Quelq'un pour analyser mon rapport HijackThis

Spider88 Messages postés 8 Date d'inscription   Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
j'aimerais trouver quelqu'un qui ci connait avec le logiciel Hijackthis pour analyser mon rapport, en effet je crois qu'il doit être infecté, malgré mes différents scan anti virus. Les gens qui veulent bien m'aider, écrivez sur ce forum, et j'y mettrais mon rapport Hijackhis, merci d'avance.
Configuration: Windows XP
Internet Explorer 6.0

26 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Tu peux le poster.
    0
  2. Spider88 Messages postés 8 Date d'inscription   Statut Membre
     
    Voila mon rapport, merci de me dire si quelque chose cloche :)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:16:42, on 04/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\DAP\DAP.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Mes documents\My Completed Downloads\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [BMabae40fa] Rundll32.exe "C:\WINDOWS\system32\odmukxsu.dll",s
    O4 - HKLM\..\Run: [a89d7366] rundll32.exe "C:\WINDOWS\system32\rukqprkw.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDF4547-9240-4F63-A101-54EBE09CD871}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: qsfeie.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    O4 - HKLM\..\Run: [BMabae40fa] Rundll32.exe "C:\WINDOWS\system32\odmukxsu.dll",s
    O4 - HKLM\..\Run: [a89d7366] rundll32.exe "C:\WINDOWS\system32\rukqprkw.dll",b

    ---> Infection Vundo/Virtumonde.

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  4. Spider88 Messages postés 8 Date d'inscription   Statut Membre
     
    Ok merci beaucoup, je vais faire ça :) et je poste le rapport en suite.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok.
    0
  7. Spider88 Messages postés 8 Date d'inscription   Statut Membre
     
    Je n'arrive pas à installer combofix, quand je veux le télécharger, j'ai trois fenètres qui s'ouvre avec ceci de marqué :

    rundll32.exe - erreur d'application
    L'application n'a pas réussi à s'initialiser correctement (0xc0000005).

    cmd.exe - erreur d'application
    L'application n'a pas réussi à s'initialiser correctement (0xc0000005).

    find.exe - erreur d'application
    L'application n'a pas réussi à s'initialiser correctement (0xc0000005).
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu n'arrives pas à le télécharger ou à l'installer ?
    0
  9. spider88
     
    euh oui excusez moi je n'arrive pas à " l'installer " lol. le fichier d'installation est sur mon bureau, un tigre blanc sur fond rouge.
    0
  10. Spider88
     
    Sa ne marche pas non plus en mode sans echec, les trois meme fenetres s'ouvrent...
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  12. Spider88
     
    Bonjour voila mon rapport malwarebytes'

    malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1024
    Windows 5.1.2600 Service Pack 2

    11:11:48 05/08/2008
    mbam-log-8-5-2008 (11-11-48).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 196391
    Temps écoulé: 2 hour(s), 22 minute(s), 32 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 15
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 33

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\hgGxWnLC.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\qsfeie.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\fccyaYqo.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7083e573-553c-465b-953a-461647047e62} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7083e573-553c-465b-953a-461647047e62} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd357b7b-a6d9-4391-9137-5a6e8f7619a5} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{dd357b7b-a6d9-4391-9137-5a6e8f7619a5} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxwnlc -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxwnlc -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\qsfeie.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\hgGxWnLC.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\CLnWxGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CLnWxGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccyaYqo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\jojo !\Local Settings\Temp\ginstall.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\afmrbt.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\evpyhslu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\fccyaYqo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\fqkajtdh.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\hgGvuTLd.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\jkkHWMEX.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\kaawgtjg.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\odmukxsu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\oplfilhk.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\opqllb.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\qsfeie.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\reiashjo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\rmursc.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\rukqprkw.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\tuvvVPfF.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\uvwgfnla.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\vtUmJAtR.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\wvUnLfFV.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\ymprhpvv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\yvsttqoh.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMabae40fa.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMabae40fa.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcgtqj0er0l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\Explorer.dmp (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  13. Spider88
     
    Voila mon rapport COMBOFIX :

