
      ComboFix3.txt 2008-07-22 19:32:44

      Pre-Run: 34,269,966,336 octets libres
      Post-Run: 34,277,486,592 octets libres

      207 --- E O F --- 2008-07-18 16:59:26

      0
  • 1
  • 2