    ComboFix 08-08-03.05 - Compaq_Propriétaire 2008-08-05 13:03:11.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.117 [GMT 2:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Program Files\Fichiers communs\{A89D7~1
    C:\WINDOWS\BMabae40fa.txt
    C:\WINDOWS\BMabae40fa.xml
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\gkasegnd.ini
    C:\WINDOWS\system32\gocrnyqc.dll
    C:\WINDOWS\system32\kppcoygp.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mmffbetq.ini
    C:\WINDOWS\system32\obkcittp.dll
    C:\WINDOWS\system32\pgyocppk.ini
    C:\WINDOWS\system32\wclfyu.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-05 10:10 . 2008-08-05 10:10 2,048 --a--c--- C:\WINDOWS\system32\ctkwpxjn.exe
    2008-08-04 19:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-04 19:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-04 19:39 . 2008-08-04 19:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-04 19:39 . 2008-08-04 19:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-04 19:30 . 2008-08-05 11:11 <REP> d----c--- C:\VundoFix Backups
    2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\WINDOWS
    2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage r‚seau
    2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage d'impression
    2008-08-03 18:09 . 2008-05-18 23:58 <REP> d----c--- C:\Documents and Settings\spider88\ModŠles
    2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Mes documents
    2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Menu D‚marrer
    2008-08-03 18:09 . 2008-05-18 16:15 <REP> d----c--- C:\Documents and Settings\spider88\Favoris
    2008-08-03 18:09 . 2005-01-01 23:15 <REP> d----c--- C:\Documents and Settings\spider88\Bureau
    2008-08-03 18:09 . 2005-01-01 23:30 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Symantec
    2008-08-03 18:09 . 2005-01-01 23:23 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\SampleView
    2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Apple Computer
    2008-08-03 18:09 . 2008-08-03 18:09 <REP> d----c--- C:\Documents and Settings\spider88
    2008-08-02 21:35 . 2008-08-02 21:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-08-02 21:30 . 2008-08-02 21:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-31 21:39 . 2008-07-31 21:41 <REP> d-------- C:\Program Files\File Properties Changer
    2008-07-31 15:46 . 2008-07-31 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-31 15:46 . 2008-07-31 15:46 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-27 19:38 . 2008-07-27 19:38 <REP> d-------- C:\Program Files\VirtualDub
    2008-07-25 19:55 . 2008-07-25 19:55 <REP> d----c--- C:\chatlog
    2008-07-25 19:48 . 2008-07-25 19:57 140,885,248 --a--c--- C:\9 best1.AC3
    2008-07-25 17:32 . 2008-06-11 02:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-07-25 17:32 . 2008-06-11 02:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-07-25 17:32 . 2008-06-11 02:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-07-25 17:32 . 2008-06-11 02:07 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-07-25 17:32 . 2008-06-11 02:07 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-07-25 17:25 . 2008-07-25 17:25 0 --a--c--- C:\movie_1.avi
    2008-07-25 13:30 . 2008-07-25 13:30 268 --ah-c--- C:\sqmdata05.sqm
    2008-07-25 13:30 . 2008-07-25 13:30 244 --ah-c--- C:\sqmnoopt05.sqm
    2008-07-24 23:15 . 2008-07-25 13:45 224,040,960 --a--c--- C:\out_3.vob
    2008-07-24 23:15 . 2008-07-25 13:45 55,296 --a--c--- C:\out.ifo
    2008-07-24 23:15 . 2008-07-25 13:45 206 --a--c--- C:\out.rpk
    2008-07-24 23:15 . 2008-07-25 13:45 42 --a--c--- C:\out.lst
    2008-07-24 23:12 . 2008-07-25 13:44 1,073,741,824 --a--c--- C:\out_2.vob
    2008-07-24 23:10 . 2008-07-25 13:42 1,073,741,824 --a--c--- C:\out_1.vob
    2008-07-22 13:16 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\No1 DVD Ripper
    2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-07-20 18:51 . 2008-07-20 19:02 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb
    2008-07-20 18:51 . 2008-07-20 18:51 100,352 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb
    2008-07-20 18:45 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Super Groovy
    2008-07-20 18:44 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Picture Pyramid
    2008-07-20 18:43 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Slickball
    2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feeding Frenzy
    2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feed The Snake
    2008-07-20 18:36 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Alpha Ball
    2008-07-20 18:28 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses
    2008-07-20 18:27 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Animals of Africa
    2008-07-20 18:25 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Truffle Tray
    2008-07-20 18:15 . 2008-07-20 18:15 <REP> d-------- C:\Program Files\AIST
    2008-07-20 18:12 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\MadCaps
    2008-07-20 18:05 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Aqua Bubble
    2008-07-19 22:08 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Wippien
    2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-07-14 10:03 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL
    2008-07-14 10:00 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-07-12 11:57 . 2008-07-12 12:02 <REP> d-------- C:\Program Files\CoverPro
    2008-07-11 19:01 . 2008-07-11 19:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
    2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
    2008-07-11 19:01 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2008-07-11 19:01 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
    2008-07-11 19:00 . 2008-08-05 11:16 <REP> d-------- C:\Program Files\LogMeIn
    2008-07-11 19:00 . 2008-07-14 13:58 1,024 --a--c--- C:\.rnd
    2008-07-11 18:25 . 2008-07-11 18:27 <REP> d-------- C:\Program Files\UnderCoverXP
    2008-07-05 14:31 . 2008-08-03 18:42 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-07-05 14:31 . 2008-07-05 14:31 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 11:17 --------- d-----w C:\Program Files\eMule
    2008-08-04 21:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:29 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-02 19:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-08-01 11:18 --------- d-----w C:\Program Files\Xfire
    2008-07-25 15:33 --------- d-----w C:\Program Files\DivX
    2008-07-14 08:05 --------- d-----w C:\Program Files\AIM6
    2008-07-02 15:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-06-30 15:04 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-26 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-26 18:28 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-25 19:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-24 16:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-24 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-24 16:25 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-06-24 16:06 --------- d-----w C:\Program Files\Managed DirectX (0900)
    2008-06-24 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-24 09:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-24 09:15 --------- d-----w C:\Program Files\Microsoft Games
    2008-06-20 21:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 17:46 --------- d-----w C:\Program Files\Futuroscope Experience ADF
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:32 --------- d-----w C:\Program Files\Logitech
    2008-06-20 13:31 --------- d-----w C:\Program Files\Google
    2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-06-17 16:20 --------- d-----w C:\Program Files\Easy Internet signup
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-14 13:21 --------- d-----w C:\Program Files\Convar
    2008-06-13 12:53 --------- d-----w C:\Program Files\Morgan
    2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-06-10 12:50 --------- d-----w C:\Program Files\DAP
    2008-06-10 12:39 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
    2008-06-10 08:30 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-06-07 13:17 --------- d-----w C:\Program Files\Java
    2008-06-07 12:11 --------- d-----w C:\Program Files\VirtualDubMOD
    2008-06-06 15:19 209,636 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
    2008-06-06 15:11 --------- d-----w C:\Program Files\Rippackv3
    2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-08 01:39 16,577 ----a-w C:\Program Files\Lightroom - Bitte lesen.html
    2008-04-08 01:30 16,925 ----a-w C:\Program Files\Lightroom - Lisez-moi.html
    2008-04-08 00:11 15,628 ----a-w C:\Program Files\Lightroom Read Me.html
    2008-01-01 14:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-04-30 22:19 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
    2006-08-12 15:27 81,920 ----a-w C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
    2006-08-12 15:27 47,360 ----a-w C:\Documents and Settings\jojo !\Application Data\pcouffin.sys
    2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
    2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
    2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{F4F10C1D-87C7-404A-B4B3-000000000000}"= "C:\PROGRA~1\DAP\SBSearch.dll" [2008-06-10 14:39 32768]

    [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 15:30 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 05:05 339968]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 13:32 266497]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-01 23:10 98304]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire.SPIDER.000^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
    path=C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-06-10 14:39 3053056 C:\Program Files\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-01-01 23:10 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
    --a------ 2008-03-28 13:31 2116102 C:\Program Files\Winsos\Winsos.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\Winsos\\winsos.exe"=
    "C:\\Program Files\\TchecMeet\\Tchecmeet.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
    "C:\\Program Files\\SmartWhois\\sw.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3473:UDP"= 3473:UDP:Windows Media Format SDK (firefox.exe)
    "3472:UDP"= 3472:UDP:Windows Media Format SDK (firefox.exe)
    "57089:TCP"= 57089:TCP:Pando P2P TCP Listening Port
    "57089:UDP"= 57089:UDP:Pando P2P UDP Listening Port

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e950b0f-37d2-11dd-af31-001c10e6cea3}]
    \Shell\AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e3ce518-2a37-11dd-af27-001c10e6cea3}]
    \Shell\AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e3ce52e-2a37-11dd-af27-001c10e6cea3}]
    \Shell\AutoRun\command - explorer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4b057ab-525a-11dd-af47-001c10e6cea3}]
    \Shell\AutoRun\command - explorer.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-07-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-08-05 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-04-22 18:36]

    2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
    - C:\Program Files\Norton Security Scan\Nss.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-a89d7366 - C:\WINDOWS\system32\kppcoygp.dll
    HKLM-Run-BMabae40fa - C:\WINDOWS\system32\gocrnyqc.dll
    Notify-LMIinit - LMIinit.dll
    MSConfigStartUp-AdVantage - C:\Program Files\AdVantage\AdVantage.exe

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Mozilla\Firefox\Profiles\wbcllouu.default\

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 13:12:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\LogMeIn\x86\ramaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-05 13:26:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-05 11:26:25

    Pre-Run: 26,758,193,152 octets libres
    Post-Run: 27,986,165,760 octets libres

    314 --- E O F --- 2008-08-05 11:24:31
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
    http://www.zshare.net/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    0
  15. Spider88
     
    ComboFix 08-08-03.05 - Compaq_Propriétaire 2008-08-05 14:21:06.2 - NTFSx86
    Endroit: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\cfscript.txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\InvitÚ.MAURICE
    2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\InvitÚ
    2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_PropriÚtaire.SPIDER88
    2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_PropriÚtaire.SPIDER.000
    2008-08-05 10:10 . 2008-08-05 10:10 2,048 --a--c--- C:\WINDOWS\system32\ctkwpxjn.exe
    2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
    2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
    2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
    2008-08-04 19:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-04 19:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-04 19:39 . 2008-08-04 19:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-04 19:39 . 2008-08-04 19:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-04 19:30 . 2008-08-05 11:11 <REP> d----c--- C:\VundoFix Backups
    2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\WINDOWS
    2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage réseau
    2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage d'impression
    2008-08-03 18:09 . 2008-05-18 23:58 <REP> d----c--- C:\Documents and Settings\spider88\Modèles
    2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Mes documents
    2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Menu Démarrer
    2008-08-03 18:09 . 2008-05-18 16:15 <REP> d----c--- C:\Documents and Settings\spider88\Favoris
    2008-08-03 18:09 . 2005-01-01 23:15 <REP> d----c--- C:\Documents and Settings\spider88\Bureau
    2008-08-03 18:09 . 2005-01-01 23:30 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Symantec
    2008-08-03 18:09 . 2005-01-01 23:23 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\SampleView
    2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Apple Computer
    2008-08-03 18:09 . 2008-08-03 18:09 <REP> d----c--- C:\Documents and Settings\spider88
    2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
    2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
    2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
    2008-08-02 21:35 . 2008-08-02 21:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
    2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
    2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
    2008-08-02 21:30 . 2008-08-02 21:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-31 21:39 . 2008-07-31 21:41 <REP> d-------- C:\Program Files\File Properties Changer
    2008-07-31 15:46 . 2008-07-31 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-31 15:46 . 2008-07-31 15:46 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-27 19:38 . 2008-07-27 19:38 <REP> d-------- C:\Program Files\VirtualDub
    2008-07-25 19:55 . 2008-07-25 19:55 <REP> d----c--- C:\chatlog
    2008-07-25 19:48 . 2008-07-25 19:57 140,885,248 --a--c--- C:\9 best1.AC3
    2008-07-25 17:32 . 2008-06-11 02:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-07-25 17:32 . 2008-06-11 02:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-07-25 17:32 . 2008-06-11 02:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-07-25 17:32 . 2008-06-11 02:07 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-07-25 17:32 . 2008-06-11 02:07 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-07-25 17:25 . 2008-07-25 17:25 0 --a--c--- C:\movie_1.avi
    2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
    2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
    2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
    2008-07-25 13:30 . 2008-07-25 13:30 268 --ah-c--- C:\sqmdata05.sqm
    2008-07-25 13:30 . 2008-07-25 13:30 244 --ah-c--- C:\sqmnoopt05.sqm
    2008-07-24 23:15 . 2008-07-25 13:45 224,040,960 --a--c--- C:\out_3.vob
    2008-07-24 23:15 . 2008-07-25 13:45 55,296 --a--c--- C:\out.ifo
    2008-07-24 23:15 . 2008-07-25 13:45 206 --a--c--- C:\out.rpk
    2008-07-24 23:15 . 2008-07-25 13:45 42 --a--c--- C:\out.lst
    2008-07-24 23:12 . 2008-07-25 13:44 1,073,741,824 --a--c--- C:\out_2.vob
    2008-07-24 23:10 . 2008-07-25 13:42 1,073,741,824 --a--c--- C:\out_1.vob
    2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
    2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
    2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
    2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
    2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
    2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
    2008-07-22 13:16 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\No1 DVD Ripper
    2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-07-20 18:51 . 2008-07-20 19:02 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb
    2008-07-20 18:51 . 2008-07-20 18:51 100,352 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb
    2008-07-20 18:45 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Super Groovy
    2008-07-20 18:44 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Picture Pyramid
    2008-07-20 18:43 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Slickball
    2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feeding Frenzy
    2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feed The Snake
    2008-07-20 18:36 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Alpha Ball
    2008-07-20 18:28 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses
    2008-07-20 18:27 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Animals of Africa
    2008-07-20 18:25 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Truffle Tray
    2008-07-20 18:15 . 2008-07-20 18:15 <REP> d-------- C:\Program Files\AIST
    2008-07-20 18:12 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\MadCaps
    2008-07-20 18:05 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Aqua Bubble
    2008-07-19 22:08 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Wippien
    2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
    2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
    2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
    2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
    2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
    2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
    2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-07-14 10:03 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL
    2008-07-14 10:00 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-07-12 11:57 . 2008-07-12 12:02 <REP> d-------- C:\Program Files\CoverPro
    2008-07-11 19:01 . 2008-07-11 19:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
    2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
    2008-07-11 19:01 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2008-07-11 19:01 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
    2008-07-11 19:00 . 2008-08-05 11:16 <REP> d-------- C:\Program Files\LogMeIn
    2008-07-11 19:00 . 2008-07-14 13:58 1,024 --a--c--- C:\.rnd
    2008-07-11 18:25 . 2008-07-11 18:27 <REP> d-------- C:\Program Files\UnderCoverXP
    2008-07-05 14:31 . 2008-08-03 18:42 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-07-05 14:31 . 2008-07-05 14:31 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
    2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
    2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
    2008-08-05 11:43 --------- d-----w C:\Program Files\eMule
    2008-08-04 21:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
    2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
    2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
    2008-08-04 17:29 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-02 19:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-08-01 11:18 --------- d-----w C:\Program Files\Xfire
    2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
    2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
    2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
    2008-07-25 15:33 --------- d-----w C:\Program Files\DivX
    2008-07-14 08:05 --------- d-----w C:\Program Files\AIM6
    2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
    2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
    2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
    2008-07-02 15:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
    2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
    2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
    2008-06-30 15:04 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-26 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-26 18:28 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-25 19:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-24 16:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-24 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-24 16:06 --------- d-----w C:\Program Files\Managed DirectX (0900)
    2008-06-24 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
    2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
    2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
    2008-06-24 09:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-24 09:15 --------- d-----w C:\Program Files\Microsoft Games
    2008-06-20 17:46 --------- d-----w C:\Program Files\Futuroscope Experience ADF
    2008-06-20 17:32 --------- d-----w C:\Program Files\Logitech
    2008-06-20 13:31 --------- d-----w C:\Program Files\Google
    2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-17 16:20 --------- d-----w C:\Program Files\Easy Internet signup
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 13:21 --------- d-----w C:\Program Files\Convar
    2008-06-13 12:53 --------- d-----w C:\Program Files\Morgan
    2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
    2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
    2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
    2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-06-10 12:50 --------- d-----w C:\Program Files\DAP
    2008-06-10 08:30 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
    2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
    2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
    2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
    2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
    2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
    2008-06-07 13:17 --------- d-----w C:\Program Files\Java
    2008-06-07 12:11 --------- d-----w C:\Program Files\VirtualDubMOD
    2008-06-06 15:19 209,636 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
    2008-06-06 15:11 --------- d-----w C:\Program Files\Rippackv3
    2008-05-17 15:23 679 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\waver_2.95.dat
    2008-05-09 18:53 744 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\filterclsid.dat
    2008-04-08 01:39 16,577 ----a-w C:\Program Files\Lightroom - Bitte lesen.html
    2008-04-08 01:30 16,925 ----a-w C:\Program Files\Lightroom - Lisez-moi.html
    2008-04-08 00:11 15,628 ----a-w C:\Program Files\Lightroom Read Me.html
    2008-03-07 18:07 24,192 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\usbsermptxp.sys
    2008-03-07 18:07 22,768 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\usbsermpt.sys
    2008-01-01 14:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-04-30 22:19 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
    2006-08-12 15:27 81,920 ----a-w C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
    2006-08-12 15:27 47,360 ----a-w C:\Documents and Settings\jojo !\Application Data\pcouffin.sys
    2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
    2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
    2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 15:30 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 05:05 339968]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 13:32 266497]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]

    C:\Documents and Settings\Compaq_Propri‚taire.SPIDER88\Menu D‚marrer\Programmes\D‚marrage\
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-05-02 09:19:27 624416]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-24 16:25:23 110592]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire.SPIDER.000^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
    path=C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-06-10 14:39 3053056 C:\Program Files\DAP\DAP.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\TchecMeet\\Tchecmeet.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
    "C:\\Program Files\\SmartWhois\\sw.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3473:UDP"= 3473:UDP:Windows Media Format SDK (firefox.exe)
    "3472:UDP"= 3472:UDP:Windows Media Format SDK (firefox.exe)
    "57089:TCP"= 57089:TCP:Pando P2P TCP Listening Port
    "57089:UDP"= 57089:UDP:Pando P2P UDP Listening Port

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-07-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-08-05 C:\WINDOWS\Tasks\Connexion facile à Internet.job
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]

    2008-08-05 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-04-22 18:36]

    2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
    - C:\Program Files\Norton Security Scan\Nss.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 14:29:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-05 14:37:56
    ComboFix-quarantined-files.txt 2008-08-05 12:37:49
    ComboFix2.txt 2008-08-05 11:26:39

    Pre-Run: 27,745,951,744 octets libres
    Post-Run: 27,740,307,456 octets libres

    292 --- E O F --- 2008-08-05 11:24:31
    0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Mets à jour Internet Explorer :
    http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

    ---> Mets à jour Java :
    https://www.java.com/fr/download/manual.jsp

    ---> Poste un nouveau rapport HijackThis
    0
  17. Spider88
     
    ile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:13:52, on 05/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Mes documents\My Completed Downloads\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDF4547-9240-4F63-A101-54EBE09CD871}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    0
  18. spider88
     
    ne tener pas compte du Windows/ system32/ SNDVOL32.exe ( fausse manip' )
    0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    ---> Enregistre le fichier sur le Bureau.

    ---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
    Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

    ---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

    C:\WINDOWS\system32\ctkwpxjn.exe
    C:\WINDOWS\system32\ezsidmv.dat
    C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
    C:\Program Files\Winsos\
    C:\Program Files\AdVantage\

    ---> Clique sur MoveIt! pour lancer la suppression.
    Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

    Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

    ---> Redémarre ton PC et poste un nouveau rapport HijackThis
    0
  • 1
  • 2